CVE-2019-18345 — Reflected Cross-Site Scripting CVE-2019-18346 — Cross-Site Request Forgery CVE-2019-18347 — (this advisory) Persistent Cross-Site Scripting
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bdaf4d2d4310bb4ff3455d9f3c0c062437252a0 commit 1bdaf4d2d4310bb4ff3455d9f3c0c062437252a0 Author: Till Schäfer <till2.schaefer@uni-dortmund.de> AuthorDate: 2019-12-12 15:44:34 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-12-12 17:53:34 +0000 www-apps/davical: remove vulnerable versions Bug: https://bugs.gentoo.org/702514 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Till Schäfer <till2.schaefer@uni-dortmund.de> Closes: https://github.com/gentoo/gentoo/pull/13956 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-apps/davical/Manifest | 2 - www-apps/davical/davical-1.1.7-r2.ebuild | 72 ---------------------- www-apps/davical/davical-1.1.8.ebuild | 70 --------------------- ...davical-1.1.7-fix_php4_style_constructors.patch | 39 ------------ 4 files changed, 183 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aea06c8894b23d176eb59456cc31f28376d507af commit aea06c8894b23d176eb59456cc31f28376d507af Author: Till Schäfer <till2.schaefer@uni-dortmund.de> AuthorDate: 2019-12-12 15:38:44 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-12-12 17:53:33 +0000 www-apps/davical: bump to 1.1.9.2 Bug: https://bugs.gentoo.org/702514 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Till Schäfer <till2.schaefer@uni-dortmund.de> Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-apps/davical/Manifest | 1 + www-apps/davical/davical-1.1.9.2.ebuild | 70 +++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+)
