Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits: efcc7d15 by Adrian Bunk at 2021-12-27T21:12:56+02:00 Reserve DLA-2855-1 for monit - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -174631,12 +174631,10 @@ CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...) {DLA-1767-1} - monit 1:5.25.3-1 (bug #927775) - [stretch] - monit <no-dsa> (Minor issue) NOTE: https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a CVE-2019-11454 (Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash ...) {DLA-1767-1} - monit 1:5.25.3-1 (bug #927775) - [stretch] - monit <no-dsa> (Minor issue) NOTE: https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3 NOTE: https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c CVE-2019-11453 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[27 Dec 2021] DLA-2855-1 monit - security update + {CVE-2019-11454 CVE-2019-11455} + [stretch] - monit 1:5.20.0-6+deb9u2 [27 Dec 2021] DLA-2854-1 novnc - security update {CVE-2017-18635} [stretch] - novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-6+deb9u1 ===================================== data/dla-needed.txt ===================================== @@ -71,8 +71,6 @@ linux-4.19 (Ben Hutchings) -- lxml (Utkarsh) -- -monit (Adrian Bunk) --- nvidia-graphics-drivers (Markus Koschany) NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efcc7d1500da66c87fdbe83aa4cb62728dae33e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efcc7d1500da66c87fdbe83aa4cb62728dae33e2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits