[Git][security-tracker-team/security-tracker][master] Add CVE-2019-17626/python-reportlab

Wed Oct 16 21:45:40 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
762bf39f by Salvatore Bonaccorso at 2019-10-16T20:45:15Z
Add CVE-2019-17626/python-reportlab

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -73,7 +73,8 @@ CVE-2019-17628
 CVE-2019-17627 (The Yale Bluetooth Key application for mobile devices allows unauthori ...)
 	NOT-FOR-US: Yale Bluetooth Key application for mobile devices
 CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of toCol ...)
-	TODO: check
+	- python-reportlab <unfixed>
+	NOTE: https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
 CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code execution. ...)
 	TODO: check
 CVE-2019-17624 (In X.Org X Server 1.20.4, there is a stack-based buffer overflow in th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/762bf39fe1477607fd4932b325e726c3ad696939

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/762bf39fe1477607fd4932b325e726c3ad696939
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191016/7cfa1b3a/attachment.html>
