Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 36b8d8b8 by Salvatore Bonaccorso at 2020-04-24T14:54:47+02:00 Track fixed version for CVE-2020-12059/ceph In upstream dc808953f2f1 ("rgw: rework lifecycle parsing")[1] which is contained in v14.1.0 the code was modified to use the new style xml parsing, and the issue does not affect the 14.x series. The CVE though affect all v13.2.x and fixed in v13.2.10 and as well the v13.2.x (potentially as well the older series, but this is not yet checked). [1]: <https://github.com/ceph/ceph/commit/dc808953f2f1d12a2bb587f388598ca3e8a0b440 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -167,10 +167,10 @@ CVE-2020-12061 CVE-2020-12060 RESERVED CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...) - - ceph <unfixed> + - ceph 14.2.4-1 NOTE: https://tracker.ceph.com/issues/44967 NOTE: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 - TODO: check affected versions + NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing. CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...) - teeworlds <unfixed> [jessie] - teeworlds <end-of-life> (Not supported in jessie LTS) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b8d8b81e5e6b4888aa0db1e0beb8809c5ccf49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b8d8b81e5e6b4888aa0db1e0beb8809c5ccf49 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
