[Git][security-tracker-team/security-tracker][master] Add CVE-2019-0205 and CVE-2019-0210 (thrift)

Salvatore Bonaccorso carnil at debian.org
Thu Oct 17 13:33:00 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1acf44b6 by Salvatore Bonaccorso at 2019-10-17T12:32:09Z
Add CVE-2019-0205 and CVE-2019-0210 (thrift)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -50843,8 +50843,10 @@ CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM eve
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
 	NOTE: https://svn.apache.org/r1855378
-CVE-2019-0210
+CVE-2019-0210 [out-of-bounds read vulnerability]
 	RESERVED
+	- thrift <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/2
 CVE-2019-0209
 	REJECTED
 CVE-2019-0208
@@ -50853,8 +50855,10 @@ CVE-2019-0207 (Tapestry processes assets `/assets/ctx` using classes chain `Stat
 	NOT-FOR-US: Apache Tapestry
 CVE-2019-0206
 	REJECTED
-CVE-2019-0205
+CVE-2019-0205 [potential DoS when processing untrusted Thrift payload]
 	RESERVED
+	- thrift <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/1
 CVE-2019-0204 (A specifically crafted Docker image running under the root user can ov ...)
 	- apache-mesos <itp> (bug #760315)
 CVE-2019-0203 (In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1acf44b6efb95b0000dfd6699006e8f45703759a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1acf44b6efb95b0000dfd6699006e8f45703759a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191017/731a0fa4/attachment.html>

More information about the debian-security-tracker-commits mailing list