[Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-19343

Salvatore Bonaccorso carnil at debian.org
Sat Feb 15 13:30:31 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b9ac44a by Salvatore Bonaccorso at 2020-02-15T14:28:24+01:00
Update status for CVE-2019-19343

While the issue is affecting both Undertow and remoting, cf.
https://bugzilla.redhat.com/show_bug.cgi?id=1780445#c10 on Red Hat's
side to mitigate the issue only a fix was added to remoting.

The CVE is quite specific for this memory leak in combination with
remoting, thus mark the severity as unimportant, beeing negligible for
Debian itself. Still, the issue remains unresolved for undertow, but it
does not appear to be interest in a fix.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18188,8 +18188,11 @@ CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions befo
 	NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
 CVE-2019-19343
 	RESERVED
-	- undertow <unfixed> (bug #948024)
+	- undertow <unfixed> (bug #948024; unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445
+	NOTE: Issue affects both Undertow and rmeoting, but for adressing the immediate
+	NOTE: issue only af fix via remoting (https://issues.redhat.com/browse/REM3-347)
+	NOTE: was added.
 CVE-2019-19342 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b9ac44a45dd85df171d1ae4d0463f6ec577c3ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b9ac44a45dd85df171d1ae4d0463f6ec577c3ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200215/0c9ca729/attachment.html>

More information about the debian-security-tracker-commits mailing list