<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/056fb71342d59c7415625b46ec23a6369a55e762">056fb713</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-10-06T19:47:22Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add CVE-2019-10215 and mark as NFU

The issue in bootstrap3-typeahead.js was introduced with commit

https://github.com/bassjobsen/Bootstrap-3-Typeahead/commit/dbd1af5b cf.

https://bugzilla.redhat.com/show_bug.cgi?id=1735506 .

bootstrap3-typeahead.js is actually embedded in ntopng and prometheus.

prometheus in sid uses v3.1.0 unaffected by thie issue as introduced

later.

ntopng uses v4.0.2 and the issue was introduced after this version.

So none of the source packages embedding bootstrap3-typeahead.js have an

vulnerable version TTBOMK (please double check).

Double check needd as well to see if all embedding packages were found.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3546a8037f709c262c73a65b039a8cd649506b0">d3546a80</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-10-06T19:52:10Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge remote-tracking branch 'origin/master'

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/66a14f025846a82e7be6b98f3b2489ed9f69cfe3...d3546a8037f709c262c73a65b039a8cd649506b0#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/66a14f025846a82e7be6b98f3b2489ed9f69cfe3...d3546a8037f709c262c73a65b039a8cd649506b0">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>