[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-14326

Sat Dec 4 18:35:32 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60280bd3 by Salvatore Bonaccorso at 2021-12-04T19:35:05+01:00
Update status for CVE-2020-14326

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106993,10 +106993,12 @@ CVE-2020-14328 (A flaw was found in Ansible Tower in versions before 3.7.2. A Se
 CVE-2020-14327 (A Server-side request forgery (SSRF) flaw was found in Ansible Tower i ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2020-14326 (A vulnerability was found in RESTEasy, where RootNode incorrectly cach ...)
-	- resteasy <undetermined>
-	- resteasy3.0 <undetermined>
+	- resteasy <not-affected> (Vulnerable code introduced later)
+	- resteasy3.0 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855826
 	NOTE: https://issues.redhat.com/browse/RESTEASY-2643
+	NOTE: https://issues.redhat.com/browse/RESTEASY-2646
+	NOTE: Introduced by: https://github.com/resteasy/Resteasy/commit/f948c45f4ebe00531f858e289d17664bc2edd496 (4.2.0.Final)
 CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Imperson ...)
 	NOT-FOR-US: Red Hat CloudForm
 CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60280bd3e6eb2decead392d25cbcaf5c1a993c57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60280bd3e6eb2decead392d25cbcaf5c1a993c57
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211204/4abf0ec6/attachment-0001.htm>
