[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-12059/ceph

Salvatore Bonaccorso carnil at debian.org
Fri Apr 24 13:55:00 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
36b8d8b8 by Salvatore Bonaccorso at 2020-04-24T14:54:47+02:00
Track fixed version for CVE-2020-12059/ceph

In upstream dc808953f2f1 ("rgw: rework lifecycle parsing")[1] which is
contained in v14.1.0 the code was modified to use the new style xml
parsing, and the issue does not affect the 14.x series.

The CVE though affect all v13.2.x and fixed in v13.2.10 and as well the
v13.2.x (potentially as well the older series, but this is not yet
checked).

 [1]: <https://github.com/ceph/ceph/commit/dc808953f2f1d12a2bb587f388598ca3e8a0b440

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -167,10 +167,10 @@ CVE-2020-12061
 CVE-2020-12060
 	RESERVED
 CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...)
-	- ceph <unfixed>
+	- ceph 14.2.4-1
 	NOTE: https://tracker.ceph.com/issues/44967
 	NOTE: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3
-	TODO: check affected versions
+	NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing.
 CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...)
 	- teeworlds <unfixed>
 	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b8d8b81e5e6b4888aa0db1e0beb8809c5ccf49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b8d8b81e5e6b4888aa0db1e0beb8809c5ccf49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200424/e4931590/attachment.html>

More information about the debian-security-tracker-commits mailing list