summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2020-02-15 14:28:24 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2020-02-15 14:28:24 +0100
commitd9e2d3f17f59c09f0e8c4c42732cb0be4fb6d1d6 (patch)
tree78824682d31fce0705d5bd90c76b1760f075f909
parentee251315ca48426e10238373cd5c087098c2ef1b (diff)
Update status for CVE-2019-19343
While the issue is affecting both Undertow and remoting, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1780445#c10 on Red Hat's side to mitigate the issue only a fix was added to remoting. The CVE is quite specific for this memory leak in combination with remoting, thus mark the severity as unimportant, beeing negligible for Debian itself. Still, the issue remains unresolved for undertow, but it does not appear to be interest in a fix.
-rw-r--r--data/CVE/2019.list5
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index c679e1677a..f938e26c09 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -2928,8 +2928,11 @@ CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions befo
NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
CVE-2019-19343
RESERVED
- - undertow <unfixed> (bug #948024)
+ - undertow <unfixed> (bug #948024; unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445
+ NOTE: Issue affects both Undertow and rmeoting, but for adressing the immediate
+ NOTE: issue only af fix via remoting (https://issues.redhat.com/browse/REM3-347)
+ NOTE: was added.
CVE-2019-19342 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...)
NOT-FOR-US: Ansible Tower
CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where ...)

© 2014-2024 Faster IT GmbH | imprint | privacy policy