[Git][security-tracker-team/security-tracker][master] NFU

Moritz Muehlenhoff jmm at debian.org
Mon Sep 14 13:58:44 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
769ad082 by Moritz Muehlenhoff at 2020-09-14T14:58:14+02:00
NFU
clarified older TODO for CNI plugins

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29978,6 +29978,7 @@ CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below.
 	- airflow <itp> (bug #819700)
 CVE-2020-11977
 	RESERVED
+	NOT-FOR-US: Apache Syncope
 CVE-2020-11976 (By crafting a special URL it is possible to make Wicket deliver unproc ...)
 	NOT-FOR-US: Apache Wicket
 CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the  ...)
@@ -84304,7 +84305,6 @@ CVE-2019-12107 (The upnp_event_prepare function in upnpevents.c in MiniUPnP Mini
 	- miniupnpd 2.1-6 (bug #930050)
 	[stretch] - miniupnpd 1.8.20140523-4.1+deb9u2
 	NOTE: https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94
-	TODO: check, might affect minidlna
 CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and ...)
 	{DLA-1805-1}
 	- minissdpd 1.5.20190210-1 (bug #929297)
@@ -90460,9 +90460,10 @@ CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a
 	NOTE: Patch 2.7: https://github.com/python/cpython/commit/bb8071a4cae5ab3fe321481dd3d73662ffb26052
 CVE-2019-9946 (Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ...)
 	- kubernetes 1.17.4-1
-	- golang-github-containernetworking-plugins <undetermined>
+	- golang-github-containernetworking-plugins <not-affected> (Fixed before initial upload)
+	- singularity-container 3.5.0+ds1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1692712
-	TODO: singularity-container seems to embed as well a copy of cni
+	NOTE: singularity-container embeds a copy, but switched to packaged one in 3.5.0+ds1-1, marking as fixed
 CVE-2019-9945 (SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGI ...)
 	NOT-FOR-US: SoftNAS Cloud
 CVE-2019-9944 (In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the r ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/769ad0823ff056f04e716ec04e57f317014ef9de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/769ad0823ff056f04e716ec04e57f317014ef9de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200914/6f437b64/attachment.html>

More information about the debian-security-tracker-commits mailing list