[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-12105/openconnect
Salvatore Bonaccorso
carnil at debian.org
Sat May 2 13:54:02 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4cec4242 by Salvatore Bonaccorso at 2020-05-02T14:53:35+02:00
Update status for CVE-2020-12105/openconnect
Debian packages are build to use GnuTLS rather than OpenSSL and the
issue only arises with OpenSSL builds of OpenConnect. Thus the issue
does not affect the binary packages built in Debian and can be marked
unimportant.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1141,9 +1141,10 @@ CVE-2020-12107
CVE-2020-12106
RESERVED
CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...)
- - openconnect <unfixed>
- [jessie] - openconnect <no-dsa> (Minor issue)
+ - openconnect <unfixed> (unimportant; bug #959428)
NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96
+ NOTE: Only an issue if building with OpenSSL, where Debian binary packages use
+ NOTE: GnuTLS.
CVE-2020-12104
RESERVED
CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cec4242cb4dd8e51be297f80d3a65e9a13d6bd4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cec4242cb4dd8e51be297f80d3a65e9a13d6bd4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200502/ecb68b3c/attachment.html>
More information about the debian-security-tracker-commits
mailing list