[Git][security-tracker-team/security-tracker][master] 2 commits: Move kibana entry to CVE-2020-26296

Thu Feb 25 20:54:39 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05c229fb by Salvatore Bonaccorso at 2021-02-25T21:52:30+01:00
Move kibana entry to CVE-2020-26296

Upstream advisory
https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
references CVE-2020-26296 and CVE-2021-26296 seems to be for Apache
MyFaces as per https://www.openwall.com/lists/oss-security/2021/02/18/5
..

- - - - -
6cc6e071 by Salvatore Bonaccorso at 2021-02-25T21:54:11+01:00
Mark CVE-2021-26296 as NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3281,8 +3281,7 @@ CVE-2021-26298
 CVE-2021-26297
 	RESERVED
 CVE-2021-26296 (In the default configuration, Apache MyFaces Core versions 2.2.0 to 2. ...)
-	- kibana <itp> (bug #700337)
-	NOTE: https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
+	NOT-FOR-US: Apache MyFaces
 CVE-2021-26295
 	RESERVED
 CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). W ...)
@@ -32718,7 +32717,8 @@ CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpe
 CVE-2020-26297 (mdBook is a utility to create modern online books from Markdown files  ...)
 	NOT-FOR-US: mdBook
 CVE-2020-26296 (Vega is a visualization grammar, a declarative format for creating, sa ...)
-	NOT-FOR-US: Node vega
+	- kibana <itp> (bug #700337)
+	NOTE: https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
 CVE-2020-26295 (OpenMage is a community-driven alternative to Magento CE. In OpenMage  ...)
 	NOT-FOR-US: OpenMage
 CVE-2020-26294 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b2113edf78f3d7f90e38698ff7086e150c19790...6cc6e0712edc8f4365e1c045409a877bb1daa1dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b2113edf78f3d7f90e38698ff7086e150c19790...6cc6e0712edc8f4365e1c045409a877bb1daa1dd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210225/65ebbedc/attachment.htm>
