[Git][security-tracker-team/security-tracker][master] Added information on qpid-proton.
Ola Lundqvist
opal at debian.org
Sun May 5 14:33:46 BST 2019
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6b9b43eb by Ola Lundqvist at 2019-05-05T13:33:27Z
Added information on qpid-proton.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31352,6 +31352,10 @@ CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under som
NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=2d3ba8a
NOTE: Source-wise only fixed in 0.27.1 upstream, but 0.22.0-1 upload in
NOTE: unstable switched to build against OpenSSL 1.1 adressing the issue.
+ NOTE: The description tells that the vulnerability was introduced in 0.9 but the
+ NOTE: version in jessie (0.7) seems to be vulnerable too even though one file is
+ NOTE: not present in the jessie version. That part do not seem to be essential for
+ NOTE: the package to be vulnerable.
CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...)
- activemq <unfixed> (bug #925964)
[stretch] - activemq <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b9b43ebab6b9782d73c4dc6e6b5b71cd5bb23ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b9b43ebab6b9782d73c4dc6e6b5b71cd5bb23ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190505/7bab0f6c/attachment.html>
More information about the debian-security-tracker-commits
mailing list