[Git][security-tracker-team/security-tracker][master] 2 commits: Add note for CVE-2019-5428/jquery

Tue, 23 Apr 2019 02:14:48 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a5d5d0e4 by Salvatore Bonaccorso at 2019-04-23T09:13:55Z
Add note for CVE-2019-5428/jquery

Already in contact with MITRE CNA to resolve the issue. This seems to be
a duplicate of CVE-2019-11358 but maybe there is a scrict CNA rules
reasoning for the two CVEs.

As such we might then just track the fixed versions for src:jquery
accordingly.

- - - - -
e25e1b30 by Salvatore Bonaccorso at 2019-04-23T09:13:55Z
Wrap note

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5178,7 +5178,8 @@ CVE-2019-9619 [not enabled pam_systemd for 
non-interactive sessions]
        [jessie] - systemd <ignored> (Too intrusive change for a stable release)
        NOTE: https://bugs.launchpad.net/bugs/1812316
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
-       NOTE: for a stable release, activating pam_systemd for non-interactive 
sessions will likely have all sorts of unexpected/unwanted side-effects, so CAVE
+       NOTE: For a stable release, activating pam_systemd for non-interactive 
sessions will
+       NOTE: likely have all sorts of unexpected/unwanted side-effects.
 CVE-2019-9618
        RESERVED
 CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers 
can ex ...)
@@ -15459,7 +15460,8 @@ CVE-2019-5430
 CVE-2019-5429
        RESERVED
 CVE-2019-5428 (A prototype pollution vulnerability exists in jQuery versions 
&lt; 3.4 ...)
-       TODO: check
+       NOTE: Duplicate of CVE-2019-11358       
+       TODO: check (MITRE already contacted)
 CVE-2019-5427 (c3p0 version &lt; 0.9.5.4 may be exploited by a billion laughs 
attack  ...)
        TODO: check
 CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an 
unauthenticated ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ea484be4170b36da89bec294a5d2c1b299560535...e25e1b30ca7ce81c09878a9d21223bdc3707053a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ea484be4170b36da89bec294a5d2c1b299560535...e25e1b30ca7ce81c09878a9d21223bdc3707053a
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to