[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-7306/byobu

Wed May 1 13:32:49 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69dbbb36 by Salvatore Bonaccorso at 2019-05-01T12:29:41Z
Add CVE-2019-7306/byobu

Thanks: Sander Bos for the heads-up on the CVE

- - - - -
d72abad1 by Salvatore Bonaccorso at 2019-05-01T12:31:21Z
Mark CVE-2019-7306/byobu as unimportant as non-issue for Debian

The issue is present in the Apport hook, and Apport is not present in
Debian.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11336,8 +11336,12 @@ CVE-2019-7308 (kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs
 	NOTE: Fixed by: https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda
 CVE-2019-7307
 	RESERVED
-CVE-2019-7306
+CVE-2019-7306 [Apport hook may expose sensitive information]
 	RESERVED
+	- byobu <unfixed> (unimportant)
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202
+	NOTE: Issue in /usr/share/apport/package-hooks/source_byobu.py hook,
+	NOTE: non-issue in Debian as Apport not present.
 CVE-2019-7305 [extplorer exposes /usr and /etc/extplorer over HTTP]
 	RESERVED
 	- extplorer <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/62dc2699ca7224c9cee5a90bc25f8ea86a2fb4e7...d72abad172af75dd74802d3ca604154fa6df7f0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/62dc2699ca7224c9cee5a90bc25f8ea86a2fb4e7...d72abad172af75dd74802d3ca604154fa6df7f0d
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190501/7f21bd75/attachment.html>
