[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19191/shibboleth-sp as unimportant

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65b2a044 by Salvatore Bonaccorso at 2019-11-22T13:48:30Z
Mark CVE-2019-19191/shibboleth-sp as unimportant

While the issue is there in the upstream provided spec file, this has
not relevance for the binary packages provided in Debian and neither has
the postinst problematic similar logic.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,9 +75,12 @@ CVE-2019-19193
 CVE-2019-19192
 	RESERVED
 CVE-2019-19191 (Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file  ...)
-	- shibboleth-sp <unfixed>
+	- shibboleth-sp <unfixed> (unimportant)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1157471
 	NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-874
+	NOTE: This is an issue in the upstream provided spec file which is not relevant
+	NOTE: for the binary packages build in Debian (fixed upstream in 3.1.0). The
+	NOTE: postinst in the Debian packaging does not have similar problematic chown logic.
 CVE-2019-19190
 	RESERVED
 CVE-2019-19189



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65b2a044dd3e86afa1e8f347f0703af39047c8fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65b2a044dd3e86afa1e8f347f0703af39047c8fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191122/36c5e5d9/attachment.html>