Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1

To: Axel Beckert <abe@debian.org>, 935474@bugs.debian.org
Subject: Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 23 Aug 2019 06:31:32 +0100
Message-id: <[🔎] f1653eb46336ce5c4951f29e4bfa561d523cb6d5.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 935474@bugs.debian.org
In-reply-to: <[🔎] 156651774115.27997.8401547203704387719.reportbug@c-cactus2>
References: <[🔎] 156651774115.27997.8401547203704387719.reportbug@c-cactus2> <[🔎] 156651774115.27997.8401547203704387719.reportbug@c-cactus2>

Control: tags -1 + confirmed

On Fri, 2019-08-23 at 01:49 +0200, Axel Beckert wrote:
> The Debian Security Team decided to not issue a security update for
> these CVE IDs:
> 
> * CVE-2019-13451: service overflows histlogfn in history.c.
> * CVE-2019-13452: service overflows histlogfn in reportlog.c.
> * CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
> * CVE-2019-13274: reflected XSS in csvinfo.c.
> * CVE-2019-13455: htmlquoted(hostname) overflows msgline in
>   acknowledge.c.
> * CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
> * CVE-2019-13485: hostname overflows selfurl in history.c.
> * CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
>   svcstatus.c.
> 
> Hence I propose to do these as a normal stable update.
> 

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
  - From: Axel Beckert <abe@debian.org>

References:
- Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
  - From: Axel Beckert <abe@debian.org>

Prev by Date: Processed: Re: Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
Next by Date: Bug#928556: gocode 20150303-3+deb9u2 flagged for acceptance
Previous by thread: Processed: Re: Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
Next by thread: Bug#935474: buster-pu: package xymon/4.3.28-5+deb10u1
Index(es):
- Date
- Thread