Skip to content
GitLab
Explore
Sign in
Register
Commits on Source
5
add openssh
· 3ba09897
Thorsten Alteholz
authored
Jan 21, 2019
3ba09897
mark CVE-2018-20712 as no-dsa for jessie
· 830540c5
Thorsten Alteholz
authored
Jan 21, 2019
830540c5
add firmware-nonfree
· 1fab3234
Thorsten Alteholz
authored
Jan 21, 2019
1fab3234
mark CVE-2019-6293 as no-dsa for jessie
· 0574e5b3
Thorsten Alteholz
authored
Jan 21, 2019
0574e5b3
mark CVE-2019-5010 as postponed for jessie
· 07d6ee5a
Thorsten Alteholz
authored
Jan 21, 2019
07d6ee5a
Show whitespace changes
Inline
Side-by-side
data/CVE/list
View file @
07d6ee5a
...
...
@@ -530,6 +530,7 @@ CVE-2017-18356 (In the Automattic WooCommerce plugin before 3.2.4 for WordPress,
CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in ...)
- flex <unfixed> (low; bug #919428)
[stretch] - flex <no-dsa> (Minor issue)
[jessie] - flex <no-dsa> (Minor issue)
NOTE: https://github.com/westes/flex/issues/414
CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka ...)
- yaml-cpp <unfixed> (bug #919430)
...
...
@@ -580,6 +581,7 @@ CVE-2019-6279
CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expression_1 in ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
CVE-2018-20711
...
...
@@ -3372,6 +3374,7 @@ CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certifica
- python3.4 <removed>
- python2.7 <unfixed>
[stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA)
[jessie] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA)
NOTE: https://bugs.python.org/issue35746
NOTE: https://github.com/python/cpython/pull/11569
NOTE: https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031 (3.7.x)
data/dla-needed.txt
View file @
07d6ee5a
...
...
@@ -27,6 +27,9 @@ exiv2 (Thorsten Alteholz)
faad2
NOTE: 20181214: No known patch yet. Not urgent but would be good to fix. (opal)
--
firmware-nonfree
NOTE: needed by sponsors
--
freerdp (Mike Gabriel)
NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I will ask upstream
...
...
@@ -90,6 +93,8 @@ openjpeg2
NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not sure it's worth it either.
NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle)
--
openssh
--
phpmyadmin (Lucas Kanashiro)
NOTE: 20190116: Please also fix no-dsa issue CVE-2018-19970 (requested by sunweaver, with frontdesk hat on)
NOTE: 20190116: Please also triage CVE-2018-19969. Thanks.
...
...
