[Git][security-tracker-team/security-tracker][master] 2 commits: Add note for CVE-2019-5428/jquery
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 23 10:14:20 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a5d5d0e4 by Salvatore Bonaccorso at 2019-04-23T09:13:55Z
Add note for CVE-2019-5428/jquery
Already in contact with MITRE CNA to resolve the issue. This seems to be
a duplicate of CVE-2019-11358 but maybe there is a scrict CNA rules
reasoning for the two CVEs.
As such we might then just track the fixed versions for src:jquery
accordingly.
- - - - -
e25e1b30 by Salvatore Bonaccorso at 2019-04-23T09:13:55Z
Wrap note
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5178,7 +5178,8 @@ CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
[jessie] - systemd <ignored> (Too intrusive change for a stable release)
NOTE: https://bugs.launchpad.net/bugs/1812316
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
- NOTE: for a stable release, activating pam_systemd for non-interactive sessions will likely have all sorts of unexpected/unwanted side-effects, so CAVE
+ NOTE: For a stable release, activating pam_systemd for non-interactive sessions will
+ NOTE: likely have all sorts of unexpected/unwanted side-effects.
CVE-2019-9618
RESERVED
CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
@@ -15459,7 +15460,8 @@ CVE-2019-5430
CVE-2019-5429
RESERVED
CVE-2019-5428 (A prototype pollution vulnerability exists in jQuery versions < 3.4 ...)
- TODO: check
+ NOTE: Duplicate of CVE-2019-11358
+ TODO: check (MITRE already contacted)
CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack ...)
TODO: check
CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ea484be4170b36da89bec294a5d2c1b299560535...e25e1b30ca7ce81c09878a9d21223bdc3707053a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ea484be4170b36da89bec294a5d2c1b299560535...e25e1b30ca7ce81c09878a9d21223bdc3707053a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190423/0f432367/attachment.html>
More information about the debian-security-tracker-commits
mailing list