[Git][security-tracker-team/security-tracker][master] 2 commits: Remove note on already fully rejected CVE

Fri Sep 25 20:13:04 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c885282f by Salvatore Bonaccorso at 2020-09-25T21:07:47+02:00
Remove note on already fully rejected CVE

As the later mentioned CVE was fully rejected at MITRE level already we
should not further encourage to reference that somewhere, drop the note
in meanwhile (the rejected CVE was withdrawn furthermore by it's
assigning CNA back). The issue attached is ignored or no-dsa and fixed
in later versions, so we are fine for the further processings.

- - - - -
7ec3ec6f by Salvatore Bonaccorso at 2020-09-25T21:11:51+02:00
Track fixed version for CVE-2020-1722/freeipa

Note we use 4.8.8-2 here as the 4.8.8-1 upload apparently never hit the
archive, the first source ever entering unstable with the fix was thus
4.8.8-2.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59895,7 +59895,7 @@ CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw
 CVE-2020-1723
 	RESERVED
 CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...)
-	- freeipa <unfixed> (bug #966200)
+	- freeipa 4.8.8-2 (bug #966200)
 	[buster] - freeipa <no-dsa> (Minor issue)
 	NOTE: https://pagure.io/freeipa/issue/8268
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071
@@ -120967,7 +120967,6 @@ CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
-	NOTE: according to this Redhat bug, this is a duplicate of CVE-2018-10754, which has been rejected
 CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...)
 	{DSA-4670-1 DLA-1680-1}
 	- tiff 4.0.10-4 (bug #913675)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ea7fcf1b63e0ed3ede31ff7c6938975d1a5b220d...7ec3ec6fe7fe733a342e2004e617f0f53d00590a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ea7fcf1b63e0ed3ede31ff7c6938975d1a5b220d...7ec3ec6fe7fe733a342e2004e617f0f53d00590a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200925/9e6cde65/attachment-0001.html>
