[Git][security-tracker-team/security-tracker][master] CVE-2018-10886 Clarify why we kept the CVE
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 21 13:55:55 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
908e8412 by Salvatore Bonaccorso at 2020-12-21T14:55:27+01:00
CVE-2018-10886 Clarify why we kept the CVE
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -160886,8 +160886,10 @@ CVE-2018-10886
NOTE: https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe
NOTE: https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1584407
- NOTE: The CVE will be rejected, as it was assigned by Red Hat's CNA but is out of
- NOTE: scope of the assigning CNA.
+ NOTE: The CVE was rejected, as it was assigned by Red Hat's CNA but is out of
+ NOTE: scope of the assigning CNA. The rejection was not due to technical invalid
+ NOTE: issue but because it was assigned by a CNA which did not cover the scope
+ NOTE: for ant. Would fall under Apache CNA instead.
CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy c ...)
NOT-FOR-US: atomic-openshift
CVE-2018-10884 (Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-s ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/908e8412d36ed061b04a0919ce6bd516ac1e06b5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/908e8412d36ed061b04a0919ce6bd516ac1e06b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201221/d47708dd/attachment.html>
More information about the debian-security-tracker-commits
mailing list