[Git][security-tracker-team/security-tracker][master] Update version for unstable for CVE-2019-16760
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 9 14:21:32 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
461b0e59 by Salvatore Bonaccorso at 2019-10-09T13:18:05Z
Update version for unstable for CVE-2019-16760
Open questions: src:rust-cargo as well an issue? And is it needed to
track as well the rustc package? According to the upstream advisory bot
hat https://rustsec.org/advisories/CVE-2019-16760.html and the
oss-security post
https://marc.info/?l=oss-security&m=157055118009441&w=2 mention rust
releases before 1.26.0 as well.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1402,7 +1402,7 @@ CVE-2019-16762
CVE-2019-16761
RESERVED
CVE-2019-16760 (Cargo prior to Rust 1.26.0 may download the wrong dependency if your p ...)
- - cargo 0.26.0-1
+ - cargo 0.27.0-1
[stretch] - cargo <postponed> (Upcoming upgrade of Cargo for ESR68 will fix this)
NOTE: https://rustsec.org/advisories/CVE-2019-16760.html
CVE-2019-16759 (vBulletin 5.x through 5.5.4 allows remote command execution via the wi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/461b0e59c1c783f6f84e724ef3f83cb9acd7cbb4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/461b0e59c1c783f6f84e724ef3f83cb9acd7cbb4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191009/27e2dbfa/attachment.html>
More information about the debian-security-tracker-commits
mailing list