[Git][security-tracker-team/security-tracker][master] Associate two swagger ui with respective itp'ed items

Salvatore Bonaccorso carnil at debian.org
Mon Oct 14 10:15:48 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c694e18 by Salvatore Bonaccorso at 2019-10-14T09:14:03Z
Associate two swagger ui with respective itp'ed items

Note there are two ITP/RFP's for the respective branches. The naming is
as well confusing, so this should probably be clarified with the
respective people who want to package(s) to enter the archive.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -157,7 +157,8 @@ CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash
 CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This field is  ...)
 	NOT-FOR-US: Craft CMS
 CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI b ...)
-	NOT-FOR-US: Swagger UI
+	- node-swagger-ui <itp> (bug #871461)
+	- swagger-ui <itp> (bug #895422)
 CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...)
 	NOT-FOR-US: laravel-bjyblog
 CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_ ...)
@@ -167675,7 +167676,8 @@ CVE-2016-5684 (An exploitable out-of-bounds write vulnerability exists in the XM
 CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL Server cre ...)
 	NOT-FOR-US: ReadyDesk
 CVE-2016-5682 (Swagger-UI before 2.2.1 has XSS via the Default field in the Definitio ...)
-	NOT-FOR-US: Swagger-UI
+	- node-swagger-ui <itp> (bug #871461)
+	- swagger-ui <itp> (bug #895422)
 CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.0 ...)
 	NOT-FOR-US: D-Link
 CVE-2016-5680 (Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c694e184a7d6057d512f066b2de445448e0ed7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c694e184a7d6057d512f066b2de445448e0ed7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191014/cf37a0f4/attachment.html>

More information about the debian-security-tracker-commits mailing list