On 2019-08-19 20:54, Moritz Mühlenhoff wrote:
On Mon, Aug 19, 2019 at 02:27:09PM +0200, Hugo Lefeuvre wrote:
Hi,
I just had a look at xymon's vulnerabilities in jessie, stretch and
buster.
Upstream claims some of these issues to be exploitable, among others
the XSS
vulnerability. I plan
Package: openjdk-7-jre-headless
Version: 7u231-2.6.19-1~deb8u1
Followup-For: Bug #935082
Dear Maintainer,
I'm also seeing this issue and it prevents eg. ActiveMQ from starting when
using EC certificates and keys in the key store. I'm attaching a small sample
program which shows the same issue
Hi Moritz,
> > I see that Moritz and Axel already discussed this on upstream's mailing
> > list,
> > however the tracker has not been updated yet. Is anybody working on it? If
> > not,
> > I can take some time to do it.
>
> These are scheduled via the next 9.10 and 10.1 point releases, but it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: flask
Version: 0.10.1-2+deb8u1
CVE ID : CVE-2018-1000656
Flask, a micro web framework for Python contains a CWE-20: Improper
Input Validation vulnerability that can result in Large amount of
memory usage possibly