diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-09 12:09:27 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-09 12:09:27 +0200 |
| commit | 19c89a44ec1b2dd1d94c90badffd63a98615c183 (patch) | |
| tree | 076cc51384e22523d973fee7936b07b9065dcb02 /data/CVE/list.2019 | |
| parent | 47473f7ace45e1bd155f69cd62f6fe3c8b612776 (diff) | |
Merge in the accepted packages from buster 10.11
Though the release has not been happened yet, this is the list of
packages which were copied over from buster-pu to buster.
The final 10.11 changes need to still be verifed for any missing
additional ones.
Diffstat (limited to 'data/CVE/list.2019')
| -rw-r--r-- | data/CVE/list.2019 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index ca78285b07..45e1ccb103 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -1931,7 +1931,7 @@ CVE-2019-20226 CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg( ...) {DLA-2749-1 DLA-2066-1} - gthumb 3:3.8.3-0.1 (bug #948197) - [buster] - gthumb <no-dsa> (Minor issue) + [buster] - gthumb 3:3.6.2-4+deb10u1 NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3) NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master) CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...) @@ -13869,7 +13869,7 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes maliciou [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support) [jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support) - http-parser 2.9.4-2 (bug #977467) - [buster] - http-parser <no-dsa> (Minor issue) + [buster] - http-parser 2.8.1-1+deb10u1 [stretch] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI) [jessie] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI) NOTE: https://hackerone.com/reports/735748 @@ -20912,7 +20912,7 @@ CVE-2019-13034 RESERVED CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...) - irssi 1.2.1-1 (low; bug #931264) - [buster] - irssi <no-dsa> (Minor issue) + [buster] - irssi 1.2.0-2+deb10u1 [stretch] - irssi <no-dsa> (Minor issue) [jessie] - irssi <not-affected> (vulnerable sasl code is not present) NOTE: https://irssi.org/security/irssi_sa_2019_06.txt |