[Git][security-tracker-team/security-tracker][master] Add details for CVE-2019-5885

Tue Jan 15 11:57:40 GMT 2019

Andrej Shadura pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5556b6eb by Andrej Shadura at 2019-01-15T11:57:18Z
Add details for CVE-2019-5885

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -906,9 +906,10 @@ CVE-2019-5887 (An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method
 	NOT-FOR-US: ShopXO
 CVE-2019-5886 (An issue was discovered in ShopXO 1.2.0. In the ...)
 	NOT-FOR-US: ShopXO
-CVE-2019-5885
+CVE-2019-5885 [Synapse: Blindly trusts macaroon_secret_key in the config, which may not be a valid macaroon]
 	RESERVED
 	- matrix-synapse 0.34.1.1-1
+	- matrix-synapse 0.34.0-3~bpo9+2
 	NOTE: https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/
 CVE-2019-5884 (php/elFinder.class.php in elFinder before 2.1.45 leaks information if ...)
 	NOT-FOR-US: elFinder



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5556b6eb6744b9b9a883d338fa7bb57044cf8dc4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5556b6eb6744b9b9a883d338fa7bb57044cf8dc4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190115/954775a9/attachment.html>
