From b174816405b36d03ae9725de51cfa38dd48131e7 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 13 Feb 2021 19:17:56 +0100 Subject: Update status for CVE-2019-1209{4,5} For the remaining unfixed part the issues where minor and to be ignored. Upstreams shows no interest that they further get adressed. Mark those as unimportant given the negligible impact. --- data/CVE/2019.list | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) (limited to 'data/CVE/2019.list') diff --git a/data/CVE/2019.list b/data/CVE/2019.list index a1bbadd68b..5d0dc0aba8 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -23130,21 +23130,18 @@ CVE-2019-12096 RESERVED CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...) {DLA-2033-1} - - php-horde-trean - [buster] - php-horde-trean (Minor issue) - [stretch] - php-horde-trean (Minor issue) - [jessie] - php-horde-trean (Minor issue) + - php-horde-trean (unimportant) - php-horde 5.2.21+debian0-1 [buster] - php-horde 5.2.20+debian0-1+deb10u1 [stretch] - php-horde 5.2.13+debian0-1+deb9u1 NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75 NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS) + NOTE: Negligible impact for php-horde-trean, and unlikely that upstream will address CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ...) - - php-horde - [buster] - php-horde (Minor issue) - [stretch] - php-horde (Minor issue) - [jessie] - php-horde (Minor issue) + - php-horde (unimportant) NOTE: https://bugs.horde.org/ticket/14926 (for the reflected XSS) + NOTE: Negligible impact and unlikely that upstream will address after fixes + NOTE: for CVE-2019-12095 CVE-2019-12093 RESERVED CVE-2019-12092 -- cgit v1.2.3