Skip to content
Commit dea3b531 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso
Browse files

Try to resolve confusion in CVEs for xymon 

We have to assume that the now set is correct. Former communication
involved those CVEs which were used as well by the maintainer in the
debian/changelog file. But upstream used different CVEs (possibly
typoed) in the announce in https://lists.xymon.com/archive/2019-July/046570.html

The correct set of CVEs should be thus

       - CVE-2019-13451: service overflows histlogfn in history.c.
       - CVE-2019-13452: service overflows histlogfn in reportlog.c.
       - CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
       - CVE-2019-13274: reflected XSS in csvinfo.c.
       - CVE-2019-13455: htmlquoted(hostname) overflows msgline in
         acknowledge.c.
       - CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
       - CVE-2019-13485: hostname overflows selfurl in history.c.
       - CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
         svcstatus.c.
parent 4555f5e3
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment