Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7222fe49 by Markus Koschany at 2019-01-05T18:18:14Z CVE-2018-20348,libpff: no-dsa for Jessie Minor issue, upstream states it is alpha software, not used by any sponsor. - - - - - d3f55eb9 by Markus Koschany at 2019-01-05T18:33:49Z CVE-2019-3574,libsixel: no-dsa for Jessie Issue will be rejected - - - - - 36c61943 by Markus Koschany at 2019-01-05T18:36:37Z CVE-2018-15801, libspring-security-2.0-java: no-dsa for Jessie Minor issue. - - - - - 43208075 by Markus Koschany at 2019-01-05T18:52:15Z CVE-2018-20535,CVE-2018-20538,nasm: no-dsa for Jessie Minor issue, not used by any sponsor. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3862,11 +3862,13 @@ CVE-2019-3575 (Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in the ...) - libsixel <unfixed> (low) [stretch] - libsixel <no-dsa> (Minor issue) + [jessie] - libsixel <no-dsa> (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/83 NOTE: Duplicate of CVE-2018-19763. Asked MITRE to REJECT CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function ...) - libsixel <unfixed> (low) [stretch] - libsixel <no-dsa> (Minor issue) + [jessie] - libsixel <postponed> (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/83 CVE-2019-3572 (An issue was discovered in libming 0.4.8. There is a heap-based buffer ...) - ming <removed> @@ -4544,6 +4546,7 @@ CVE-2018-20539 (There is a Segmentation fault triggered by illegal address acces NOTE: https://github.com/libLAS/libLAS/issues/159 CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function pp_getline) in ...) - nasm <unfixed> (bug #918269) + [jessie] - nasm <no-dsa> (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392531 CVE-2018-20537 (There is a NULL pointer dereference at ...) - liblas <unfixed> @@ -4557,6 +4560,7 @@ CVE-2018-20536 (There is a heap-based buffer over-read at ...) NOTE: https://github.com/libLAS/libLAS/issues/161 CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline) in ...) - nasm <unfixed> (bug #918270) + [jessie] - nasm <no-dsa> (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530 CVE-2018-20534 (There is an illegal address access at src/pool.h (function ...) TODO: check @@ -5063,6 +5067,7 @@ CVE-2018-20349 (The igraph_i_strdiff function in igraph_trie.c in igraph through CVE-2018-20348 (libpff_item_tree_create_node in libpff_item_tree.c in libpff before ...) - libpff 20180714-1 [stretch] - libpff <no-dsa> (Minor issue) + [jessie] - libpff <no-dsa> (Minor issue) NOTE: https://github.com/libyal/libpff/issues/48 CVE-2018-20347 RESERVED @@ -23606,6 +23611,7 @@ CVE-2018-15802 REJECTED CVE-2018-15801 (Spring Security versions 5.1.x prior to 5.1.2 contain an authorization ...) - libspring-security-2.0-java <removed> + [jessie] - libspring-security-2.0-java <no-dsa> (Minor issue) CVE-2018-15800 (Cloud Foundry Bits Service, versions prior to 2.18.0, includes an ...) NOT-FOR-US: Cloud Foundry CVE-2018-15799 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9ad5554fb7ba00622f0a0c562053803820a67811...43208075565222259c55cf2c6b903f30019c0d06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9ad5554fb7ba00622f0a0c562053803820a67811...43208075565222259c55cf2c6b903f30019c0d06 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits