[Git][security-tracker-team/security-tracker][master] Add CVE-2019-10086/commons-beanutils (relates to CVE-2014-0114)

Sat Aug 17 20:03:58 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89da5f8a by Salvatore Bonaccorso at 2019-08-17T19:02:59Z
Add CVE-2019-10086/commons-beanutils (relates to CVE-2014-0114)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14726,8 +14726,12 @@ CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apac
 	NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
 CVE-2019-10087
 	RESERVED
-CVE-2019-10086
+CVE-2019-10086 [BeanUtils2 mitigate CVE-2014-0114]
 	RESERVED
+	- commons-beanutils 1.9.4-1
+	NOTE: https://issues.apache.org/jira/browse/BEANUTILS-520
+	NOTE: https://github.com/apache/commons-beanutils/pull/7
+	NOTE: https://github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58
 CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for stored XS ...)
 	NOT-FOR-US: Apache Allura
 CVE-2019-10084



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89da5f8a1bfb54c79fb0df1dde69ce1104224ae0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89da5f8a1bfb54c79fb0df1dde69ce1104224ae0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190817/7a54f9d3/attachment.html>
