[Git][security-tracker-team/security-tracker][master] CVE-2019-10092,apache2: Point to the correct fix.
Markus Koschany
apo at debian.org
Tue Sep 17 21:27:35 BST 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e762bffb by Markus Koschany at 2019-09-17T20:25:13Z
CVE-2019-10092,apache2: Point to the correct fix.
Apparently revision 1864787 is not the fix for CVE-2019-10092 and only related
to the problem of XSRF/XSS protection. The original fix caused a regression
reported to Ubuntu in
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1842701
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18664,7 +18664,8 @@ CVE-2019-10092 [Limited cross-site scripting in mod_proxy]
- apache2 2.4.41-1
NOTE: Affects upstream versions 2.4.0 to 2.4.39
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092
- NOTE: https://svn.apache.org/r1864787
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=63688#c5
+ NOTE: https://svn.apache.org/r1864191
CVE-2019-10091
RESERVED
CVE-2019-10090
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e762bffbed045b18a61a5f35be4dc0c8bab6a438
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e762bffbed045b18a61a5f35be4dc0c8bab6a438
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190917/48600cd8/attachment.html>
More information about the debian-security-tracker-commits
mailing list