[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-11291 CVE-2021-32718 CVE-2021-32719 as not-affected for stretch
Abhijith PA (@abhijith)
abhijith at debian.org
Sat Jul 10 09:37:19 BST 2021
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1c0f1f2b by Abhijith PA at 2021-07-10T14:05:24+05:30
Mark CVE-2019-11291 CVE-2021-32718 CVE-2021-32719 as not-affected for stretch
Add commits for CVE-2019-11291. Remove no-dsa tag for rest
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8243,10 +8243,12 @@ CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. I
NOT-FOR-US: Sylius
CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
- rabbitmq-server <unfixed> (bug #990524)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122
CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
- rabbitmq-server <unfixed> (bug #990524)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028
CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...)
@@ -145122,8 +145124,10 @@ CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...)
- rabbitmq-server 3.8.3-1 (bug #945601)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
[jessie] - rabbitmq-server <postponed> (Minor issue)
+ NOTE: https://github.com/rabbitmq/rabbitmq-shovel-management/commit/c22992b289dddadba866ac2b7fc697bc66847e4f
+ NOTE: https://github.com/rabbitmq/rabbitmq-federation-management/commit/52bf0ffbb8695060b1ae909266b9b62717e7ba2d
NOTE: https://pivotal.io/security/cve-2019-11291
CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query p ...)
NOT-FOR-US: Cloud Foundry
@@ -145134,7 +145138,6 @@ CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versi
CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...)
- rabbitmq-server 3.8.3-1 (bug #945600)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <postponed> (Minor issue)
NOTE: https://pivotal.io/security/cve-2019-11287
CVE-2019-11286 (VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and ...)
@@ -145150,7 +145153,6 @@ CVE-2019-11282 (Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoi
CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...)
- rabbitmq-server 3.7.18-1 (low)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue; one plugin not vulnerable, the other only exploitable by malicious admin)
NOTE: https://pivotal.io/security/cve-2019-11281
NOTE: fix for vhost limit feature: https://github.com/rabbitmq/rabbitmq-management/commit/42def1b51243397c1cb9192d6d064351e358bacc
@@ -270232,19 +270234,16 @@ CVE-2017-4968
REJECTED
CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
- rabbitmq-server 3.6.10-1 (low; bug #863586)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
- rabbitmq-server 3.6.10-1 (low; bug #863586)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9)
NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0)
CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
- rabbitmq-server 3.6.10-1 (low; bug #863586)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0f1f2bc6e675b64eb3fdb4b9e84efbcc4285f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0f1f2bc6e675b64eb3fdb4b9e84efbcc4285f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210710/f8e34f78/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list