[Git][security-tracker-team/security-tracker][master] new vague mistral issue

Moritz Muehlenhoff Thu, 11 Jun 2020 23:49:10 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
28e8458c by Moritz Muehlenhoff at 2020-06-12T08:47:42+02:00
new vague mistral issue
NFUs (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9402,8 +9402,10 @@ CVE-2020-10773
        RESERVED
 CVE-2020-10772
        RESERVED
+       - unbound <not-affected> (Red Hat specific regression in backport)
 CVE-2020-10771
        RESERVED
+       NOT-FOR-US: Infinispan
 CVE-2020-10770
        RESERVED
 CVE-2020-10769
@@ -9480,6 +9482,7 @@ CVE-2020-10753
        RESERVED
 CVE-2020-10752
        RESERVED
+       NOT-FOR-US: OpenShift
 CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook 
implementation  ...)
        {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
        - linux 5.6.14-1
@@ -16838,7 +16841,7 @@ CVE-2020-7663 (websocket-extensions ruby module prior 
to 0.1.5 allows Denial of
        NOTE: 
https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
        NOTE: 
https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
 CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of 
Servic ...)
-       TODO: check
+       NOT-FOR-US: Node websocket-extensions
 CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression 
Denial  ...)
        TODO: check
 CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to 
inject  ...)
@@ -22124,7 +22127,7 @@ CVE-2020-5412
 CVE-2020-5411 (When configured to enable default typing, Jackson contained a 
deserial ...)
        TODO: check
 CVE-2020-5410 (Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 
2.1.x pri ...)
-       TODO: check
+       NOT-FOR-US: Spring Cloud Config
 CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows 
redirects to u ...)
        NOT-FOR-US: Pivotal
 CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 
5.2.4, 5 ...)
@@ -99956,6 +99959,8 @@ CVE-2018-16849 (A flaw was found in openstack-mistral. 
By manipulating the SSH p
        NOTE: https://bugs.launchpad.net/mistral/+bug/1783708
 CVE-2018-16848
        RESERVED
+       - mistral <undetermined>
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1645332
 CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM 
Express Contr ...)
        - qemu 1:3.1+dfsg-1 (bug #912655)
        [stretch] - qemu <not-affected> (support for Controller Memory Buffers 
added later)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8458c27af64f2ea13806043ecc7c5d221e4ed

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8458c27af64f2ea13806043ecc7c5d221e4ed
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new vague mistral issue

Reply via email to