Control: tags -1 + confirmed

On Fri, 2019-08-23 at 01:46 +0200, Axel Beckert wrote:
> The Debian Security Team decided to not issue a security update for
> these CVE IDs:
> * CVE-2019-13451: service overflows histlogfn in history.c.
> * CVE-2019-13452: service overflows histlogfn in reportlog.c.
> * CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
> * CVE-2019-13274: reflected XSS in csvinfo.c.
> * CVE-2019-13455: htmlquoted(hostname) overflows msgline in
>   acknowledge.c.
> * CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
> * CVE-2019-13485: hostname overflows selfurl in history.c.
> * CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
>   svcstatus.c.
> Hence I propose to do these as a normal stable update.

Please go ahead.



Reply via email to