[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-10997

Salvatore Bonaccorso carnil at debian.org
Sun May 3 07:46:54 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47df6df5 by Salvatore Bonaccorso at 2020-05-03T08:44:33+02:00
Update status for CVE-2020-10997

As found the issue was introduced in 2.4.11 when trasition keys
functionality was introduced.

Double-checked and affected versions were never present in Debian as
removed last version updated in unstable was 2.2.3 based. Thus we can
mark as no suite affected in this case.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4877,9 +4877,9 @@ CVE-2020-10999
 CVE-2020-10998
 	RESERVED
 CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...)
-	- percona-xtrabackup <removed>
-	[jessie] - percona-xtrabackup <not-affected> (Vulnerable code introduced in version 2.4.11)
+	- percona-xtrabackup <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jira.percona.com/browse/PXB-2142
+	NOTE: Introduced in: https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13 (percona-xtrabackup-2.4.11)
 	NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/
 CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. ...)
 	TODO: check



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df6df5e355063ef6be21caa968f6bfa7a0beb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df6df5e355063ef6be21caa968f6bfa7a0beb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200503/6c15860b/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list