[Git][security-tracker-team/security-tracker][master] Associate two swagger ui with respective itp'ed items

Mon, 14 Oct 2019 02:16:42 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4c694e18 by Salvatore Bonaccorso at 2019-10-14T09:14:03Z
Associate two swagger ui with respective itp'ed items

Note there are two ITP/RFP's for the respective branches. The naming is
as well confusing, so this should probably be clarified with the
respective people who want to package(s) to enter the archive.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -157,7 +157,8 @@ CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 
has an NTLM SSO hash
 CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This 
field is  ...)
        NOT-FOR-US: Craft CMS
 CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in 
Swagger UI b ...)
-       NOT-FOR-US: Swagger UI
+       - node-swagger-ui <itp> (bug #871461)
+       - swagger-ui <itp> (bug #895422)
 CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...)
        NOT-FOR-US: laravel-bjyblog
 CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the 
Problem[sample_ ...)
@@ -167675,7 +167676,8 @@ CVE-2016-5684 (An exploitable out-of-bounds write 
vulnerability exists in the XM
 CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL 
Server cre ...)
        NOT-FOR-US: ReadyDesk
 CVE-2016-5682 (Swagger-UI before 2.2.1 has XSS via the Default field in the 
Definitio ...)
-       NOT-FOR-US: Swagger-UI
+       - node-swagger-ui <itp> (bug #871461)
+       - swagger-ui <itp> (bug #895422)
 CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L 
B1 2.0 ...)
        NOT-FOR-US: D-Link
 CVE-2016-5680 (Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 
2 1.7. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c694e184a7d6057d512f066b2de445448e0ed7a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c694e184a7d6057d512f066b2de445448e0ed7a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to