[Git][security-tracker-team/security-tracker][master] modsecurity-crs unimportant
Moritz Muehlenhoff
jmm at debian.org
Wed May 22 19:39:50 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7e605c65 by Moritz Muehlenhoff at 2019-05-22T18:39:16Z
modsecurity-crs unimportant
steam NFU despite the installer package
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2091,20 +2091,30 @@ CVE-2019-11393 (An issue was discovered in /admin/users/update in M/Monit before
CVE-2019-11392
RESERVED
CVE-2019-11391 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11390 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11389 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11388 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11387 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
- - modsecurity-crs <unfixed> (bug #928053)
+ - modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359
+ NOTE: Negligible security impact, doesn't affect the CRS rule set as used
+ NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11386
RESERVED
CVE-2019-11385
@@ -51501,7 +51511,9 @@ CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content parameter
CVE-2018-12271 (** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox a ...)
NOT-FOR-US: com.getdropbox.Dropbox app for IOS
CVE-2018-12270 (In Valve Steam 1528829181 BETA, it is possible to perform a homograph ...)
- TODO: check
+ NOT-FOR-US: Valve Steam
+ NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam
+ NOTE: is started, so nothing really to be updated there
CVE-2018-12269
RESERVED
CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metac ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e605c65679ff860b53fea61247174bace72a8b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e605c65679ff860b53fea61247174bace72a8b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190522/9e54481b/attachment.html>
More information about the debian-security-tracker-commits
mailing list