[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-12970/squirrelmail: patch URL

Sylvain Beucler beuc at debian.org
Thu Aug 1 10:01:52 BST 2019 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eba2dadf by Sylvain Beucler at 2019-08-01T08:58:54Z
CVE-2019-12970/squirrelmail: patch URL

- - - - -
91a78945 by Sylvain Beucler at 2019-08-01T08:59:15Z
dla: claim squirrelmail

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5159,6 +5159,7 @@ CVE-2019-12971 (BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted
 CVE-2019-12970 (XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1. ...)
 	- squirrelmail <removed>
 	NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt
+	NOTE: https://sourceforge.net/p/squirrelmail/code/14828/
 CVE-2019-12969
 	RESERVED
 CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_ ...)


=====================================
data/dla-needed.txt
=====================================
@@ -120,11 +120,7 @@ sqlite3
   NOTE: 20190617: A preliminary package with *just* the (presumably) CVE-2019-5827 patches backported:
   NOTE: 20190617: https://people.debian.org/~mejo/debian/jessie-security/sqlite3_3.8.7.1-1+deb8u5.dsc
 --
-squirrelmail
-  NOTE: 20190702: no patch available, upstream apparently inactive,
-  NOTE: 20190702: reporter just recommends disabling HTML viewing of messages
-  NOTE: 20190702: we've got squirrelmail and squirrelmail-viewashtml users
-  NOTE: 20190702: so either write a patch or force disabling HTML?
+squirrelmail (Sylvain Beucler)
 --
 thunderbird (Emilio)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7f3b4ffcfabdc5cd0e16effcf209a8fb2183c5e3...91a78945d4954769c6d8893d431211de5b04bb33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7f3b4ffcfabdc5cd0e16effcf209a8fb2183c5e3...91a78945d4954769c6d8893d431211de5b04bb33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190801/58b2942f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list