[Git][security-tracker-team/security-tracker][master] 2 commits: info about CVE-2019-25067

Reinhard Tartler (@siretart) siretart at debian.org
Mon Jul 4 15:57:03 BST 2022 


Reinhard Tartler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8887742 by Reinhard Tartler at 2022-07-04T14:56:49+00:00
info about CVE-2019-25067

- - - - -
9479ca4f by Reinhard Tartler at 2022-07-04T14:56:54+00:00
Merge branch 'CVE-2019-25067' into 'master'

info about CVE-2019-25067

See merge request security-tracker-team/security-tracker!110
- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6656,12 +6656,13 @@ CVE-2019-25069 (A vulnerability, which was classified as problematic, has been f
 CVE-2019-25068 (A vulnerability classified as critical was found in Axios Italia Axios ...)
 	NOT-FOR-US: Axios Italia Axios RE
 CVE-2019-25067 (A vulnerability, which was classified as critical, was found in Podman ...)
-	- libpod <undetermined>
+	- libpod 3.0.0+dfsg1-1
 	NOTE: https://vuldb.com/?id.143949
 	NOTE: https://www.exploit-db.com/exploits/47500
 	NOTE: exploit demo script on client uses Python podman code which is not in Debian
-	NOTE: refers to old versions of remote code which were never uploaded to Debian
-	NOTE: unclear if the issue was ever reported upstream, could be Fedora/RedHat specific
+	NOTE: refers to old versions of remote code which never made it to a Debian release
+	NOTE: issue probably present in all versions with varlink, starting 1.6.2+dfsg-1
+	NOTE: upstream (Fedora/RedHat) refuses to look into it: https://bugzilla.redhat.com/show_bug.cgi?id=2097496
 CVE-2019-25066 (A vulnerability has been found in ajenti 2.1.31 and classified as crit ...)
 	- ajenti <itp> (bug #792019)
 CVE-2019-25065 (A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb0585423195631856e527d83b0e26c7914b3f85...9479ca4f07d4ba4b966a18d6c09b76b296671991

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb0585423195631856e527d83b0e26c7914b3f85...9479ca4f07d4ba4b966a18d6c09b76b296671991
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220704/c1e0c9df/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list