[Git][security-tracker-team/security-tracker][master] Added information on qpid-proton.

Ola Lundqvist opal at debian.org
Sun May 5 14:33:46 BST 2019



Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b9b43eb by Ola Lundqvist at 2019-05-05T13:33:27Z
Added information on qpid-proton.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31352,6 +31352,10 @@ CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under som
 	NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=2d3ba8a
 	NOTE: Source-wise only fixed in 0.27.1 upstream, but 0.22.0-1 upload in
 	NOTE: unstable switched to build against OpenSSL 1.1 adressing the issue.
+	NOTE: The description tells that the vulnerability was introduced in 0.9 but the
+	NOTE: version in jessie (0.7) seems to be vulnerable too even though one file is
+	NOTE: not present in the jessie version. That part do not seem to be essential for
+	NOTE: the package to be vulnerable.
 CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...)
 	- activemq <unfixed> (bug #925964)
 	[stretch] - activemq <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b9b43ebab6b9782d73c4dc6e6b5b71cd5bb23ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b9b43ebab6b9782d73c4dc6e6b5b71cd5bb23ea
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190505/7bab0f6c/attachment.html>


More information about the debian-security-tracker-commits mailing list