[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-{11998,13920}/activemq

Salvatore Bonaccorso carnil at debian.org
Fri Sep 11 20:08:17 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b574197b by Salvatore Bonaccorso at 2020-09-11T21:07:41+02:00
Update status for CVE-2020-{11998,13920}/activemq

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24394,6 +24394,9 @@ CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking
 CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...)
 	- activemq <unfixed>
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
+	NOTE: When fixing this issue make sure to use a complete fix and not open up
+	NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit preventing
+	NOTE: JMX re-bind).
 CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...)
 	NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through  ...)
@@ -29342,7 +29345,7 @@ CVE-2020-12000 (The affected product is vulnerable to the handling of serialized
 CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
 	NOT-FOR-US: FactoryTalk
 CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re-bind. ...)
-	- activemq <unfixed>
+	- activemq <not-affected> (Only affects 5.15.12)
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
 CVE-2020-11997
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b574197b1ab84eae97a73b234079fd26212a9731

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b574197b1ab84eae97a73b234079fd26212a9731
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200911/321ec6f7/attachment.html>

More information about the debian-security-tracker-commits mailing list