<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/da2c227c4d6f3db12ced207d6d41fd2feadcb49d">da2c227c</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-12-29T21:03:21Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mark CVE-2019-10086 as no-dsa for stretch and buster

When applying the patch for CVE-2019-10086 the library switches the

default to be secured, and instead one needs to opt-out vs. opt-in and

allow access to the 'class' property.

Might need investigation of affected reverse dependencies for functional

regressions if this is applied for stable releases. This might be safe,

as at least Red Hat and SUSE seem to have done the switch in some of

their products.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/da2c227c4d6f3db12ced207d6d41fd2feadcb49d#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/da2c227c4d6f3db12ced207d6d41fd2feadcb49d">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/da2c227c4d6f3db12ced207d6d41fd2feadcb49d"}}</script>

</p>

</div>

</body>

</html>