Skip to content
Commit 437baa1d authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso
Browse files

Add CVE-2019-1010060/cfitsio 

After query to MITRE the reason behind that there is one additional CVE,
is that there were other security wise sensitive issues fixed in 3.43
but not covered by the CVEs  CVE-2018-3846, CVE-2018-3847,
CVE-2018-3848, and CVE-2018-3849. One example is given in the NOTE
itself.

The above CVEs were only to adress issues in the gphd, ffgtkn, ffgkyn,
ffghbn, and ffghtb functions. However, the upgrade from 3.42 to 3.43
also has many other changes.

As CVE-2019-1010060 mentions: "over 40 source code files were changed."

It is not woth trying to trackle all those for stretch (and probably
older). So marking stretch as no-dsa in accordance with the setting for
CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849.
parent 2feb3033
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment