[Git][security-tracker-team/security-tracker][master] Adjust tracking of CVE-2019-9143 and CVE-2019-9144

Salvatore Bonaccorso carnil at debian.org
Thu Jan 30 11:50:39 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0b1aa47 by Salvatore Bonaccorso at 2020-01-30T12:50:09+01:00
Adjust tracking of CVE-2019-9143 and CVE-2019-9144

The issues until some time ago only ever affected experimental, but then
a 0.27.2 based version was uploaded to unstable moving the vulnerable
state there. Adjust tracking and mark the fixed version first in
unstable as 0.27.2-8.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -50966,12 +50966,16 @@ CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to ob
 CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS vulnerability  ...)
 	NOT-FOR-US: Hsycms
 CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite recursion at  ...)
-	[experimental] - exiv2 <unfixed> (low; bug #923473)
-	- exiv2 <not-affected> (Vulnerable code introduced later)
+	- exiv2 0.27.2-8 (low; bug #923473)
+	[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
+	[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
+	[jessie] - exiv2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Exiv2/exiv2/issues/712
 CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite recursion at  ...)
-	[experimental] - exiv2 <unfixed> (low; bug #923472)
-	- exiv2 <not-affected> (Vulnerable code introduced later)
+	- exiv2 0.27.2-8 (low; bug #923472)
+	[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
+	[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
+	[jessie] - exiv2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Exiv2/exiv2/issues/711
 CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS ...)
 	NOT-FOR-US: b3log Symphony (aka Sym)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b1aa47df2cfbd319419bffb8041db2a195a98e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b1aa47df2cfbd319419bffb8041db2a195a98e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200130/3ec01cd7/attachment.html>

More information about the debian-security-tracker-commits mailing list