[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-10215 and mark as NFU

Salvatore Bonaccorso carnil at debian.org
Sun Oct 6 20:52:43 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
056fb713 by Salvatore Bonaccorso at 2019-10-06T19:47:22Z
Add CVE-2019-10215 and mark as NFU

The issue in bootstrap3-typeahead.js was introduced with commit
https://github.com/bassjobsen/Bootstrap-3-Typeahead/commit/dbd1af5b cf.
https://bugzilla.redhat.com/show_bug.cgi?id=1735506 .

bootstrap3-typeahead.js is actually embedded in ntopng and prometheus.

prometheus in sid uses v3.1.0 unaffected by thie issue as introduced
later.

ntopng uses v4.0.2 and the issue was introduced after this version.

So none of the source packages embedding bootstrap3-typeahead.js have an
vulnerable version TTBOMK (please double check).

Double check needd as well to see if all embedding packages were found.

- - - - -
d3546a80 by Salvatore Bonaccorso at 2019-10-06T19:52:10Z
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20463,6 +20463,7 @@ CVE-2019-10216 [-dSAFER escape via .buildfont1]
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19
 CVE-2019-10215
 	RESERVED
+	NOT-FOR-US: Bootstrap-3-Typeahead
 CVE-2019-10214
 	RESERVED
 	TODO: check, issue is in containers library, which is at least embedded in src:singularity-container



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/66a14f025846a82e7be6b98f3b2489ed9f69cfe3...d3546a8037f709c262c73a65b039a8cd649506b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/66a14f025846a82e7be6b98f3b2489ed9f69cfe3...d3546a8037f709c262c73a65b039a8cd649506b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191006/b07fc628/attachment.html>

More information about the debian-security-tracker-commits mailing list