[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-15719/openldap as unimportant

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6d0bd0f by Salvatore Bonaccorso at 2020-07-17T06:46:05+02:00
Mark CVE-2020-15719/openldap as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -184,11 +184,11 @@ CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855273
 	NOTE: https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72
 CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a certificate-val ...)
-	- openldap <unfixed> (low)
-	[buster] - openldap <no-dsa> (Minor issue)
+	- openldap <unfixed> (unimportant)
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9266 (private)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1740070
 	NOTE: RedHat/CentOS Patch: https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch
+	NOTE: Affected file is compiled but Debian openssl uses GnuTLS.
 CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
 	NOT-FOR-US: RosarioSIS
 CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d0bd0f25c1df5c0dcd8076ba9a305f2a483b3e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d0bd0f25c1df5c0dcd8076ba9a305f2a483b3e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200717/b87c92cd/attachment.html>