Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65b2a044 by Salvatore Bonaccorso at 2019-11-22T13:48:30Z
Mark CVE-2019-19191/shibboleth-sp as unimportant
While the issue is there in the upstream provided spec file, this has
not relevance for the binary packages provided in Debian and neither has
the postinst problematic similar logic.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -75,9 +75,12 @@ CVE-2019-19193
CVE-2019-19192
RESERVED
CVE-2019-19191 (Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a
spec file ...)
- - shibboleth-sp <unfixed>
+ - shibboleth-sp <unfixed> (unimportant)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1157471
NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-874
+ NOTE: This is an issue in the upstream provided spec file which is not
relevant
+ NOTE: for the binary packages build in Debian (fixed upstream in
3.1.0). The
+ NOTE: postinst in the Debian packaging does not have similar
problematic chown logic.
CVE-2019-19190
RESERVED
CVE-2019-19189
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/65b2a044dd3e86afa1e8f347f0703af39047c8fc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/65b2a044dd3e86afa1e8f347f0703af39047c8fc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
