Control: tags -1 + confirmed On Fri, 2019-08-23 at 01:46 +0200, Axel Beckert wrote: > > The Debian Security Team decided to not issue a security update for > these CVE IDs: > > * CVE-2019-13451: service overflows histlogfn in history.c. > * CVE-2019-13452: service overflows histlogfn in reportlog.c. > * CVE-2019-13273: srdb overflows dbfn in csvinfo.c. > * CVE-2019-13274: reflected XSS in csvinfo.c. > * CVE-2019-13455: htmlquoted(hostname) overflows msgline in > acknowledge.c. > * CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c. > * CVE-2019-13485: hostname overflows selfurl in history.c. > * CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in > svcstatus.c. > > Hence I propose to do these as a normal stable update. >
Please go ahead. Regards, Adam