[Git][security-tracker-team/security-tracker][master] Process CVE-2019-10905 as NFU
Salvatore Bonaccorso
carnil at debian.org
Sun Apr 7 20:03:20 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8315fd7e by Salvatore Bonaccorso at 2019-04-07T18:59:58Z
Process CVE-2019-10905 as NFU
This though might be tricky, icingaweb2 seem to embed the PHP library
and thus might be affected of the issue. One older CVE was marked in
same way but we might need to re-evaluate in the light of icingaweb2
using it.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map allows a sandbox
NOTE: https://palletsprojects.com/blog/jinja-2-10-1-released/
NOTE: https://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26
CVE-2019-10905 (Parsedown before 1.7.2, when safe mode is used and HTML markup is disa ...)
- TODO: check
+ NOT-FOR-US: Parsedown
CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and r ...)
- roundup <removed> (bug #926587)
NOTE: https://github.com/python/bugs.python.org/issues/34
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8315fd7e92068420059c3590cdcc04d19f38fb5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8315fd7e92068420059c3590cdcc04d19f38fb5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190407/8b391e67/attachment.html>
More information about the debian-security-tracker-commits
mailing list