[Git][security-tracker-team/security-tracker][master] Reference commits for CVE-2020-13920/activemq

Fri Sep 11 20:15:05 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
863c7a65 by Salvatore Bonaccorso at 2020-09-11T21:13:23+02:00
Reference commits for CVE-2020-13920/activemq

Reference both commits the initial commit for CVE-2020-13920 but as well
the followup comit from 5.15.13 which fixes a regression leading to the
CVE-2020-11998 assignment for ActiveMQ.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24397,6 +24397,8 @@ CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create t
 	NOTE: When fixing this issue make sure to use a complete fix and not open up
 	NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit preventing
 	NOTE: JMX re-bind).
+	NOTE: Fixed by:  https://github.com/apache/activemq/commit/c29244931d54affaceabb478b3a52d9b74f5d543 (activemq-5.15.12)
+	NOTE: Followup needed: https://github.com/apache/activemq/commit/0d6e5f240ef34bae2e4089102047593bef628e6c (activemq-5.15.13)
 CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...)
 	NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/863c7a656e7da69a68f96ff5772b94abcab4a91b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/863c7a656e7da69a68f96ff5772b94abcab4a91b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200911/fd9b103e/attachment.html>
