[Git][security-tracker-team/security-tracker][master] 2 commits: Add note for CVE-2019-5428/jquery

Salvatore Bonaccorso carnil at debian.org
Tue Apr 23 10:14:20 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5d5d0e4 by Salvatore Bonaccorso at 2019-04-23T09:13:55Z
Add note for CVE-2019-5428/jquery

Already in contact with MITRE CNA to resolve the issue. This seems to be
a duplicate of CVE-2019-11358 but maybe there is a scrict CNA rules
reasoning for the two CVEs.

As such we might then just track the fixed versions for src:jquery
accordingly.

- - - - -
e25e1b30 by Salvatore Bonaccorso at 2019-04-23T09:13:55Z
Wrap note

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5178,7 +5178,8 @@ CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
 	[jessie] - systemd <ignored> (Too intrusive change for a stable release)
 	NOTE: https://bugs.launchpad.net/bugs/1812316
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
-	NOTE: for a stable release, activating pam_systemd for non-interactive sessions will likely have all sorts of unexpected/unwanted side-effects, so CAVE
+	NOTE: For a stable release, activating pam_systemd for non-interactive sessions will
+	NOTE: likely have all sorts of unexpected/unwanted side-effects.
 CVE-2019-9618
 	RESERVED
 CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
@@ -15459,7 +15460,8 @@ CVE-2019-5430
 CVE-2019-5429
 	RESERVED
 CVE-2019-5428 (A prototype pollution vulnerability exists in jQuery versions < 3.4 ...)
-	TODO: check
+	NOTE: Duplicate of CVE-2019-11358	
+	TODO: check (MITRE already contacted)
 CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack  ...)
 	TODO: check
 CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ea484be4170b36da89bec294a5d2c1b299560535...e25e1b30ca7ce81c09878a9d21223bdc3707053a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ea484be4170b36da89bec294a5d2c1b299560535...e25e1b30ca7ce81c09878a9d21223bdc3707053a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190423/0f432367/attachment.html>

More information about the debian-security-tracker-commits mailing list