[Git][security-tracker-team/security-tracker][master] Revert "Triage CVE-2019-9917 once more, vulnerable code is not present in jessie's znc."

Salvatore Bonaccorso Mon, 27 May 2019 13:51:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8014e6ca by Salvatore Bonaccorso at 2019-05-27T20:50:06Z
Revert &quot;Triage CVE-2019-9917 once more, vulnerable code is not present in 
jessie&#39;s znc.&quot;

This reverts commit bc7713d516c50a97d798170d412eac3176392ee0.

The triaging was actually correct and the version in jessie is affected.
The issue is minor and workarond for the issue is as described. The fix
would be intrusive and would need extensive backport of some support
first.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5881,7 +5881,7 @@ CVE-2019-9918 (An issue was discovered in the Harmis JE 
Messenger component 1.2.
        NOT-FOR-US: Harmis JE Messenger component for Joomla!
 CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a 
Denial  ...)
        - znc 1.7.2-2 (bug #925285)
-       [jessie] - znc <not-affected> (Vulnerable code not present, was: Minor 
issue, workaround is to disable modpython)
+       [jessie] - znc <no-dsa> (Minor issue, workaround is to disable 
modpython)
        NOTE: 
https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
 CVE-2019-9916
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8014e6cacbb8c6dd38804e0a91ea02cf254c4614

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8014e6cacbb8c6dd38804e0a91ea02cf254c4614
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Revert "Triage CVE-2019-9917 once more, vulnerable code is not present in jessie's znc."

Reply via email to