[Git][security-tracker-team/security-tracker][master] Expand note on CVE-2019-9917/znc

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84001c03 by Salvatore Bonaccorso at 2019-06-19T19:59:48Z
Expand note on CVE-2019-9917/znc

Every version between 0.096 and 1.7.2 (incl) was affected by this issue
and confirmed as such by upstream developer. The problem is that in
earlier versions though the issue cannot be easily fixed (without a
major rewrite and feature introduction). But fortunately for users a
workaround exists to disble modpython.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7409,6 +7409,9 @@ CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a De
 	- znc 1.7.2-2 (bug #925285)
 	[jessie] - znc <no-dsa> (Minor issue, workaround is to disable modpython)
 	NOTE: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
+	NOTE: Every version between 0.096 and 1.7.2 (incl) is vulnerable to the issue,
+	NOTE: but earlier versions could not be fixed without a major rewrite. A workaround
+	NOTE: though is to disable modpython.
 CVE-2019-9916
 	RESERVED
 CVE-2019-9915 (GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redir ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84001c03167028d5f6fa3e5e422c65a8b9d9ae01

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84001c03167028d5f6fa3e5e422c65a8b9d9ae01
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190619/c513f678/attachment.html>