[Git][security-tracker-team/security-tracker][master] Associate CVE-2019-1002162 with atomic-reactor

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ddb1b24e by Salvatore Bonaccorso at 2020-04-20T21:13:37+02:00
Associate CVE-2019-1002162 with atomic-reactor

The issue appears rather in use of atomic-reactor, where it's use of
skopeo was changed to use the authfile option instead of using username
and password to authenticate and so not leaking credentials in the logs
for atomic-reactor.

Cf. https://github.com/containerbuildsystem/atomic-reactor/pull/1186

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -56862,7 +56862,7 @@ CVE-2019-10263 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1
 CVE-2019-10262 (A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_ ...)
 	NOT-FOR-US: BlueCMS
 CVE-2019-1002162
-	- skopeo <unfixed>
+	NOT-FOR-US: atomic-reactor
 CVE-2019-1002101 (The kubectl cp command allows copying files between containers and the ...)
 	- kubernetes <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced by: https://github.com/kubernetes/kubernetes/commit/b1f85e2dfec6e64d8e1bc272251277df0058ab20



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddb1b24e42da04690b2075ff1b8aab0e64e03fbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddb1b24e42da04690b2075ff1b8aab0e64e03fbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200420/8dfe8903/attachment.html>