[Git][security-tracker-team/security-tracker][master] CVE-2019-16370,CVE-2019-15052/gradle: jessie postponed
Sylvain Beucler
beuc at debian.org
Tue Oct 1 16:25:35 BST 2019
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1f984cb by Sylvain Beucler at 2019-10-01T15:25:15Z
CVE-2019-16370,CVE-2019-15052/gradle: jessie postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1702,6 +1702,7 @@ CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a c
NOT-FOR-US: LogMeIn LastPass
CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algori ...)
- gradle <unfixed> (low; bug #941186)
+ [jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with apt signatures)
NOTE: https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f
CVE-2019-16369
RESERVED
@@ -5570,6 +5571,7 @@ CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Con
NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence Server
CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication credentials ...)
- gradle <unfixed> (low; bug #941187)
+ [jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with system libraries)
NOTE: https://github.com/gradle/gradle/issues/10278
NOTE: https://github.com/gradle/gradle/pull/10176
NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1f984cb151103d3493ccdedba659ea0ad1b88fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1f984cb151103d3493ccdedba659ea0ad1b88fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191001/4a1c5b72/attachment.html>
More information about the debian-security-tracker-commits
mailing list