Hi Japheth,
On Tue, Jul 23, 2019 at 08:57:49AM -0700, Japheth Cleaver wrote:
The specific CVEs in question are:
? CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
^^^
? CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
^^^
But in the information for Xymon packagers you wrote a slightly
differing set of CVE-IDs:
The CVEs in question are:
history.c (service overflows histlogfn) = CVE-2019-13451
reportlog.c (service overflows histlogfn) = CVE-2019-13452
csvinfo.c (srdb overflows dbfn) = CVE-2019-13273
^^^
csvinfo.c (reflected XSS) = CVE-2019-13274
^^^
acknowledge.c (htmlquoted(hostname) overflows msgline) = CVE-2019-13455
appfeed.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13484
history.c (hostname overflows selfurl) = CVE-2019-13485
svcstatus.c (htmlquoted(xymondreq) overflows errtxt) = CVE-2019-13486
Which ones are the correct ones? I used the latter ones in my
changelog entry for the Debian package.
Kind regards, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet
Mail+Jabber: user-0064bde8d49d@xymon.invalid X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/