[Git][security-tracker-team/security-tracker][master] new ansible issue

Moritz Muehlenhoff jmm at debian.org
Fri May 15 08:23:06 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
651df17f by Moritz Muehlenhoff at 2020-05-15T09:22:36+02:00
new ansible issue
new pip non issue
new issue in ITPd kibana
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6459,8 +6459,11 @@ CVE-2020-10745
 	RESERVED
 CVE-2020-10744
 	RESERVED
+	- ansible <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566
 CVE-2020-10743
 	RESERVED
+	- kibana <itp> (bug #700337)
 CVE-2020-10742
 	RESERVED
 	- linux <undetermined>
@@ -32410,6 +32413,7 @@ CVE-2020-1162
 	RESERVED
 CVE-2020-1161
 	RESERVED
+	NOT-FOR-US: Microsoft .NET
 CVE-2020-1160
 	RESERVED
 CVE-2020-1159
@@ -32516,6 +32520,7 @@ CVE-2020-1109
 	RESERVED
 CVE-2020-1108
 	RESERVED
+	NOT-FOR-US: Microsoft .NET
 CVE-2020-1107
 	RESERVED
 CVE-2020-1106
@@ -80309,7 +80314,9 @@ CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a
 CVE-2018-20226 (An organization administrator can add a super administrator in THEHIVE ...)
 	NOT-FOR-US: THEHIVE
 CVE-2018-20225 (An issue was discovered in pip (all versions) because it installs the  ...)
-	TODO: check
+	- python-pip <unfixed> (unimportant)
+	NOTE: https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html
+	NOTE: pip is inherently affected by malicious packages, use packages from Debian instead :-)
 CVE-2018-20224
 	RESERVED
 CVE-2018-20223



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651df17fbe481dd8249c09fc89081120f70ab2c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651df17fbe481dd8249c09fc89081120f70ab2c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200515/3a7b2191/attachment.html>


More information about the debian-security-tracker-commits mailing list