[Git][security-tracker-team/security-tracker][master] Track CVE-2020-11061 as well for bacula
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 24 16:31:01 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d8c007c by Salvatore Bonaccorso at 2020-08-24T17:29:10+02:00
Track CVE-2020-11061 as well for bacula
Following the upstream report <https://bugs.bareos.org/view.php?id=1210>
for bareos it looks that Bareos upstream agreed that the same issue is
affecting Bacula, though the code diverged.
For now track both source packages affected by the issue with the same
CVE, but clarification pending with MITRE to assess if a secondary CVE
is needed.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31106,11 +31106,13 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...)
+ - bacula 9.6.5-1
- bareos <unfixed> (bug #965985)
[stretch] - bareos <no-dsa> (minor issue, low priority)
NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
NOTE: https://bugs.bareos.org/view.php?id=1210
NOTE: https://github.com/bareos/bareos/commit/86c6fa479a21a1464366babb74e6cf33770ed7ae (master)
+ NOTE: https://www.bacula.org/git/cgit.cgi/bacula/commit/?id=f9472227317b8e1d26a781d042e0efdf432a633f (Release-9.6.4)
CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d8c007c3dca610b98b9e9f7519d7f78dce3e644
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d8c007c3dca610b98b9e9f7519d7f78dce3e644
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200824/4b1b0e9f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list