[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed version for CVE-2020-13987, CVE-2020-13988 and CVE-2020-17437

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9bd5aae by Salvatore Bonaccorso at 2020-12-24T06:00:16+01:00
Track fixed version for CVE-2020-13987, CVE-2020-13988 and CVE-2020-17437

- - - - -
faa06ed9 by Salvatore Bonaccorso at 2020-12-24T06:04:15+01:00
De-associate some CVEs which are not affecting open-iscsi according to upstream

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21392,13 +21392,8 @@ CVE-2020-24336 (An issue was discovered in Contiki through 3.0 and Contiki-NG th
 	NOT-FOR-US: Contiki
 CVE-2020-24335
 	RESERVED
-	- open-iscsi <unfixed>
-	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
-	NOTE: Adressed upstream in 2.1.3 release
 CVE-2020-24334 (The code that processes DNS responses in uIP through 1.0, as used in C ...)
-	- open-iscsi <unfixed>
-	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
-	NOTE: Adressed upstream in 2.1.3 release
+	NOT-FOR-US: uIP
 CVE-2020-24333 (A vulnerability in Arista’s CloudVision Portal (CVP) prior to 20 ...)
 	NOT-FOR-US: Arista
 CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
@@ -35306,19 +35301,13 @@ CVE-2020-17442 (An issue was discovered in picoTCP 1.7.0. The code for parsing t
 CVE-2020-17441 (An issue was discovered in picoTCP 1.7.0. The code for processing the  ...)
 	NOT-FOR-US: picoTCP
 CVE-2020-17440 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
-	- open-iscsi <unfixed>
-	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
-	NOTE: Adressed upstream in 2.1.3 release
+	NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi)
 CVE-2020-17439 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
-	- open-iscsi <unfixed>
-	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
-	NOTE: Adressed upstream in 2.1.3 release
+	NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi)
 CVE-2020-17438 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
-	- open-iscsi <unfixed>
-	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
-	NOTE: Adressed upstream in 2.1.3 release
+	NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi)
 CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
-	- open-iscsi <unfixed>
+	- open-iscsi 2.1.3-1
 	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
 	NOTE: Adressed upstream in 2.1.3 release
 CVE-2020-17436
@@ -44078,10 +44067,12 @@ CVE-2020-13990
 CVE-2020-13989
 	RESERVED
 CVE-2020-13988 (An issue was discovered in Contiki through 3.0. An Integer Overflow ex ...)
+	- open-iscsi 2.1.3-1
 	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
 	NOTE: Adressed upstream in 2.1.3 release
 CVE-2020-13987 (An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read  ...)
-	- open-iscsi <unfixed>
+	- open-iscsi 2.1.3-1
+	NOTE: https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp
 	NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
 	NOTE: Adressed upstream in 2.1.3 release
 CVE-2020-13986 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c62950d7dee201a4513c9f818a14e7629bbccc63...faa06ed9d4c459ba97dc7709d477f81b7dc76421

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c62950d7dee201a4513c9f818a14e7629bbccc63...faa06ed9d4c459ba97dc7709d477f81b7dc76421
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201224/5f7659b0/attachment.html>