[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-1585,apparmor: Follow advise from the Debian maintainers.

Markus Koschany apo at debian.org
Sun May 5 14:11:27 BST 2019 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0dd19c07 by Markus Koschany at 2019-05-05T13:00:25Z
CVE-2016-1585,apparmor: Follow advise from the Debian maintainers.

- - - - -
76223897 by Markus Koschany at 2019-05-05T13:09:53Z
CVE-2019-11767,phpbb3: Mark as postponed for Jessie.

Minor issue. The solution/workaround is to disable the remote avatar function
and to inform admins about potential side affects if they decide to re-enable
it.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
 CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 allows checki ...)
 	- phpbb3 <removed>
+	[jessie] - phpbb3 <postponed> (Minor issue, solution/workaround is to disable the remote avatar function)
 	NOTE: https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941
 CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over ...)
 	- dhcpcd5 <unfixed> (bug #928440)
@@ -162320,6 +162321,7 @@ CVE-2016-1586 (A malicious webview could install long-lived unload handlers that
 CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when  ...)
 	- apparmor <unfixed> (low)
 	[stretch] - apparmor <ignored> (Minor overall security impact)
+	[jessie] - apparmor <ignored> (Minor overall security impact)
 	NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017
 	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=995594
 	NOTE: Introduced around AppArmor 2.8 upstream.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e514c8d2ca0d667d1f41c52152942aa713796f8f...762238971fe209ef66c71f77c6abcaf896f54f5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e514c8d2ca0d667d1f41c52152942aa713796f8f...762238971fe209ef66c71f77c6abcaf896f54f5f
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190505/1bd9a17f/attachment.html>

More information about the debian-security-tracker-commits mailing list