severity 927775 important thanks No reasons, so revert back severity.
On Tue, 4 Jun 2019 08:00:43 +0300 Sergey B Kirpichev <skirpic...@gmail.com> wrote: > On Tue, 23 Apr 2019 06:53:03 +0200 Salvatore Bonaccorso <car...@debian.org> > wrote: > > CVE-2019-11454[0]: > > | Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash > > | Monit before 5.25.3 allows a remote unauthenticated attacker to > > | introduce arbitrary JavaScript via manipulation of an unsanitized user > > | field of the Authorization header for HTTP Basic Authentication, which > > | is mishandled during an _viewlog operation. > > > > > > CVE-2019-11455[1]: > > | A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit > > | before 5.25.3 allows a remote authenticated attacker to retrieve the > > | contents of adjacent memory via manipulation of GET or POST > > | parameters. The attacker can also cause a denial of service > > | (application outage). > > Why severity "grave"? Seems wrong accordingly to the > description in https://www.debian.org/Bugs/Developer#severities. > >
