[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2020-15862/net-snmp

Thu Jul 30 13:14:54 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
678d1646 by Salvatore Bonaccorso at 2020-07-28T06:15:35+02:00
Add CVE-2020-15862/net-snmp

- - - - -
a5bb4cd7 by Salvatore Bonaccorso at 2020-07-30T14:10:37+02:00
Merge branch 'net-snmp-priv-escalation' into master

- - - - -
f9f2d289 by Salvatore Bonaccorso at 2020-07-30T14:13:05+02:00
Remove workaround with CVE-2020-15862 assignment

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -631,8 +631,6 @@ CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 0
 	[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
-CVE-2020-15862
-	RESERVED
 CVE-2020-15861
 	RESERVED
 CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic  ...)
@@ -729,9 +727,8 @@ CVE-2020-15818
 	RESERVED
 CVE-2020-15817
 	RESERVED
-CVE-2020-XXXX [privilege escalation]
+CVE-2020-15862 [privilege escalation]
 	- net-snmp 5.8+dfsg-4 (bug #965166)
-	[stretch] - net-snmp 5.7.3+dfsg-1.7+deb9u2
 	NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07
 	NOTE: disables NET-SNMP-EXTEND-MIB support by default. But it is still
 	NOTE: possible to enable the MIB via --with-mib-modules configure option.


=====================================
data/DLA/list
=====================================
@@ -2,6 +2,7 @@
 	{CVE-2020-15954}
 	[stretch] - kdepim-runtime 4:16.04.2-2+deb9u1
 [30 Jul 2020] DLA-2299-1 net-snmp - security update
+	{CVE-2020-15862}
 	[stretch] - net-snmp 5.7.3+dfsg-1.7+deb9u2
 [29 Jul 2020] DLA-2298-1 libapache2-mod-auth-openidc - security update
 	{CVE-2019-14857 CVE-2019-20479 CVE-2019-1010247}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ae1d6c451b554bc264f2701bec4f8f46a42a450...f9f2d289982e5912312936f97b6e203e0ae9d856

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ae1d6c451b554bc264f2701bec4f8f46a42a450...f9f2d289982e5912312936f97b6e203e0ae9d856
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200730/7fb67252/attachment-0001.html>
