[Git][security-tracker-team/security-tracker][master] CVE-2019-13345/squid3: jessie triage

Sun Jul 7 11:05:26 BST 2019


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2210f008 by Sylvain Beucler at 2019-07-07T10:02:58Z
CVE-2019-13345/squid3: jessie triage

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -118,6 +118,10 @@ sqlite3
   NOTE: 20190617: A preliminary package with *just* the (presumably) CVE-2019-5827 patches backported:
   NOTE: 20190617: https://people.debian.org/~mejo/debian/jessie-security/sqlite3_3.8.7.1-1+deb8u5.dsc
 --
+squid3
+  NOTE: 20190707: 2 XSS: first one unaffected AFAICS, second one reflected
+  NOTE: 20190707: cachemgr.cgi allows sensitive operations if authenticated (beuc)
+--
 squirrelmail
   NOTE: 20190702: no patch available, upstream apparently inactive,
   NOTE: 20190702: reporter just recommends disabling HTML viewing of messages



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2210f008933a253c4bb719fe1b9c8b89e89ecd93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2210f008933a253c4bb719fe1b9c8b89e89ecd93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190707/50434baf/attachment.html>
