Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2019 May

The following contributions were made:

  • Triaged qpid-proton
    • CVE-2019-0223 - found that the source is likely vulnerable. Added a note about this since it is not my front desk week yet. Then following stable security team decision to ignore it. Minor issue.
  • Triaged u-boot
    • CVE-2019-11690 - Following stable security team decision to ignore it. Minor issue.
    • CVE-2019-11059 - Ignoring following decision for stretch.
  • Triaged postgresql-9.4
    • CVE-2019-10130 - After some investigation the conclusion is that 9.4 cannot be affected since row security was introduced in 9.5.
  • Triaged advancecomp
    • CVE-2019-8383 - Following stable security team decision to ignore it. Minor issue.
    • CVE-2019-8379 - Following stable security team decision to ignore it. Minor issue.
  • Triaged isc-dhcp
    • CVE-2019-6470 - Ignoring following decision for stretch.
  • Triaged mpg123
    • CVE-2017-12839 - Ignoring following decision for stretch.
  • Triaged openjdk-7
    • CVE-2019-2697 - Adding to dla-needed.txt. Sounds serious enough.
  • Triaged phpmyadmin which was on the list of undetermined issues.
    • CVE-2018-19969 - The jessie version is quite clearly vulnerable to at least a large portion of the problems. At least database rename. Therefore changing from undetermined to unfixed and adding the package to the list of packages to fix for jessie.