[Git][security-tracker-team/security-tracker][master] Update CVE-2019-14868/ksh

Mon Jan 20 05:27:13 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b72cc677 by Salvatore Bonaccorso at 2020-01-20T06:25:34+01:00
Update CVE-2019-14868/ksh

Remove slightly confusing note, as the issue like other related issues
would allow to inject code. This is not to say the issue should not be
treaded as no-dsa (this still has to be evaluated).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29607,7 +29607,6 @@ CVE-2019-14868 [environment variables on startup are interpreted as arithmetic e
 	- ksh 2020.0.0-2.1 (bug #948989)
 	[jessie] - ksh <ignored> (Minor issue)
 	NOTE: https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
-	NOTE: It is possible to execute arbitrary arithmetic expression but not arbitrary expression.
 CVE-2019-14867 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...)
 	- freeipa 4.8.3-1
 	[buster] - freeipa <no-dsa> (Minor issue; can be fixed via point release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b72cc677e719d37f5f3378d616d9cb53315db927

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b72cc677e719d37f5f3378d616d9cb53315db927
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200120/e3dd1808/attachment.html>
