Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 056fb713 by Salvatore Bonaccorso at 2019-10-06T19:47:22Z Add CVE-2019-10215 and mark as NFU The issue in bootstrap3-typeahead.js was introduced with commit https://github.com/bassjobsen/Bootstrap-3-Typeahead/commit/dbd1af5b cf. https://bugzilla.redhat.com/show_bug.cgi?id=1735506 . bootstrap3-typeahead.js is actually embedded in ntopng and prometheus. prometheus in sid uses v3.1.0 unaffected by thie issue as introduced later. ntopng uses v4.0.2 and the issue was introduced after this version. So none of the source packages embedding bootstrap3-typeahead.js have an vulnerable version TTBOMK (please double check). Double check needd as well to see if all embedding packages were found. - - - - - d3546a80 by Salvatore Bonaccorso at 2019-10-06T19:52:10Z Merge remote-tracking branch 'origin/master' - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -20463,6 +20463,7 @@ CVE-2019-10216 [-dSAFER escape via .buildfont1] NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19 CVE-2019-10215 RESERVED + NOT-FOR-US: Bootstrap-3-Typeahead CVE-2019-10214 RESERVED TODO: check, issue is in containers library, which is at least embedded in src:singularity-container View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/66a14f025846a82e7be6b98f3b2489ed9f69cfe3...d3546a8037f709c262c73a65b039a8cd649506b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/66a14f025846a82e7be6b98f3b2489ed9f69cfe3...d3546a8037f709c262c73a65b039a8cd649506b0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
