Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1acf44b6 by Salvatore Bonaccorso at 2019-10-17T12:32:09Z
Add CVE-2019-0205 and CVE-2019-0210 (thrift)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50843,8 +50843,10 @@ CVE-2019-0211 (In Apache HTTP Server 2.4 releases
2.4.17 to 2.4.38, with MPM eve
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
NOTE: https://svn.apache.org/r1855378
-CVE-2019-0210
+CVE-2019-0210 [out-of-bounds read vulnerability]
RESERVED
+ - thrift <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/2
CVE-2019-0209
REJECTED
CVE-2019-0208
@@ -50853,8 +50855,10 @@ CVE-2019-0207 (Tapestry processes assets `/assets/ctx`
using classes chain `Stat
NOT-FOR-US: Apache Tapestry
CVE-2019-0206
REJECTED
-CVE-2019-0205
+CVE-2019-0205 [potential DoS when processing untrusted Thrift payload]
RESERVED
+ - thrift <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/1
CVE-2019-0204 (A specifically crafted Docker image running under the root user
can ov ...)
- apache-mesos <itp> (bug #760315)
CVE-2019-0203 (In Apache Subversion versions up to and including 1.9.10,
1.10.4, 1.12 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1acf44b6efb95b0000dfd6699006e8f45703759a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1acf44b6efb95b0000dfd6699006e8f45703759a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
