[Git][security-tracker-team/security-tracker][master] new csync2 issue
Moritz Muehlenhoff
jmm at debian.org
Tue Mar 31 21:27:55 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b00c4135 by Moritz Muehlenhoff at 2020-03-31T22:27:39+02:00
new csync2 issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38125,7 +38125,10 @@ CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a
CVE-2019-15523
RESERVED
CVE-2019-15522 (An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_ses ...)
- TODO: check
+ - csync2 <unfixed>
+ [buster] - csync2 <no-dsa> (Minor issue)
+ [stretch] - csync2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/LINBIT/csync2/pull/13/commits/0ecfc333da51575f188dd7cf6ac4974d13a800b1
CVE-2019-15521 (Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and ...)
NOT-FOR-US: Spoon Library
CVE-2019-15520 (comelz Quark before 2019-03-26 allows directory traversal to locations ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b00c4135f0e9c7dca72199e902f9bfd6df416945
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b00c4135f0e9c7dca72199e902f9bfd6df416945
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/2cd1e837/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list