[Git][security-tracker-team/security-tracker][master] CVE-2019-0187,jakarta-jmeter: Mark as no-dsa for Jessie
Markus Koschany
apo at debian.org
Sun May 5 13:54:44 BST 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e514c8d2 by Markus Koschany at 2019-05-05T12:54:33Z
CVE-2019-0187,jakarta-jmeter: Mark as no-dsa for Jessie
The particular vulnerable code is not present in all versions. However those
versions are not able to encrypt traffic between nodes which makes them
vulnerable to similar attacks.
Since jmeter is used for development purposes and not in production,
the severity is rather low.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31455,7 +31455,8 @@ CVE-2019-0189
CVE-2019-0188
RESERVED
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
- - jakarta-jmeter <undetermined>
+ - jakarta-jmeter <unfixed>
+ [jessie] - jakarta-jmeter <no-dsa> (Minor issue)
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743
CVE-2019-0186 (The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 an ...)
NOT-FOR-US: Apache Pluto "Chat Room" demo portlet
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e514c8d2ca0d667d1f41c52152942aa713796f8f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e514c8d2ca0d667d1f41c52152942aa713796f8f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190505/366b5999/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list