[Git][security-tracker-team/security-tracker][master] Update version for unstable for CVE-2019-16760

Salvatore Bonaccorso carnil at debian.org
Wed Oct 9 14:21:32 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
461b0e59 by Salvatore Bonaccorso at 2019-10-09T13:18:05Z
Update version for unstable for CVE-2019-16760

Open questions: src:rust-cargo as well an issue? And is it needed to
track as well the rustc package? According to the upstream advisory bot
hat https://rustsec.org/advisories/CVE-2019-16760.html and the
oss-security post
https://marc.info/?l=oss-security&m=157055118009441&w=2 mention rust
releases before 1.26.0 as well.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1402,7 +1402,7 @@ CVE-2019-16762
 CVE-2019-16761
 	RESERVED
 CVE-2019-16760 (Cargo prior to Rust 1.26.0 may download the wrong dependency if your p ...)
-	- cargo 0.26.0-1
+	- cargo 0.27.0-1
 	[stretch] - cargo <postponed> (Upcoming upgrade of Cargo for ESR68 will fix this)
 	NOTE: https://rustsec.org/advisories/CVE-2019-16760.html
 CVE-2019-16759 (vBulletin 5.x through 5.5.4 allows remote command execution via the wi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/461b0e59c1c783f6f84e724ef3f83cb9acd7cbb4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/461b0e59c1c783f6f84e724ef3f83cb9acd7cbb4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191009/27e2dbfa/attachment.html>


More information about the debian-security-tracker-commits mailing list