[Git][security-tracker-team/security-tracker][master] LTS: annotate CVE-2020-10997/percona-xtrabackup as not affecting jessie
Roberto C. Sánchez
roberto at debian.org
Sun May 3 03:24:41 BST 2020
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6f6ffbc1 by Roberto C. Sánchez at 2020-05-02T22:24:07-04:00
LTS: annotate CVE-2020-10997/percona-xtrabackup as not affecting jessie
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4878,6 +4878,7 @@ CVE-2020-10998
RESERVED
CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...)
- percona-xtrabackup <removed>
+ [jessie] - percona-xtrabackup <not-affected> (Vulnerable code introduced in version 2.4.11)
NOTE: https://jira.percona.com/browse/PXB-2142
NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/
CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. ...)
=====================================
data/dla-needed.txt
=====================================
@@ -75,8 +75,6 @@ ntp (Adrian Bunk)
opendmarc (Thorsten Alteholz)
NOTE: 20200420: still testing package, original patch does not seem to be enough, still ongoing
--
-percona-xtrabackup (Roberto C. Sánchez)
---
php5 (Thorsten Alteholz)
NOTE: 20200427: embedded software "file" needs fix for CVE-2019-18218
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f6ffbc1e3cb524d05ec8a631d29e72b0f2a7cd2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f6ffbc1e3cb524d05ec8a631d29e72b0f2a7cd2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200503/49bd3aef/attachment.html>
More information about the debian-security-tracker-commits
mailing list