[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-12105/openconnect

Salvatore Bonaccorso carnil at debian.org
Sat May 2 13:54:02 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4cec4242 by Salvatore Bonaccorso at 2020-05-02T14:53:35+02:00
Update status for CVE-2020-12105/openconnect

Debian packages are build to use GnuTLS rather than OpenSSL and the
issue only arises with OpenSSL builds of OpenConnect. Thus the issue
does not affect the binary packages built in Debian and can be marked
unimportant.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1141,9 +1141,10 @@ CVE-2020-12107
 CVE-2020-12106
 	RESERVED
 CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...)
-	- openconnect <unfixed>
-	[jessie] - openconnect <no-dsa> (Minor issue)
+	- openconnect <unfixed> (unimportant; bug #959428)
 	NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96
+	NOTE: Only an issue if building with OpenSSL, where Debian binary packages use
+	NOTE: GnuTLS.
 CVE-2020-12104
 	RESERVED
 CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cec4242cb4dd8e51be297f80d3a65e9a13d6bd4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cec4242cb4dd8e51be297f80d3a65e9a13d6bd4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200502/ecb68b3c/attachment.html>


More information about the debian-security-tracker-commits mailing list