Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6263e009 by Salvatore Bonaccorso at 2019-05-05T12:07:09Z
Update status for CVE-2019-0223/qpid-proton
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31339,14 +31339,15 @@ CVE-2019-0225 (A specially crafted url could be used
to access files under the R
CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL
could ex ...)
- jspwiki <removed>
CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under
some cir ...)
- - qpid-proton <unfixed>
+ - qpid-proton 0.22.0-1
NOTE: https://issues.apache.org/jira/browse/PROTON-2014
NOTE: https://qpid.apache.org/cves/CVE-2019-0223.html
NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=97c7733
NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=159fac1
NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=4aea0fd
NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=2d3ba8a
- TODO: check details
+ NOTE: Source-wise only fixed in 0.27.1 upstream, but 0.22.0-1 upload in
+ NOTE: unstable switched to build against OpenSSL 1.1 adressing the
issue.
CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT
frame ca ...)
- activemq <unfixed> (bug #925964)
[stretch] - activemq <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6263e009ebf03d16327043eff42758a9f4788d1d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6263e009ebf03d16327043eff42758a9f4788d1d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
