Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8315fd7e by Salvatore Bonaccorso at 2019-04-07T18:59:58Z
Process CVE-2019-10905 as NFU
This though might be tricky, icingaweb2 seem to embed the PHP library
and thus might be affected of the issue. One older CVE was marked in
same way but we might need to re-evaluate in the light of icingaweb2
using it.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map
allows a sandbox
NOTE: https://palletsprojects.com/blog/jinja-2-10-1-released/
NOTE:
https://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26
CVE-2019-10905 (Parsedown before 1.7.2, when safe mode is used and HTML markup
is disa ...)
- TODO: check
+ NOT-FOR-US: Parsedown
CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because
frontends/roundup.cgi and r ...)
- roundup <removed> (bug #926587)
NOTE: https://github.com/python/bugs.python.org/issues/34
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8315fd7e92068420059c3590cdcc04d19f38fb5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8315fd7e92068420059c3590cdcc04d19f38fb5f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
