Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0d1d96c9 by Salvatore Bonaccorso at 2020-06-30T06:37:19+02:00 Clarify associations between CVE-2020-1957 and CVE-2020-11989 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8180,7 +8180,9 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1 NOTE: https://github.com/apache/shiro/pull/211 NOTE: https://issues.apache.org/jira/browse/SHIRO-753 - TODO: checking with shiro security team + NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue + NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This + NOTE: CVE is closely related to CVE-2020-1957. CVE-2020-11988 RESERVED CVE-2020-11987 @@ -35194,6 +35196,8 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dy NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322 + NOTE: Fix for CVE-2020-1957 introduces a (security sensitive) encoding issue + NOTE: resulting in a followup release 1.5.3. CVE-2020-1956 (Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restfu ...) NOT-FOR-US: Apache Kylin CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting that go ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d1d96c9bf366e3dc6221e3f7a4c614bb2ff4b87 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d1d96c9bf366e3dc6221e3f7a4c614bb2ff4b87 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits