Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5b9ac44a by Salvatore Bonaccorso at 2020-02-15T14:28:24+01:00 Update status for CVE-2019-19343 While the issue is affecting both Undertow and remoting, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1780445#c10 on Red Hat's side to mitigate the issue only a fix was added to remoting. The CVE is quite specific for this memory leak in combination with remoting, thus mark the severity as unimportant, beeing negligible for Debian itself. Still, the issue remains unresolved for undertow, but it does not appear to be interest in a fix. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -18188,8 +18188,11 @@ CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions befo NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html CVE-2019-19343 RESERVED - - undertow <unfixed> (bug #948024) + - undertow <unfixed> (bug #948024; unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445 + NOTE: Issue affects both Undertow and rmeoting, but for adressing the immediate + NOTE: issue only af fix via remoting (https://issues.redhat.com/browse/REM3-347) + NOTE: was added. CVE-2019-19342 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...) NOT-FOR-US: Ansible Tower CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b9ac44a45dd85df171d1ae4d0463f6ec577c3ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b9ac44a45dd85df171d1ae4d0463f6ec577c3ef You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
