[Git][security-tracker-team/security-tracker][master] CVE-2019-10224: stretch/jessie not affected, affects python-lib389

Hugo Lefeuvre hle at debian.org
Sun Aug 18 14:25:27 BST 2019



Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04b58a02 by Hugo Lefeuvre at 2019-08-18T13:24:47Z
CVE-2019-10224: stretch/jessie not affected, affects python-lib389

This information disclosure vulnerability affects lib389, the Python
389DS module. This code was introduced in the 389-ds-base source in
buster.

This code is completely absent from jessie.

This code is absent from the 389-ds-base source in stretch.

However, this code is present in stretch in a different source
package: python-lib389. This package _is_ affected.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14260,6 +14260,9 @@ CVE-2019-10225
 CVE-2019-10224 [using dscreate in verbose mode results in information disclosure]
 	RESERVED
 	- 389-ds-base 1.4.1.5-1
+	[stretch] - 389-ds-base <not-affected> (vulnerable code not present)
+	[jessie] - 389-ds-base <not-affected> (vulnerable code not present)
+	- python-lib389 <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677147
 	NOTE: https://pagure.io/389-ds-base/issue/50251
 	NOTE: https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310


=====================================
data/dla-needed.txt
=====================================
@@ -9,8 +9,6 @@ To pick an issue, simply add your name behind it. To learn more about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
---
-389-ds-base (Hugo Lefeuvre)
 --
 apache2 (Markus Koschany)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04b58a029a27dc78a32a9cfc79469be6fad477dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04b58a029a27dc78a32a9cfc79469be6fad477dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190818/483c950f/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list