[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1750{8,9}/trafficserver

Salvatore Bonaccorso carnil at debian.org
Sun Dec 6 19:51:28 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
caecd657 by Salvatore Bonaccorso at 2020-12-06T20:51:02+01:00
Add CVE-2020-1750{8,9}/trafficserver

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29128,10 +29128,16 @@ CVE-2020-17511
 CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...)
 	- shiro <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7
-CVE-2020-17509
+CVE-2020-17509 [ATS negative cache option is vulnerable to a cache poisoning attack]
 	RESERVED
-CVE-2020-17508
+	- trafficserver 8.1.1+ds-1
+	NOTE: https://github.com/apache/trafficserver/pull/7359
+	NOTE: https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E
+CVE-2020-17508 [The ATS ESI plugin has a memory disclosure vulnerability]
 	RESERVED
+	- trafficserver 8.1.1+ds-1
+	NOTE: https://github.com/apache/trafficserver/pull/7358
+	NOTE: https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E
 CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...)
 	{DLA-2377-1 DLA-2376-1}
 	- qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caecd657d8e60be605b5c5c3b2ddddd52184b089

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caecd657d8e60be605b5c5c3b2ddddd52184b089
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201206/b94a463c/attachment.html>

More information about the debian-security-tracker-commits mailing list