[Git][security-tracker-team/security-tracker][master] data/CVE/list: Switch CVE-2019-17177/jessie from <no-dsa> to <ignored>....

Mike Gabriel sunweaver at debian.org
Tue Mar 31 14:54:21 BST 2020



Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9dc4813 by Mike Gabriel at 2020-03-31T15:53:09+02:00
data/CVE/list: Switch CVE-2019-17177/jessie from <no-dsa> to <ignored>. Patching this old version of FreeRDP would be very invasive, the old freerdp v1.1 is full of realloc() calls that don't check the result.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32614,7 +32614,7 @@ CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x throu
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
 	- freerdp <removed> (low)
 	[stretch] - freerdp <no-dsa> (Minor issue)
-	[jessie] - freerdp <no-dsa> (Minor issue)
+	[jessie] - freerdp <ignored> (Minor issue; Patching this old version would be very invasive; no upstream patch available)
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
 	NOTE: https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007
 CVE-2019-17176 (Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9dc48131d1173d5d10d9d9b9fd1b0ed60dd68bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9dc48131d1173d5d10d9d9b9fd1b0ed60dd68bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/71d3dd17/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list