[Git][security-tracker-team/security-tracker][master] 2 commits: Add back for now source package tracking and separate bug for CVE-2018-15889

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1c5a4bd by Salvatore Bonaccorso at 2019-03-19T08:00:11Z
Add back for now source package tracking and separate bug for CVE-2018-15889

Reason, while upstream thinks this might be a ducplicate it is not yet
fully confirmed (and all major distros still as well track it
seprately). Debian bug is kept as well open for now. If fixed with same
patch actually we can track the fixed version as well.

Cf. https://sourceforge.net/p/podofo/tickets/27/#c53c

- - - - -
02577754 by Salvatore Bonaccorso at 2019-03-19T08:02:17Z
CVE-2019-54{18,19,20}/rails fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10725,15 +10725,15 @@ CVE-2019-5421
 	RESERVED
 CVE-2019-5420 [Possible Remote Code Execution Exploit in Rails Development Mode]
 	RESERVED
-	- rails <unfixed> (bug #924521)
+	- rails 2:5.2.2.1+dfsg-1 (bug #924521)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/3
 CVE-2019-5419 [Denial of Service Vulnerability in Action View]
 	RESERVED
-	- rails <unfixed> (bug #924520)
+	- rails 2:5.2.2.1+dfsg-1 (bug #924520)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/4
 CVE-2019-5418 [File Content Disclosure in Action View]
 	RESERVED
-	- rails <unfixed> (bug #924520)
+	- rails 2:5.2.2.1+dfsg-1 (bug #924520)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/5
 CVE-2019-5417 (A path traversal vulnerability in serve npm package version 7.0.1 allo ...)
 	TODO: check
@@ -34535,7 +34535,10 @@ CVE-2018-15891
 CVE-2018-15890
 	RESERVED
 CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base ...)
-	NOTE: Duplicate of CVE-2018-5783
+	- libpodofo <unfixed> (low; bug #916167)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
+	NOTE: (possible, but not yet confirmed) duplicate of CVE-2018-5783
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620065
 	NOTE: https://sourceforge.net/p/podofo/tickets/27/
 CVE-2018-15888 (An issue was discovered in ASPCMS 2.5.6. When registering ordinary use ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c49ee806b6d28c7e3213d628d91aa4b460d83e61...02577754acc1995a233bf34b7defda00433d5b96

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c49ee806b6d28c7e3213d628d91aa4b460d83e61...02577754acc1995a233bf34b7defda00433d5b96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190319/b0641df2/attachment.html>