[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11979/ant
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 2 13:23:47 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fbb95f9c by Salvatore Bonaccorso at 2020-10-02T14:23:05+02:00
Add CVE-2020-11979/ant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32259,7 +32259,11 @@ CVE-2020-11981 (An issue was found in Apache Airflow versions 1.10.10 and below.
CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and authorization ...)
- apache-karaf <itp> (bug #881297)
CVE-2020-11979 (As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissi ...)
- TODO: check
+ - ant <unfixed>
+ [buster] - ant <not-affected> (Vulnerability not present as CVE-2020-1945 not addressed)
+ [stretch] - ant <not-affected> (Vulnerability not present as CVE-2020-1945 not addressed)
+ NOTE: https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E
+ NOTE: Issue is pesent depending on if CVE-2020-1945 was fixed.
CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below. A rem ...)
- airflow <itp> (bug #819700)
CVE-2020-11977 (In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable ext ...)
@@ -59854,6 +59858,7 @@ CVE-2020-1945 (Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default te
NOTE: https://github.com/apache/ant/commit/041b058c7bf10a94d56db3ca9dba38cf90ab9943 (10.8)
NOTE: https://github.com/apache/ant/commit/a8645a151bc706259fb1789ef587d05482d98612 (10.8)
NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (10.8)
+ NOTE: Adressing CVE-2020-1945 introduces a new issue CVE-2020-11979.
CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbb95f9c134fc53d0ba263f02f521efcd2c2c0aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbb95f9c134fc53d0ba263f02f521efcd2c2c0aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201002/fe0c7064/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list