diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-30 12:48:18 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-30 12:50:09 +0100 |
commit | e0b1aa47df2cfbd319419bffb8041db2a195a98e (patch) | |
tree | 1a31dd842e73e652a29d3d32122d21f117cb50e3 | |
parent | 145d50d974fc43a37171606ba9c3c3d8c5f2271e (diff) |
Adjust tracking of CVE-2019-9143 and CVE-2019-9144
The issues until some time ago only ever affected experimental, but then
a 0.27.2 based version was uploaded to unstable moving the vulnerable
state there. Adjust tracking and mark the fixed version first in
unstable as 0.27.2-8.
-rw-r--r-- | data/CVE/list | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list index b6370d4774..916d659717 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -50966,12 +50966,16 @@ CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to ob CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS vulnerability ...) NOT-FOR-US: Hsycms CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...) - [experimental] - exiv2 <unfixed> (low; bug #923473) - - exiv2 <not-affected> (Vulnerable code introduced later) + - exiv2 0.27.2-8 (low; bug #923473) + [buster] - exiv2 <not-affected> (Vulnerable code introduced later) + [stretch] - exiv2 <not-affected> (Vulnerable code introduced later) + [jessie] - exiv2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/issues/712 CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...) - [experimental] - exiv2 <unfixed> (low; bug #923472) - - exiv2 <not-affected> (Vulnerable code introduced later) + - exiv2 0.27.2-8 (low; bug #923472) + [buster] - exiv2 <not-affected> (Vulnerable code introduced later) + [stretch] - exiv2 <not-affected> (Vulnerable code introduced later) + [jessie] - exiv2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/issues/711 CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS ...) NOT-FOR-US: b3log Symphony (aka Sym) |