[Git][security-tracker-team/security-tracker][master] 2 commits: data/CVE/list: Fix CVE-2019-13376 and CVE-2019-16993. The patch listed under...

Tue Oct 1 00:37:16 BST 2019


Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c86963a by Mike Gabriel at 2019-09-30T23:34:43Z
data/CVE/list: Fix CVE-2019-13376 and CVE-2019-16993. The patch listed under CVE-2019-13376 has been in fact a follow-up fix for the patch listed under CVE-2019-16993. For CVE-2019-13376, the probably more appropriate patch has been added.

- - - - -
c892c26d by Mike Gabriel at 2019-09-30T23:36:45Z
data/DLA/list: Fix-up for DLA-1942-1. After a close look at the CVE descriptions it became obvious that only CVE-2019-16993 is fixed in +deb8u4. (See prev. commit in security-tracker Git).

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11537,10 +11537,11 @@ CVE-2019-13377 (The implementations of SAE and EAP-pwd in hostapd and wpa_suppli
 	NOTE: Patches: https://w1.fi/security/2019-6/
 CVE-2019-13376 (phpBB version 3.2.7 allows the stealing of an Administration Control P ...)
 	- phpbb3 <removed>
-	NOTE: https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f
+	NOTE: https://github.com/phpbb/phpbb/commit/dc5a167c429a3813d66b0ae3d14242650466cac6
 CVE-2019-16993
 	- phpbb3 <removed>
 	NOTE: https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789
+	NOTE: https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f
 	NOTE: https://www.phpbb.com/community/viewtopic.php?t=2352606
 CVE-2019-13375 (A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) ...)
 	NOT-FOR-US: D-Link


=====================================
data/DLA/list
=====================================
@@ -1,5 +1,5 @@
 [01 Oct 2019] DLA-1942-1 phpbb3 - security update
-	{CVE-2019-13376 CVE-2019-16993}
+	{CVE-2019-16993}
 	[jessie] - phpbb3 3.0.12-5+deb8u4
 [30 Sep 2019] DLA-1941-1 netty - security update
 	{CVE-2019-16869}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a49031fc843db2dd12d3d37f5701b49e07d237a3...c892c26d36e901b3afb83ade383b4f4153ee4991

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a49031fc843db2dd12d3d37f5701b49e07d237a3...c892c26d36e901b3afb83ade383b4f4153ee4991
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190930/739ec927/attachment.html>
