[Git][security-tracker-team/security-tracker][master] 2 commits: more info for CVE-2019-17566/batik

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6dea5527 by Thorsten Alteholz at 2020-06-22T16:11:33+02:00
more info for CVE-2019-17566/batik

- - - - -
76346772 by Thorsten Alteholz at 2020-06-22T16:11:33+02:00
patch added in CVE list

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -43214,6 +43214,8 @@ CVE-2019-17566 [SSRF vulnerability]
 	RESERVED
 	- batik <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/2
+	NOTE: patch: http://svn.apache.org/viewvc?view=revision&revision=1871084
+	NOTE: corresponding bug: https://issues.apache.org/jira/browse/BATIK-1276
 CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
 	{DSA-4672-1}
 	- trafficserver 8.0.6+ds-1


=====================================
data/dla-needed.txt
=====================================
@@ -31,7 +31,6 @@ apache2
   NOTE: 20200604: otherwise the patch is ready for upload. (utkarsh)
 --
 batik
-  NOTE: 20200619: Patch not explicitly mentioned. Needs deeper research.
 --
 bison
   NOTE: 20200619: Patch not explicitly mentioned. Needs deeper research.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/937b5e60f3cb707c2d9f8547d430ba258709e0e5...76346772f721d7b2e6fddb03ffd953ef39a56335

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/937b5e60f3cb707c2d9f8547d430ba258709e0e5...76346772f721d7b2e6fddb03ffd953ef39a56335
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200622/ede96971/attachment-0001.html>