Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a5d5d0e4 by Salvatore Bonaccorso at 2019-04-23T09:13:55Z Add note for CVE-2019-5428/jquery Already in contact with MITRE CNA to resolve the issue. This seems to be a duplicate of CVE-2019-11358 but maybe there is a scrict CNA rules reasoning for the two CVEs. As such we might then just track the fixed versions for src:jquery accordingly. - - - - - e25e1b30 by Salvatore Bonaccorso at 2019-04-23T09:13:55Z Wrap note - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5178,7 +5178,8 @@ CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions] [jessie] - systemd <ignored> (Too intrusive change for a stable release) NOTE: https://bugs.launchpad.net/bugs/1812316 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756 - NOTE: for a stable release, activating pam_systemd for non-interactive sessions will likely have all sorts of unexpected/unwanted side-effects, so CAVE + NOTE: For a stable release, activating pam_systemd for non-interactive sessions will + NOTE: likely have all sorts of unexpected/unwanted side-effects. CVE-2019-9618 RESERVED CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...) @@ -15459,7 +15460,8 @@ CVE-2019-5430 CVE-2019-5429 RESERVED CVE-2019-5428 (A prototype pollution vulnerability exists in jQuery versions < 3.4 ...) - TODO: check + NOTE: Duplicate of CVE-2019-11358 + TODO: check (MITRE already contacted) CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack ...) TODO: check CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ea484be4170b36da89bec294a5d2c1b299560535...e25e1b30ca7ce81c09878a9d21223bdc3707053a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ea484be4170b36da89bec294a5d2c1b299560535...e25e1b30ca7ce81c09878a9d21223bdc3707053a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits