[Git][security-tracker-team/security-tracker][master] CVE-2019-9619 got REJECTED (will be updated shortly on MITRE list)

Salvatore Bonaccorso carnil at debian.org
Thu Sep 19 23:20:14 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5f7f3ae by Salvatore Bonaccorso at 2019-09-19T22:16:53Z
CVE-2019-9619 got REJECTED (will be updated shortly on MITRE list)

The CVE was originally assigned because pam_systemd is not enabled for
non-interactive sessions, in Debian and Ubuntu and this leveraged the
issue to be exploitable. The change itself thouch can more be considered
as furhter hardening but missing/not-enabled pam_systemd for
non-interactive sessions itself can hardly be seen as vulnerability
itself.

This view was agreed on and proceeded to properly REJECT the CVE to not
cause confusion.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21277,16 +21277,8 @@ CVE-2019-9621 (Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.
 	NOT-FOR-US: Zimbra
 CVE-2019-9620
 	RESERVED
-CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
-	RESERVED
-	- systemd <unfixed> (unimportant)
-	NOTE: https://bugs.launchpad.net/bugs/1812316
-	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
-	NOTE: For a stable release, activating pam_systemd for non-interactive sessions will
-	NOTE: likely have all sorts of unexpected/unwanted side-effects. The change itself
-	NOTE: can more be considered as furhter hardening but missing/not-enabled
-	NOTE: pam_systemd for non-interactive sessions itself can hardly be seen as
-	NOTE: vulnerability itself.
+CVE-2019-9619
+	REJECTED
 CVE-2019-9618 (The GraceMedia Media Player plugin 1.0 for WordPress allows Local File ...)
 	NOT-FOR-US: GraceMedia Media Player plugin for WordPress
 CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5f7f3ae5d6a777766ffbb2e7aade5bf0edfb0b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5f7f3ae5d6a777766ffbb2e7aade5bf0edfb0b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190919/46477bba/attachment.html>

More information about the debian-security-tracker-commits mailing list