<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/dea3b53104e2c88d81c7df0b9bcb4c73453d571a">dea3b531</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-07-24T18:12:18Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Try to resolve confusion in CVEs for xymon

We have to assume that the now set is correct. Former communication

involved those CVEs which were used as well by the maintainer in the

debian/changelog file. But upstream used different CVEs (possibly

typoed) in the announce in https://lists.xymon.com/archive/2019-July/046570.html

The correct set of CVEs should be thus

       - CVE-2019-13451: service overflows histlogfn in history.c.

       - CVE-2019-13452: service overflows histlogfn in reportlog.c.

       - CVE-2019-13273: srdb overflows dbfn in csvinfo.c.

       - CVE-2019-13274: reflected XSS in csvinfo.c.

       - CVE-2019-13455: htmlquoted(hostname) overflows msgline in

         acknowledge.c.

       - CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.

       - CVE-2019-13485: hostname overflows selfurl in history.c.

       - CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in

         svcstatus.c.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/dea3b53104e2c88d81c7df0b9bcb4c73453d571a#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/dea3b53104e2c88d81c7df0b9bcb4c73453d571a">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/dea3b53104e2c88d81c7df0b9bcb4c73453d571a"}}</script>

</p>

</div>

</body>

</html>