[Git][security-tracker-team/security-tracker][master] CVE-2019-5885: improve the description according to the actual problem fixed in the package

Andrej Shadura andrewsh at debian.org
Tue Jan 15 13:45:05 GMT 2019


Andrej Shadura pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f2402b5 by Andrej Shadura at 2019-01-15T13:44:15Z
CVE-2019-5885: improve the description according to the actual problem fixed in the package

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -906,7 +906,7 @@ CVE-2019-5887 (An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method
 	NOT-FOR-US: ShopXO
 CVE-2019-5886 (An issue was discovered in ShopXO 1.2.0. In the ...)
 	NOT-FOR-US: ShopXO
-CVE-2019-5885 [Synapse: Blindly trusts macaroon_secret_key in the config, which may not be a valid macaroon]
+CVE-2019-5885 [Synapse: Derives macaroon_secret_key in a predictable way if none is specified]
 	RESERVED
 	- matrix-synapse 0.34.1.1-1
 	NOTE: https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f2402b5a2f98cf20ec3920ae7c0bb3fce888c45

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f2402b5a2f98cf20ec3920ae7c0bb3fce888c45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190115/e1846882/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list