[Git][security-tracker-team/security-tracker][master] new vague mistral issue
Moritz Muehlenhoff
jmm at debian.org
Fri Jun 12 07:48:19 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
28e8458c by Moritz Muehlenhoff at 2020-06-12T08:47:42+02:00
new vague mistral issue
NFUs (concludes external check)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9402,8 +9402,10 @@ CVE-2020-10773
RESERVED
CVE-2020-10772
RESERVED
+ - unbound <not-affected> (Red Hat specific regression in backport)
CVE-2020-10771
RESERVED
+ NOT-FOR-US: Infinispan
CVE-2020-10770
RESERVED
CVE-2020-10769
@@ -9480,6 +9482,7 @@ CVE-2020-10753
RESERVED
CVE-2020-10752
RESERVED
+ NOT-FOR-US: OpenShift
CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation ...)
{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
@@ -16838,7 +16841,7 @@ CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of
NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
NOTE: https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of Servic ...)
- TODO: check
+ NOT-FOR-US: Node websocket-extensions
CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial ...)
TODO: check
CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject ...)
@@ -22124,7 +22127,7 @@ CVE-2020-5412
CVE-2020-5411 (When configured to enable default typing, Jackson contained a deserial ...)
TODO: check
CVE-2020-5410 (Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x pri ...)
- TODO: check
+ NOT-FOR-US: Spring Cloud Config
CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...)
NOT-FOR-US: Pivotal
CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5 ...)
@@ -99956,6 +99959,8 @@ CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH p
NOTE: https://bugs.launchpad.net/mistral/+bug/1783708
CVE-2018-16848
RESERVED
+ - mistral <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1645332
CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express Contr ...)
- qemu 1:3.1+dfsg-1 (bug #912655)
[stretch] - qemu <not-affected> (support for Controller Memory Buffers added later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8458c27af64f2ea13806043ecc7c5d221e4ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8458c27af64f2ea13806043ecc7c5d221e4ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200612/42181da2/attachment.html>
More information about the debian-security-tracker-commits
mailing list