Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9718acdc by Salvatore Bonaccorso at 2019-10-03T20:30:27Z Mark CVE-2019-16866/unbound as not affected for stretch It looks sufficiently clear that then as well 1.4.22-3+deb8u3 is not affected, but I have not verified the code in that version for util/data/msgparse.c. The issue has been introduced upstream in the 1.7.1 version. Details: https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -583,6 +583,7 @@ CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the fi NOT-FOR-US: HongCMS CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which allows remot ...) - unbound <unfixed> + [stretch] - unbound <not-affected> (Vulnerable code introduced in 1.7.1) NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff CVE-2015-9449 (The microblog-poster plugin before 1.6.2 for WordPress has SQL Injecti ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9718acdc7b841b488bbf3371c4cbdaf256eafae0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9718acdc7b841b488bbf3371c4cbdaf256eafae0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
