Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 43c5fcf9 by Sylvain Beucler at 2023-08-28T22:09:53+02:00 CVE-2018-1000656,CVE-2019-1010084/flask: clarify situation a little more - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -306283,9 +306283,9 @@ CVE-2019-1010084 (Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: In CVE-2019-1010083 (The Pallets Project Flask before 1.0 is affected by: unexpected memory ...) - flask 1.0.2-1 [stretch] - flask <no-dsa> (Minor issue) - [jessie] - flask <no-dsa> (Minor issue) + [jessie] - flask <ignored> (Minor issue, considered fixed with CVE-2018-1000656 TTBOOK) NOTE: https://www.palletsprojects.com/blog/flask-1-0-released/ - NOTE: https://github.com/pallets/flask/pull/2691/commits/ab4142215d836b0298fc47fa1e4b75408b9c37a0 + NOTE: https://github.com/pallets/flask/pull/2691/commits/ab4142215d836b0298fc47fa1e4b75408b9c37a0 (1.0) NOTE: After communication with MITRE, this CVE *might* overlap CVE-2018-1000656. NOTE: CVE-2019-1010083 was back then assigned by the DWF CNA, but the exact scope NOTE: of the CVE is unclear and might for instance be for an incomplete fix of @@ -344429,6 +344429,8 @@ CVE-2018-1000656 (The Pallets Project flask version Before 0.12.3 contains a CWE - flask 1.0.2-1 [stretch] - flask <no-dsa> (Minor issue) NOTE: https://github.com/pallets/flask/pull/2691 + NOTE: https://github.com/pallets/flask/commit/b178e89e4456e777b1a7ac6d7199052d0dfdbbbe (1.0) + NOTE: https://github.com/pallets/flask/commit/b178e89e4456e777b1a7ac6d7199052d0dfdbbbe (0.12.3) CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vuln ...) NOT-FOR-US: Jsish CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43c5fcf95031a6a41705e5301574e2760f9df3f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43c5fcf95031a6a41705e5301574e2760f9df3f8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits