[Git][security-tracker-team/security-tracker][master] Add CVE-2019-13240/glpi
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 10 21:31:53 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af5eda4c by Salvatore Bonaccorso at 2019-07-10T20:31:33Z
Add CVE-2019-13240/glpi
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -548,7 +548,10 @@ CVE-2019-13241 (FlightCrew v0.9.2 and older are vulnerable to a directory traver
- flightcrew <unfixed>
NOTE: https://github.com/Sigil-Ebook/flightcrew/issues/52
CVE-2019-13240 (An issue was discovered in GLPI before 9.4.1. After a successful passw ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/commit/5da9f99b2d81713b1e36016b47ce656a33648bc7
+ NOTE: https://github.com/glpi-project/glpi/commit/86a43ae47b3dd844947f40a2ffcf1a36e53dbba6
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-13239 (inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af5eda4c0c96cf17db5b341625d634e14fcea6f3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af5eda4c0c96cf17db5b341625d634e14fcea6f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190710/e48fd365/attachment.html>
More information about the debian-security-tracker-commits
mailing list