[Git][security-tracker-team/security-tracker][master] CVE-2019-16370,CVE-2019-15052/gradle: jessie postponed

Sylvain Beucler beuc at debian.org
Tue Oct 1 16:25:35 BST 2019



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1f984cb by Sylvain Beucler at 2019-10-01T15:25:15Z
CVE-2019-16370,CVE-2019-15052/gradle: jessie postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1702,6 +1702,7 @@ CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a c
 	NOT-FOR-US: LogMeIn LastPass
 CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algori ...)
 	- gradle <unfixed> (low; bug #941186)
+	[jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with apt signatures)
 	NOTE: https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f
 CVE-2019-16369
 	RESERVED
@@ -5570,6 +5571,7 @@ CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Con
 	NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence Server
 CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication credentials  ...)
 	- gradle <unfixed> (low; bug #941187)
+	[jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with system libraries)
 	NOTE: https://github.com/gradle/gradle/issues/10278
 	NOTE: https://github.com/gradle/gradle/pull/10176
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1f984cb151103d3493ccdedba659ea0ad1b88fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1f984cb151103d3493ccdedba659ea0ad1b88fb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191001/4a1c5b72/attachment.html>


More information about the debian-security-tracker-commits mailing list