Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 633cabab by Hugo Lefeuvre at 2019-10-15T14:15:09Z dla-needed: update cacti, hdf5 and imagemagick notes - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -17,6 +17,8 @@ ansible (Utkarsh Gupta) NOTE: 20191011: Code appears to be in lib/ansible/callbacks.py in jessie's version. (lamby) -- cacti (Hugo Lefeuvre) + NOTE: 20191015: jessie and stretch don't seem to be affected. I will produce a detailed analysis + NOTE: and try to get confirmation from upstream. -- freeimage NOTE: Maintainer will take care of the update. @@ -26,14 +28,14 @@ freeimage graphite-web -- hdf5 - NOTE: 20190825: Upstream is aware of currently open issues. Progress is slow, + NOTE: 20191015: Upstream is aware of currently open issues. Progress is slow, NOTE: wait for the next HDF5 point release and either do full package upgrade NOTE: or cherry pick fixes (hle) -- ibus (Markus Koschany) NOTE: beware of the regression introduced by upstreams first patch -- -imagemagick +imagemagick (Hugo Lefeuvre) NOTE: 20190902: several minor postponed issues with simple patch: preparing an update NOTE: just for them would be wasting time, but let's include these patches in a NOTE: future update when new issues appear. @@ -43,6 +45,7 @@ imagemagick NOTE: instead of avoiding off-by-one reads (check length BEFORE reading, not after!) NOTE: we allocate one more byte. this works, but does not 'obviously' fix the issue and NOTE: can be misleading... DEP3 comments would be nice. (hle) + NOTE: 20191015: two new CVEs, check. -- imapfilter NOTE: 20190910: No patch exists but a possible solution. Note that openssl in View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/633cababc06fd4a1e6a423ab8250285999596ec7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/633cababc06fd4a1e6a423ab8250285999596ec7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
