From e0aac63da5fd3d5ee043acaebd3f741f63cabeac Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 15 Feb 2020 14:28:24 +0100 Subject: Update status for CVE-2019-19343 While the issue is affecting both Undertow and remoting, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1780445#c10 on Red Hat's side to mitigate the issue only a fix was added to remoting. The CVE is quite specific for this memory leak in combination with remoting, thus mark the severity as unimportant, beeing negligible for Debian itself. Still, the issue remains unresolved for undertow, but it does not appear to be interest in a fix. --- data/CVE/list.2019 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index c679e1677a..f938e26c09 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -2928,8 +2928,11 @@ CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions befo NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html CVE-2019-19343 RESERVED - - undertow (bug #948024) + - undertow (bug #948024; unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445 + NOTE: Issue affects both Undertow and rmeoting, but for adressing the immediate + NOTE: issue only af fix via remoting (https://issues.redhat.com/browse/REM3-347) + NOTE: was added. CVE-2019-19342 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...) NOT-FOR-US: Ansible Tower CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where ...) -- cgit v1.2.3