Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eee09f95 by Markus Koschany at 2019-05-14T22:00:45Z
CVE-2019-9917,znc: Change status from not-affected to no-dsa
After discussion with upstream clarify that the version of znc in Jessie is
affected by CVE-2019-9917. Although users cannot set the encoding because this
feature does not exist, the modpython module is still vulnerable when parsing
non-UTF-8 strings. The workaround is to disable modpython or to deinstall the
znc-python package. Backporting the encoding feature to Jessie is probably not
worth the time. We could consider to upgrade to a newer version instead should
another
serious issue be discovered.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5178,7 +5178,7 @@ CVE-2019-9918 (An issue was discovered in the Harmis JE
Messenger component 1.2.
NOT-FOR-US: Harmis JE Messenger component for Joomla!
CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a
Denial ...)
- znc 1.7.2-2 (bug #925285)
- [jessie] - znc <not-affected> (The vulnerable code is not present)
+ [jessie] - znc <no-dsa> (Minor issue, workaround is to disable
modpython)
NOTE:
https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
CVE-2019-9916
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eee09f95ea090663cf3338a44ae1215e2b2c0f79
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eee09f95ea090663cf3338a44ae1215e2b2c0f79
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
