Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker
Commits: 03d7e457 by Mike Gabriel at 2019-08-30T10:43:47Z data/dla-needed.txt: add ghostscript - - - - - e558dc56 by Mike Gabriel at 2019-08-30T10:44:17Z data/dla-needed.txt: add irssi. - - - - - da2286f9 by Mike Gabriel at 2019-08-30T10:44:48Z data/CVE/list: Triage golang/jessie. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2959,6 +2959,7 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles - golang-1.8 <removed> - golang-1.7 <removed> - golang <removed> + [jessie] - golang <ignored> (Fix too invasive to backport, url.go file in jessie too far behind upstream) NOTE: Issue: https://github.com/golang/go/issues/29098 NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11) NOTE: https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 (golang-1.12) @@ -19354,6 +19355,7 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote - golang-1.8 <removed> - golang-1.7 <removed> - golang <removed> + [jessie] - golang <not-affected> (No HTTP2 support yet) - golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1 - nodejs <unfixed> (bug #934885) [stretch] - nodejs <not-affected> (No HTTP2 support yet) @@ -19390,6 +19392,7 @@ CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potent - golang-1.8 <removed> - golang-1.7 <removed> - golang <removed> + [jessie] - golang <not-affected> (No HTTP2 support yet) - golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1 - trafficserver 8.0.5+ds-1 (bug #934887) - h2o 2.2.5+dfsg2-3 (bug #934886) ===================================== data/dla-needed.txt ===================================== @@ -37,6 +37,8 @@ freeimage NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html NOTE: 20190707: maintainer is waiting for upstream https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597 -- +ghostscript +-- golang-go.crypto NOTE: 20190707: Check that an upload of this will not require reverse build-deps to also be recompiled (see previous golang uploads?). (lamby) -- @@ -53,6 +55,8 @@ imagemagick NOTE: 20190829: we also work on <no-dsa> issues whereas the security team would not. NOTE: 20190829: Only claim this, if nothing more urgent is available in dla-needed.txt. -- +irssi (Mike Gabriel) +-- libav NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie, NOTE: 20190529: 11 tagged as <no-dsa>. These issues have been triaged, no patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/72b94db8f39f590f0906ee438532cecef13b7712...da2286f923a4ac9c1e4eba89ab04293d24844062 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/72b94db8f39f590f0906ee438532cecef13b7712...da2286f923a4ac9c1e4eba89ab04293d24844062 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits