[Git][security-tracker-team/security-tracker][master] CVE-2019-5885: improve the description according to the actual problem fixed in the package
Andrej Shadura
andrewsh at debian.org
Tue Jan 15 13:45:05 GMT 2019
Andrej Shadura pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f2402b5 by Andrej Shadura at 2019-01-15T13:44:15Z
CVE-2019-5885: improve the description according to the actual problem fixed in the package
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -906,7 +906,7 @@ CVE-2019-5887 (An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method
NOT-FOR-US: ShopXO
CVE-2019-5886 (An issue was discovered in ShopXO 1.2.0. In the ...)
NOT-FOR-US: ShopXO
-CVE-2019-5885 [Synapse: Blindly trusts macaroon_secret_key in the config, which may not be a valid macaroon]
+CVE-2019-5885 [Synapse: Derives macaroon_secret_key in a predictable way if none is specified]
RESERVED
- matrix-synapse 0.34.1.1-1
NOTE: https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f2402b5a2f98cf20ec3920ae7c0bb3fce888c45
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f2402b5a2f98cf20ec3920ae7c0bb3fce888c45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190115/e1846882/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list