[Git][security-tracker-team/security-tracker][master] CVE-2019-13038,libapache2-mod-auth-mellon: Mark as no-dsa for Jessie

Sun Jun 30 19:41:27 BST 2019


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5378d977 by Markus Koschany at 2019-06-30T18:41:13Z
CVE-2019-13038,libapache2-mod-auth-mellon: Mark as no-dsa for Jessie

In line with the previous triaging of similar CVE in
libapache2-mod-auth-mellon, I mark this issue as no-dsa too. If upstream
implements a general solution for Open Redirects, it could make sense to look
at these issues again.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -68,6 +68,7 @@ CVE-2019-13039
 	RESERVED
 CVE-2019-13038 (mod_auth_mellon through 0.14.2 has an Open Redirect via the login?Retu ...)
 	- libapache2-mod-auth-mellon <unfixed> (bug #931265)
+	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Open Redirect protection not implemented yet)
 	NOTE: https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885
 CVE-2019-13037
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5378d97714e7f75c2b9bad7108bba686b7c97bf4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5378d97714e7f75c2b9bad7108bba686b7c97bf4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190630/4bd142fe/attachment-0001.html>
