[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-1585,apparmor: Follow advise from the Debian maintainers.

Sun, 05 May 2019 06:12:04 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0dd19c07 by Markus Koschany at 2019-05-05T13:00:25Z
CVE-2016-1585,apparmor: Follow advise from the Debian maintainers.

- - - - -
76223897 by Markus Koschany at 2019-05-05T13:09:53Z
CVE-2019-11767,phpbb3: Mark as postponed for Jessie.

Minor issue. The solution/workaround is to disable the remote avatar function
and to inform admins about potential side affects if they decide to re-enable
it.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
 CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 
allows checki ...)
        - phpbb3 <removed>
+       [jessie] - phpbb3 <postponed> (Minor issue, solution/workaround is to 
disable the remote avatar function)
        NOTE: https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941
 CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a 
buffer over ...)
        - dhcpcd5 <unfixed> (bug #928440)
@@ -162320,6 +162321,7 @@ CVE-2016-1586 (A malicious webview could install 
long-lived unload handlers that
 CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally 
widened when  ...)
        - apparmor <unfixed> (low)
        [stretch] - apparmor <ignored> (Minor overall security impact)
+       [jessie] - apparmor <ignored> (Minor overall security impact)
        NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017
        NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=995594
        NOTE: Introduced around AppArmor 2.8 upstream.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/e514c8d2ca0d667d1f41c52152942aa713796f8f...762238971fe209ef66c71f77c6abcaf896f54f5f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/e514c8d2ca0d667d1f41c52152942aa713796f8f...762238971fe209ef66c71f77c6abcaf896f54f5f
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to