[Git][security-tracker-team/security-tracker][master] Add todo for CVE-2020-20178, contact still ongoing

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c65f232d by Salvatore Bonaccorso at 2021-06-08T18:08:03+02:00
Add todo for CVE-2020-20178, contact still ongoing

To summarize status: CVE-2020-20178 in its description refers to
OpenLDAP. The bugzilla reference in the CVE entry though is for ansible,
and for the CVE-202*1*-20178 CVE. SuSE on the other hand references the
CVE to refer to another Red Hat bugzilla entry which covers
CVE-2021-27212.

Situation with CVE-2020-20178 needs to be resolved by its assigning CNA.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62817,6 +62817,7 @@ CVE-2020-20178 (A flaw was found in OpenLDAP. This flaw allows an attacker who c
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9454
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30
+	TODO: confusing CVE, description refers to OpenLDAP whilst referenced RH bug refers to CVE-2021-20178, MITRE contacted, above references from SuSE bugzilla, though duplicate of CVE-2021-27212, no reply yet from CNAs
 CVE-2020-20177
 	RESERVED
 CVE-2020-20176



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c65f232d4b9238a363d2839f5c6ca8c851e55ef6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c65f232d4b9238a363d2839f5c6ca8c851e55ef6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210608/fd9a1733/attachment-0001.htm>