[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2020-7921 in mongodb for jessie LTS.

Mon Jun 8 12:44:23 BST 2020


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f426356 by Chris Lamb at 2020-06-08T12:25:41+01:00
Triage CVE-2020-7921 in mongodb for jessie LTS.

- - - - -
92c9a529 by Chris Lamb at 2020-06-08T12:30:24+01:00
data/dla-needed.txt: Triage libpam-tacplus for jessie LTS.

- - - - -
0fd2fb39 by Chris Lamb at 2020-06-08T12:40:23+01:00
data/dla-needed.txt: Claim libpam-tacplus.

- - - - -
0c4d4299 by Chris Lamb at 2020-06-08T12:43:11+01:00
Triage CVE-2020-12245 & CVE-2020-10996 for pdns-recursor in jessie LTS.

Note that this package is EOL in stretch (see DSA 4691).

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4041,6 +4041,7 @@ CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or
 CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...)
 	{DSA-4691-1}
 	- pdns-recursor 4.3.1-1
+	[jessie] - pdns-recursor <not-affected> (Vulnerable code added later)
 	[stretch] - pdns-recursor <end-of-life> (No longer supported, see DSA 4691)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
@@ -8288,6 +8289,7 @@ CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-
 CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...)
 	{DSA-4691-1}
 	- pdns-recursor 4.3.1-1
+	[jessie] - pdns-recursor <not-affected> (Vulnerable code added later)
 	[stretch] - pdns-recursor <end-of-life> (No longer supported, see DSA 4691)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
@@ -15886,6 +15888,7 @@ CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes
 	NOT-FOR-US: MongoDB Enterprise
 CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...)
 	- mongodb <removed>
+	[jessie] - mongodb <no-dsa> (Minor issue)
 	[stretch] - mongodb <no-dsa> (Minor issue)
 	NOTE: https://jira.mongodb.org/browse/SERVER-45472
 CVE-2019-20419


=====================================
data/dla-needed.txt
=====================================
@@ -81,6 +81,8 @@ libmatio (Adrian Bunk)
   NOTE: 20190428: older changes seem to also be required for them
   NOTE: 20200518: work is ongoing (bunk)
 --
+libpam-tacplus (Chris Lamb)
+--
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00695402e873f053cee6449a2f943795fd892efd...0c4d429985092489886b1b016da364a99de95c8e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00695402e873f053cee6449a2f943795fd892efd...0c4d429985092489886b1b016da364a99de95c8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200608/001d2fa2/attachment.html>
