[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-10997
Salvatore Bonaccorso
carnil at debian.org
Sun May 3 07:46:54 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
47df6df5 by Salvatore Bonaccorso at 2020-05-03T08:44:33+02:00
Update status for CVE-2020-10997
As found the issue was introduced in 2.4.11 when trasition keys
functionality was introduced.
Double-checked and affected versions were never present in Debian as
removed last version updated in unstable was 2.2.3 based. Thus we can
mark as no suite affected in this case.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4877,9 +4877,9 @@ CVE-2020-10999
CVE-2020-10998
RESERVED
CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...)
- - percona-xtrabackup <removed>
- [jessie] - percona-xtrabackup <not-affected> (Vulnerable code introduced in version 2.4.11)
+ - percona-xtrabackup <not-affected> (Vulnerable code introduced later)
NOTE: https://jira.percona.com/browse/PXB-2142
+ NOTE: Introduced in: https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13 (percona-xtrabackup-2.4.11)
NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/
CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. ...)
TODO: check
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df6df5e355063ef6be21caa968f6bfa7a0beb9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df6df5e355063ef6be21caa968f6bfa7a0beb9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200503/6c15860b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list