[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1759/ceph
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 7 17:12:44 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ca53225d by Salvatore Bonaccorso at 2020-04-07T18:11:52+02:00
Add CVE-2020-1759/ceph
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24556,8 +24556,13 @@ CVE-2020-1760 [header-splitting in RGW GetObject has a possible XSS]
NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5
NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/1bf14094fec34770d2cc74317f4238ccb2dfef98
NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/1
-CVE-2020-1759
+CVE-2020-1759 [ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions]
RESERVED
+ - ceph <unfixed>
+ NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/fe387e02b11df98357d8cdbfa3b1f1d5f2bb3f74
+ NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211
+ NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d
+ NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2
CVE-2020-1758
RESERVED
CVE-2020-1757
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca53225d81400035671c6532aa5af9b829c447f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca53225d81400035671c6532aa5af9b829c447f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200407/61cb80ba/attachment.html>
More information about the debian-security-tracker-commits
mailing list