[Git][security-tracker-team/security-tracker][master] new ansible issue
Moritz Muehlenhoff
jmm at debian.org
Fri May 15 08:23:06 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
651df17f by Moritz Muehlenhoff at 2020-05-15T09:22:36+02:00
new ansible issue
new pip non issue
new issue in ITPd kibana
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6459,8 +6459,11 @@ CVE-2020-10745
RESERVED
CVE-2020-10744
RESERVED
+ - ansible <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566
CVE-2020-10743
RESERVED
+ - kibana <itp> (bug #700337)
CVE-2020-10742
RESERVED
- linux <undetermined>
@@ -32410,6 +32413,7 @@ CVE-2020-1162
RESERVED
CVE-2020-1161
RESERVED
+ NOT-FOR-US: Microsoft .NET
CVE-2020-1160
RESERVED
CVE-2020-1159
@@ -32516,6 +32520,7 @@ CVE-2020-1109
RESERVED
CVE-2020-1108
RESERVED
+ NOT-FOR-US: Microsoft .NET
CVE-2020-1107
RESERVED
CVE-2020-1106
@@ -80309,7 +80314,9 @@ CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a
CVE-2018-20226 (An organization administrator can add a super administrator in THEHIVE ...)
NOT-FOR-US: THEHIVE
CVE-2018-20225 (An issue was discovered in pip (all versions) because it installs the ...)
- TODO: check
+ - python-pip <unfixed> (unimportant)
+ NOTE: https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html
+ NOTE: pip is inherently affected by malicious packages, use packages from Debian instead :-)
CVE-2018-20224
RESERVED
CVE-2018-20223
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651df17fbe481dd8249c09fc89081120f70ab2c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651df17fbe481dd8249c09fc89081120f70ab2c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200515/3a7b2191/attachment.html>
More information about the debian-security-tracker-commits
mailing list