Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
41ad4120 by Salvatore Bonaccorso at 2019-04-25T07:15:17Z
Add CVE-2019-5427/c3p0
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15605,7 +15605,9 @@ CVE-2019-5428 (A prototype pollution vulnerability
exists in jQuery versions <
NOTE: Duplicate of CVE-2019-11358
TODO: check (MITRE already contacted)
CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs
attack ...)
- TODO: check
+ - c3p0 <unfixed>
+ NOTE: https://hackerone.com/reports/509315
+ NOTE: Fixed by:
https://github.com/swaldman/c3p0/commit/f38f27635c384806c2a9d6500d80183d9f09d78b
CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an
unauthenticated ...)
NOT-FOR-US: Ubiquiti
CVE-2019-5425 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an
authenticated u ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41ad412067373d08e31eca9719d77082d7acdced
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41ad412067373d08e31eca9719d77082d7acdced
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
