Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
47df6df5 by Salvatore Bonaccorso at 2020-05-03T08:44:33+02:00
Update status for CVE-2020-10997
As found the issue was introduced in 2.4.11 when trasition keys
functionality was introduced.
Double-checked and affected versions were never present in Debian as
removed last version updated in unstable was 2.2.3 based. Thus we can
mark as no suite affected in this case.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4877,9 +4877,9 @@ CVE-2020-10999
CVE-2020-10998
RESERVED
CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the
command li ...)
- - percona-xtrabackup <removed>
- [jessie] - percona-xtrabackup <not-affected> (Vulnerable code
introduced in version 2.4.11)
+ - percona-xtrabackup <not-affected> (Vulnerable code introduced later)
NOTE: https://jira.percona.com/browse/PXB-2142
+ NOTE: Introduced in:
https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13
(percona-xtrabackup-2.4.11)
NOTE:
https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/
CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before
5.7.28-31.42. ...)
TODO: check
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df6df5e355063ef6be21caa968f6bfa7a0beb9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df6df5e355063ef6be21caa968f6bfa7a0beb9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
