[Git][security-tracker-team/security-tracker][master] Revert "Triage CVE-2019-9917 once more, vulnerable code is not present in jessie's znc."

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8014e6ca by Salvatore Bonaccorso at 2019-05-27T20:50:06Z
Revert "Triage CVE-2019-9917 once more, vulnerable code is not present in jessie's znc."

This reverts commit bc7713d516c50a97d798170d412eac3176392ee0.

The triaging was actually correct and the version in jessie is affected.
The issue is minor and workarond for the issue is as described. The fix
would be intrusive and would need extensive backport of some support
first.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5881,7 +5881,7 @@ CVE-2019-9918 (An issue was discovered in the Harmis JE Messenger component 1.2.
 	NOT-FOR-US: Harmis JE Messenger component for Joomla!
 CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial  ...)
 	- znc 1.7.2-2 (bug #925285)
-	[jessie] - znc <not-affected> (Vulnerable code not present, was: Minor issue, workaround is to disable modpython)
+	[jessie] - znc <no-dsa> (Minor issue, workaround is to disable modpython)
 	NOTE: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
 CVE-2019-9916
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8014e6cacbb8c6dd38804e0a91ea02cf254c4614

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8014e6cacbb8c6dd38804e0a91ea02cf254c4614
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190527/52d566bc/attachment.html>