[Git][security-tracker-team/security-tracker][master] DSA-4604-1: Do not list CVE-2019-16723 and CVE-2019-17357

Salvatore Bonaccorso carnil at debian.org
Sat Jan 18 19:43:32 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95f3f1a2 by Salvatore Bonaccorso at 2020-01-18T20:42:02+01:00
DSA-4604-1: Do not list CVE-2019-16723 and CVE-2019-17357

This is needed if there is no overlapping while we support two releases.
Otherwise it will look like the two CVEs applies as well for stretch. In
such cases as workaround all CVEs are listed in the DSA advisory, but
the fix is tracked explicitly via data/CVE/list.

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22282,6 +22282,7 @@ CVE-2019-17358 (Cacti through 1.2.7 is affected by multiple instances of lib/fun
 CVE-2019-17357
 	RESERVED
 	- cacti 1.2.8+ds1-1 (bug #947374)
+	[buster] - cacti 1.2.2+ds1-2+deb10u2
 	[stretch] - cacti <not-affected> (Vulnerable code not present)
 	[jessie] - cacti <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Cacti/cacti/issues/3025
@@ -23938,6 +23939,7 @@ CVE-2019-16724 (File Sharing Wizard 1.5.0 allows a remote attacker to obtain arb
 	NOT-FOR-US: File Sharing Wizard
 CVE-2019-16723 (In Cacti through 1.2.6, authenticated users may bypass authorization c ...)
 	- cacti 1.2.7+ds1-1 (bug #941036)
+	[buster] - cacti 1.2.2+ds1-2+deb10u2
 	[stretch] - cacti <not-affected> (vulnerability introduced later)
 	[jessie] - cacti <not-affected> (vulnerability introduced later)
 	NOTE: vulnerability introduced in


=====================================
data/DSA/list
=====================================
@@ -1,5 +1,5 @@
 [18 Jan 2020] DSA-4604-1 cacti - security update
-	{CVE-2019-16723 CVE-2019-17357 CVE-2019-17358}
+	{CVE-2019-17358}
 	[stretch] - cacti 0.8.8h+ds1-10+deb9u1
 	[buster] - cacti 1.2.2+ds1-2+deb10u2
 [17 Jan 2020] DSA-4603-1 thunderbird - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/95f3f1a266c6d715098a13a3f14c619b7b02a9cb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/95f3f1a266c6d715098a13a3f14c619b7b02a9cb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200118/c1bc3884/attachment.html>

More information about the debian-security-tracker-commits mailing list