Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (3)
data/dla-needed.txt: add ghostscript
· 03d7e457
Mike Gabriel
authored
Aug 30, 2019
03d7e457
data/dla-needed.txt: add irssi.
· e558dc56
Mike Gabriel
authored
Aug 30, 2019
e558dc56
data/CVE/list: Triage golang/jessie.
· da2286f9
Mike Gabriel
authored
Aug 30, 2019
da2286f9
Show whitespace changes
Inline
Side-by-side
data/CVE/list
View file @
da2286f9
...
...
@@ -2959,6 +2959,7 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles
- golang-1.8 <removed>
- golang-1.7 <removed>
- golang <removed>
[jessie] - golang <ignored> (Fix too invasive to backport, url.go file in jessie too far behind upstream)
NOTE: Issue: https://github.com/golang/go/issues/29098
NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11)
NOTE: https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 (golang-1.12)
...
...
@@ -19354,6 +19355,7 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote
- golang-1.8 <removed>
- golang-1.7 <removed>
- golang <removed>
[jessie] - golang <not-affected> (No HTTP2 support yet)
- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
- nodejs <unfixed> (bug #934885)
[stretch] - nodejs <not-affected> (No HTTP2 support yet)
...
...
@@ -19390,6 +19392,7 @@ CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potent
- golang-1.8 <removed>
- golang-1.7 <removed>
- golang <removed>
[jessie] - golang <not-affected> (No HTTP2 support yet)
- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
- trafficserver 8.0.5+ds-1 (bug #934887)
- h2o 2.2.5+dfsg2-3 (bug #934886)
data/dla-needed.txt
View file @
da2286f9
...
...
@@ -37,6 +37,8 @@ freeimage
NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
NOTE: 20190707: maintainer is waiting for upstream https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597
--
ghostscript
--
golang-go.crypto
NOTE: 20190707: Check that an upload of this will not require reverse build-deps to also be recompiled (see previous golang uploads?). (lamby)
--
...
...
@@ -53,6 +55,8 @@ imagemagick
NOTE: 20190829: we also work on <no-dsa> issues whereas the security team would not.
NOTE: 20190829: Only claim this, if nothing more urgent is available in dla-needed.txt.
--
irssi (Mike Gabriel)
--
libav
NOTE: 20190529: There are currently 19 CVE issues known for libav in jessie,
NOTE: 20190529: 11 tagged as <no-dsa>. These issues have been triaged, no patch
...
...
