diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-03-01 06:37:58 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-03-01 06:37:58 +0100 |
commit | d39a20929fb60442a0239a6ad6af9b3e558a2e9c (patch) | |
tree | 2f36fbd3093095348ad8c7593e725c749dc95811 /data/CVE/2019.list | |
parent | 7466c05b13a71697ed5d33feccd5ca26eaf6f3fd (diff) |
Update information on CVE-2019-0222 and associate mqtt-client
activemq upstream included the mqtt-client library in the lib/extra
directory but in Debian we use the external src:mqtt-client accordngly.
The history is a bit involving at at first activemq disabled MQTT
support, later on enabled it and depending on the mqtt-client provided
packages.
Associate now the CVE with mqtt-client where the issue got fixed.
Thanks: Abhijith PA for spotting the issue.
Diffstat (limited to 'data/CVE/2019.list')
-rw-r--r-- | data/CVE/2019.list | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 111a6a7e8f..4e3dabf0c5 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -53016,11 +53016,13 @@ CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under som NOTE: not present in the jessie version. That part do not seem to be essential for NOTE: the package to be vulnerable. CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...) - - activemq 5.15.9-1 (bug #925964) - [buster] - activemq <no-dsa> (Minor issue) - [stretch] - activemq <no-dsa> (Minor issue) + - activemq 5.15.9-1 (bug #925964; unimportant) [jessie] - activemq <not-affected> (MQTT support not enabled) + - mqtt-client 1.16-1 NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt + NOTE: activemq disabled MQTT transport in 5.6.0+dfsg-1 (d/patches/exclude_mqtt.diff) + NOTE: but enabled activemq-mqtt in 5.13.2+dfsg-2 using the external mqtt-client. + NOTE: https://github.com/fusesource/mqtt-client/commit/2898f10be758decdc85ba6c523cb5be6b9092855 (mqtt-client-project-1.15) CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 ...) {DSA-4596-1 DLA-1883-1 DLA-1810-1} - tomcat9 9.0.16-4 (bug #929895) |