[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20433/c3p0

Mon Dec 24 20:43:26 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb0597d9 by Salvatore Bonaccorso at 2018-12-24T20:43:01Z
Add CVE-2018-20433/c3p0

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,8 @@
 CVE-2018-20434
 	RESERVED
 CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in ...)
-	TODO: check
+	- c3p0 <unfixed>
+	NOTE: https://github.com/zhutougg/c3p0/commit/2eb0ea97f745740b18dd45e4a909112d4685f87b
 CVE-2018-20432
 	RESERVED
 CVE-2018-20431 (GNU Libextractor through 1.8 has a NULL Pointer Dereference ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb0597d990c79b55a95d4cfda0c24d9ef1e91f87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb0597d990c79b55a95d4cfda0c24d9ef1e91f87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181224/ac0ca26e/attachment.html>
