[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-8341/jinja2
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 15 19:52:03 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6e8b9c72 by Salvatore Bonaccorso at 2019-02-15T19:48:06Z
Mark CVE-2019-8341/jinja2
For now mark it as unimportant with no real security imact. Upstream
indicates this is no real issue at al, so the next step would be to
properly ask for a REJECT of the invalid CVE.
Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1677653#c4
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,8 +5,9 @@ CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in
CVE-2019-8342
RESERVED
CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string function is ...)
- - jinja2 <undetermined>
+ - jinja2 <unfixed> (unimportant)
NOTE: https://github.com/JameelNabbo/Jinja2-Code-execution
+ NOTE: No real security impact and upstream indicates the CVE is invalid
CVE-2019-8340
RESERVED
CVE-2019-8339
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e8b9c72a2e2a701a70ed3c89ea59321dd306648
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e8b9c72a2e2a701a70ed3c89ea59321dd306648
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190215/5b271412/attachment.html>
More information about the debian-security-tracker-commits
mailing list