[Git][security-tracker-team/security-tracker][master] Add CVE-2020-12062 and mark it unimportant with negligible impact

Salvatore Bonaccorso carnil at debian.org
Tue Jun 2 18:44:24 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f3cdfc2 by Salvatore Bonaccorso at 2020-06-02T19:43:41+02:00
Add CVE-2020-12062 and mark it unimportant with negligible impact

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3920,7 +3920,12 @@ CVE-2020-12063 (** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12
 	NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals
 CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ...)
-	TODO: check
+	- openssh <unfixed> (unimportant)
+	NOTE: https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1
+	NOTE: https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894
+	NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1
+	NOTE: Negligible security impact, a malicious peer can achieve no more than already
+	NOTE: able o achieve within the scp protocol.
 CVE-2020-12061
 	RESERVED
 CVE-2020-12060



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3cdfc2c479b7705198b442dbc4dfe77aec341c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3cdfc2c479b7705198b442dbc4dfe77aec341c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200602/6218d34c/attachment.html>


More information about the debian-security-tracker-commits mailing list