[Git][security-tracker-team/security-tracker][master] 3 commits: Mark rpyc as not affected by CVE-2019-16328
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 16 12:15:01 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7aa8e647 by Timo Röhling at 2022-02-16T11:26:06+01:00
Mark rpyc as not affected by CVE-2019-16328
- - - - -
f612229b by Salvatore Bonaccorso at 2022-02-16T13:13:14+01:00
Add reason for not-affected and expand notes covering upstream information
- - - - -
8069dc8a by Salvatore Bonaccorso at 2022-02-16T13:14:04+01:00
Merge branch 'CVE-2019-16328'
!102
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -170528,7 +170528,9 @@ CVE-2019-16330 (In NCH Express Accounts Accounting v7.02, persistent cross site
CVE-2019-16329
RESERVED
CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify ...)
- - rpyc <removed>
+ - rpyc <not-affected> (Vulnerable code newer in a released Debian version)
+ NOTE: Issue only affected 4.1.0 and 4.1.1 upstream and fixed in 4.1.2
+ NOTE: https://rpyc.readthedocs.io/en/latest/docs/security.html#security
CVE-2019-16327 (D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypa ...)
NOT-FOR-US: D-Link
CVE-2019-16326 (D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c89e2fbc16cfbe3b8b05db7ed429a5bd13c3d934...8069dc8ac3a82e61a9c88b4e3c1786d172f468bf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c89e2fbc16cfbe3b8b05db7ed429a5bd13c3d934...8069dc8ac3a82e61a9c88b4e3c1786d172f468bf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220216/e88c78ce/attachment.htm>
More information about the debian-security-tracker-commits
mailing list