[Git][security-tracker-team/security-tracker][master] CVE-2019-17626: Remove upstream reference to commit wich does not fix the issue

Sat Apr 25 09:57:25 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42e25b40 by Salvatore Bonaccorso at 2020-04-25T10:56:41+02:00
CVE-2019-17626: Remove upstream reference to commit wich does not fix the issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35363,8 +35363,7 @@ CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of
 	{DLA-2112-1}
 	- python-reportlab 3.5.34-1 (bug #942763)
 	NOTE: https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
-	NOTE: https://hg.reportlab.com/hg-public/reportlab/rev/51a521ad7dd3
-	NOTE: Less invasive patch discussed in https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code#comment-55887892
+	NOTE: Minimal patch in https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code#comment-55887892
 	NOTE: but upstream did make the bugreport private.
 CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code execution. ...)
 	NOT-FOR-US: Rambox



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42e25b40fc8e28bbc05d8b6fb04cd0f31f04e16c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42e25b40fc8e28bbc05d8b6fb04cd0f31f04e16c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200425/5549f096/attachment.html>
