[Git][security-tracker-team/security-tracker][master] CVE-2019-10092,apache2: Point to the correct fix.

Markus Koschany apo at debian.org
Tue Sep 17 21:27:35 BST 2019



Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e762bffb by Markus Koschany at 2019-09-17T20:25:13Z
CVE-2019-10092,apache2: Point to the correct fix.

Apparently revision 1864787 is not the fix for CVE-2019-10092 and only related
to the problem of XSRF/XSS protection. The original fix caused a regression
reported to Ubuntu in

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1842701

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18664,7 +18664,8 @@ CVE-2019-10092 [Limited cross-site scripting in mod_proxy]
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.0 to 2.4.39
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092
-	NOTE: https://svn.apache.org/r1864787
+	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=63688#c5
+	NOTE: https://svn.apache.org/r1864191
 CVE-2019-10091
 	RESERVED
 CVE-2019-10090



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e762bffbed045b18a61a5f35be4dc0c8bab6a438

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e762bffbed045b18a61a5f35be4dc0c8bab6a438
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190917/48600cd8/attachment.html>


More information about the debian-security-tracker-commits mailing list