Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4b9ca386 by Salvatore Bonaccorso at 2019-07-11T20:47:35Z Add source package association for CVE-2019-13504/exiv2 Not removing the TODO item, as the issue still needs to be looked closer at. Mark it furthermore as well as <undetermined> as no basic triage has been done yet. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -125,6 +125,8 @@ CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mis CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS vi ...) NOT-FOR-US: Appointment Hour Booking plugin for WordPress CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...) + - exiv2 <undetermined> + NOTE: https://github.com/Exiv2/exiv2/pull/943 TODO: check CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ...) NOT-FOR-US: Cesanta Mongoose View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b9ca386cbd055b97731db68886bdbf54d9e842c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b9ca386cbd055b97731db68886bdbf54d9e842c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits