[Git][security-tracker-team/security-tracker][master] 4 commits: Reference upstream commit for CVE-2020-1730/libssh

Salvatore Bonaccorso carnil at debian.org
Thu Apr 9 16:19:23 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2271b57d by Salvatore Bonaccorso at 2020-04-09T17:15:36+02:00
Reference upstream commit for CVE-2020-1730/libssh

- - - - -
7c2e4e86 by Salvatore Bonaccorso at 2020-04-09T17:17:04+02:00
Track introducing commit for CVE-2020-1730/libssh

- - - - -
9395da53 by Salvatore Bonaccorso at 2020-04-09T17:17:36+02:00
Remove todo item for CVE-2020-1730

- - - - -
fe469f8f by Salvatore Bonaccorso at 2020-04-09T17:18:37+02:00
Update affected status for CVE-2020-1730/libssh

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25181,8 +25181,11 @@ CVE-2020-1731 (A flaw was found in all versions of the Keycloak operator, before
 CVE-2020-1730
 	RESERVED
 	- libssh <unfixed>
+	[stretch] - libssh <not-affected> (Vulnerable code introduced later)
+	[jessie] - libssh <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2020-1730.txt
-	TODO: check, seem to affect only >= 0.8.0 but needs double check
+	NOTE: Introduced by: https://git.libssh.org/projects/libssh.git/commit/?id=84a85803b4c83b8dac03b0d0aba58b48c98253e6 (libssh-0.8.0)
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a
 CVE-2020-1729
 	RESERVED
 	NOT-FOR-US: SmallRye Config



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/60393b83257ce84bcf8c1409b36529336af05391...fe469f8f1ae523c2f7e9270e92b7ce1a32be0348

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/60393b83257ce84bcf8c1409b36529336af05391...fe469f8f1ae523c2f7e9270e92b7ce1a32be0348
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200409/4e65b44f/attachment.html>

More information about the debian-security-tracker-commits mailing list