Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4cec4242 by Salvatore Bonaccorso at 2020-05-02T14:53:35+02:00
Update status for CVE-2020-12105/openconnect
Debian packages are build to use GnuTLS rather than OpenSSL and the
issue only arises with OpenSSL builds of OpenConnect. Thus the issue
does not affect the binary packages built in Debian and can be marked
unimportant.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1141,9 +1141,10 @@ CVE-2020-12107
CVE-2020-12106
RESERVED
CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values
from X509_c ...)
- - openconnect <unfixed>
- [jessie] - openconnect <no-dsa> (Minor issue)
+ - openconnect <unfixed> (unimportant; bug #959428)
NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96
+ NOTE: Only an issue if building with OpenSSL, where Debian binary
packages use
+ NOTE: GnuTLS.
CVE-2020-12104
RESERVED
CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the
ajax file b ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cec4242cb4dd8e51be297f80d3a65e9a13d6bd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cec4242cb4dd8e51be297f80d3a65e9a13d6bd4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
