<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/59d47a066020fd35322811d5defd1e0a2b2d7484">59d47a06</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-10-26T15:27:16Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move severity for CVE-2019-18348 to unimportant

Technically the issue is sourcewise unfixed in the python source code,

but it is made not exploitable where CVE-2016-10739 was already fixed.

Given the no-dsa markings for the respective older suites as the issue

is minor, switch to the more "correct" (in sense of source affectness)

and mark it as unimportant as the issue is unexploitable.

This adjusts the initial marking done by Moritz in

a2cc636c37ac9a643604a66474860a552dabab8a and if it is disagreement with

this commit it can be discussed if tracking should be reverted.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/59d47a066020fd35322811d5defd1e0a2b2d7484#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/59d47a066020fd35322811d5defd1e0a2b2d7484">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/59d47a066020fd35322811d5defd1e0a2b2d7484"}}</script>

</p>

</div>

</body>

</html>