diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-28 08:05:25 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-28 08:05:25 +0100 |
commit | 3d30a2bb554cbd8caeaeb251a58367d166b84b65 (patch) | |
tree | 2e0f667ce0bfd33a5216e421f27ffdead44c7820 | |
parent | e1f4e698b8a67385325056a1745b42293f2b6daa (diff) |
libxmlrpc3-java removed from unstable
-rw-r--r-- | data/CVE/2019.list | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 6596560aa8..cc6d1f1553 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -7011,7 +7011,7 @@ CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is vulnerable NOTE: Fixed by https://src.fedoraproject.org/rpms/log4j12/c/d4c817c458d69dcc629a7271999d178b0dcb7c74?branch=master CVE-2019-17570 (An untrusted deserialization was found in the org.apache.xmlrpc.parser ...) {DLA-2078-1} - - libxmlrpc3-java <unfixed> (bug #949089) + - libxmlrpc3-java <removed> (bug #949089) NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/1 NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=1775193 NOTE: https://github.com/orangecertcc/xmlrpc-common-deserialization |