[Git][security-tracker-team/security-tracker][master] Add xorg reference for CVE-2018-20839
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 18 15:56:10 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d88a64e4 by Salvatore Bonaccorso at 2019-07-18T14:54:57Z
Add xorg reference for CVE-2018-20839
It is not fully clarified yet, but systemd upstream claims this is not a
problem in systemd and defers it to xorg. There is now an upstream issue
opened at https://gitlab.freedesktop.org/xorg/xserver/issues/857 .
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4794,6 +4794,7 @@ CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows att
NOTE: https://github.com/systemd/systemd/pull/12378
NOTE: The fix introduced a regression, cf. https://bugs.debian.org/929229
NOTE: Issue was originally fixed for unstable in 241-4 but was reverted in 241-5
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/issues/857
CVE-2019-12149 (SQL injection vulnerability in silverstripe/restfulserver module 1.0.x ...)
NOT-FOR-US: SilverStripe
CVE-2019-12148
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d88a64e45ce10890bf7fb1a130b3ffcec63b025c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d88a64e45ce10890bf7fb1a130b3ffcec63b025c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190718/ca507c9a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list