[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-9619/systemd as unimportant

Salvatore Bonaccorso carnil at debian.org
Thu Sep 5 20:26:13 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0738e62d by Salvatore Bonaccorso at 2019-09-05T19:24:46Z
Mark CVE-2019-9619/systemd as unimportant

Expand the note on the reasoning to mark it more as 'non-issue'.

Futhermore as the CVE was assigned by Ubuntu, will reach out to Ubuntu
to see if they rather would reject the CVE assignment.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19505,14 +19505,14 @@ CVE-2019-9620
 	RESERVED
 CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
 	RESERVED
-	- systemd <unfixed>
-	[buster] - systemd <ignored> (Too intrusive change for a stable release)
-	[stretch] - systemd <ignored> (Too intrusive change for a stable release)
-	[jessie] - systemd <ignored> (Too intrusive change for a stable release)
+	- systemd <unfixed> (unimportant)
 	NOTE: https://bugs.launchpad.net/bugs/1812316
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
 	NOTE: For a stable release, activating pam_systemd for non-interactive sessions will
-	NOTE: likely have all sorts of unexpected/unwanted side-effects.
+	NOTE: likely have all sorts of unexpected/unwanted side-effects. The change itself
+	NOTE: can more be considered as furhter hardening but missing/not-enabled
+	NOTE: pam_systemd for non-interactive sessions itself can hardly be seen as
+	NOTE: vulnerability itself.
 CVE-2019-9618 (The GraceMedia Media Player plugin 1.0 for WordPress allows Local File ...)
 	NOT-FOR-US: GraceMedia Media Player plugin for WordPress
 CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0738e62d16ecbd14cc90e89799af68415081e483

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0738e62d16ecbd14cc90e89799af68415081e483
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190905/04de36ca/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list