[Git][security-tracker-team/security-tracker][master] 2 commits: Add information about CVE-2020-11997
Anton Gladky
gladk at debian.org
Sat Mar 6 18:47:23 GMT 2021
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3488b95f by Anton Gladky at 2021-03-06T18:47:12+00:00
Add information about CVE-2020-11997
- - - - -
d66c6a39 by Anton Gladky at 2021-03-06T18:47:15+00:00
Merge branch 'CVE-2020-11997' into 'master'
Add information about CVE-2020-11997
See merge request security-tracker-team/security-tracker!80
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -66265,9 +66265,14 @@ CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re
- activemq <not-affected> (Only affects 5.15.12)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
CVE-2020-11997 (Apache Guacamole 1.2.0 and earlier do not consistently restrict access ...)
- - guacamole-server 1.3.0-1
+ - guacamole-client <unfixed>
+ [stretch] - guacamole-client <ignored> (Minor issue; fix intrusive to backport)
NOTE: https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E
- TODO: check details, both guacamole-client and guacamole-server affected?
+ NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-1123
+ NOTE: https://github.com/apache/guacamole-client/pulls?q=is%3Apr+guacamole-1123+is%3Aclosed
+ NOTE: https://github.com/glyptodon/guacamole-client/pull/453
+ NOTE: https://enterprise.glyptodon.com/doc/latest/cve-2020-11997-inconsistent-restriction-of-connection-history-visibility-31424710.html
+ NOTE: https://enterprise.glyptodon.com/doc/1.x/changelog-950368.html#id-.Changelogv1.x-1.14
CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...)
{DSA-4727-1 DLA-2279-1}
- tomcat9 9.0.36-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/83a70fde230cc73e8e6eec90099144e8b334b51a...d66c6a39825330cf8959109fef6ec53ef5ec699e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/83a70fde230cc73e8e6eec90099144e8b334b51a...d66c6a39825330cf8959109fef6ec53ef5ec699e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210306/6c7f266f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list