[Git][security-tracker-team/security-tracker][master] Add CVE-2016-6811/hadoop

Tue May 1 14:54:49 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bde0440e by Salvatore Bonaccorso at 2018-05-01T15:54:17+02:00
Add CVE-2016-6811/hadoop

Confirmed with MITRE that the CVE is correct. Originally the CVE was
asked to be rejected by the respective CNA. The CVE got now assigned
from the CNA pool. REJECT is not a permanent state, cf.
https://cve.mitre.org/news/archives/2017/news.html#July272017_REMINDER:_REJECT_Is_Not_Always_a_Permanent_State_for_a_CVE_ID_Begins_July_27_2017
, so this is actually allowed to do by a CNA.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -88159,8 +88159,9 @@ CVE-2016-6813 (Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call 
 	NOT-FOR-US: Apache CloudStack
 CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x ...)
 	NOT-FOR-US: Apache CXF
-CVE-2016-6811
-	REJECTED
+CVE-2016-6811 [Apache Hadoop Privilege escalation vulnerability]
+	- hadoop <itp> (bug #793644)
+	NOTE: http://www.openwall.com/lists/oss-security/2018/05/01/2
 CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site ...)
 	- activemq 5.14.2+dfsg-1 (unimportant)
 	NOTE: Admin console not enabled in the Debian package, see #702670



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bde0440e060c1839758a56de4a39a6816c415b8f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bde0440e060c1839758a56de4a39a6816c415b8f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180501/ea500771/attachment-0001.html>
