[Git][security-tracker-team/security-tracker][master] CVE-2019-10224: stretch/jessie not affected, affects python-lib389
Hugo Lefeuvre
hle at debian.org
Sun Aug 18 14:25:27 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
04b58a02 by Hugo Lefeuvre at 2019-08-18T13:24:47Z
CVE-2019-10224: stretch/jessie not affected, affects python-lib389
This information disclosure vulnerability affects lib389, the Python
389DS module. This code was introduced in the 389-ds-base source in
buster.
This code is completely absent from jessie.
This code is absent from the 389-ds-base source in stretch.
However, this code is present in stretch in a different source
package: python-lib389. This package _is_ affected.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -14260,6 +14260,9 @@ CVE-2019-10225
CVE-2019-10224 [using dscreate in verbose mode results in information disclosure]
RESERVED
- 389-ds-base 1.4.1.5-1
+ [stretch] - 389-ds-base <not-affected> (vulnerable code not present)
+ [jessie] - 389-ds-base <not-affected> (vulnerable code not present)
+ - python-lib389 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677147
NOTE: https://pagure.io/389-ds-base/issue/50251
NOTE: https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310
=====================================
data/dla-needed.txt
=====================================
@@ -9,8 +9,6 @@ To pick an issue, simply add your name behind it. To learn more about how
this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
---
-389-ds-base (Hugo Lefeuvre)
--
apache2 (Markus Koschany)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04b58a029a27dc78a32a9cfc79469be6fad477dc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04b58a029a27dc78a32a9cfc79469be6fad477dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190818/483c950f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list