[Git][security-tracker-team/security-tracker][master] Update CVE-2020-17495 and mark it unimportant and add NOTE

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 2 17:53:19 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b6d1698 by Salvatore Bonaccorso at 2022-02-02T18:53:00+01:00
Update CVE-2020-17495 and mark it unimportant and add NOTE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -112449,10 +112449,12 @@ CVE-2020-17497 (eapol.c in iNet wireless daemon (IWD) through 1.8 allows attacke
 CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...)
 	NOT-FOR-US: vBulletin
 CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...)
-	- python-django-celery-results <unfixed> (bug #968305)
-	[bullseye] - python-django-celery-results <no-dsa> (Minor issue)
-	[buster] - python-django-celery-results <no-dsa> (Minor issue)
+	- python-django-celery-results <unfixed> (unimportant; bug #968305)
 	NOTE: https://github.com/celery/django-celery-results/issues/142
+	NOTE: Disputed upstream as security vulnerablity, as it is up to the developers who uses
+	NOTE: sensitive information when calling celery tasks to provide suitable replacement argument
+	NOTE: through argsrepr and kwargsrepr as described in:
+	NOTE: https://github.com/celery/django-celery-results/issues/154#issuecomment-734706270
 CVE-2020-17494 (Untangle Firewall NG before 16.0 uses MD5 for passwords. ...)
 	NOT-FOR-US: Untangle Firewall NG
 CVE-2020-17493



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b6d1698261f544a930081c9347dcffa6c8ca880

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b6d1698261f544a930081c9347dcffa6c8ca880
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220202/d4103317/attachment.htm>

More information about the debian-security-tracker-commits mailing list