[Git][security-tracker-team/security-tracker][master] new vague mistral issue

Fri Jun 12 07:48:19 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28e8458c by Moritz Muehlenhoff at 2020-06-12T08:47:42+02:00
new vague mistral issue
NFUs (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9402,8 +9402,10 @@ CVE-2020-10773
 	RESERVED
 CVE-2020-10772
 	RESERVED
+	- unbound <not-affected> (Red Hat specific regression in backport)
 CVE-2020-10771
 	RESERVED
+	NOT-FOR-US: Infinispan
 CVE-2020-10770
 	RESERVED
 CVE-2020-10769
@@ -9480,6 +9482,7 @@ CVE-2020-10753
 	RESERVED
 CVE-2020-10752
 	RESERVED
+	NOT-FOR-US: OpenShift
 CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation  ...)
 	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.6.14-1
@@ -16838,7 +16841,7 @@ CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of
 	NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
 	NOTE: https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
 CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of Servic ...)
-	TODO: check
+	NOT-FOR-US: Node websocket-extensions
 CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial  ...)
 	TODO: check
 CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject  ...)
@@ -22124,7 +22127,7 @@ CVE-2020-5412
 CVE-2020-5411 (When configured to enable default typing, Jackson contained a deserial ...)
 	TODO: check
 CVE-2020-5410 (Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x pri ...)
-	TODO: check
+	NOT-FOR-US: Spring Cloud Config
 CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...)
 	NOT-FOR-US: Pivotal
 CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5 ...)
@@ -99956,6 +99959,8 @@ CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH p
 	NOTE: https://bugs.launchpad.net/mistral/+bug/1783708
 CVE-2018-16848
 	RESERVED
+	- mistral <undetermined>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1645332
 CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express Contr ...)
 	- qemu 1:3.1+dfsg-1 (bug #912655)
 	[stretch] - qemu <not-affected> (support for Controller Memory Buffers added later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8458c27af64f2ea13806043ecc7c5d221e4ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8458c27af64f2ea13806043ecc7c5d221e4ed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200612/42181da2/attachment.html>
