Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6d0bd0f by Salvatore Bonaccorso at 2020-07-17T06:46:05+02:00
Mark CVE-2020-15719/openldap as unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -184,11 +184,11 @@ CVE-2020-15720 (In Dogtag PKI through 10.8.3, the
pki.client.PKIConnection class
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855273
NOTE:
https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72
CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a
certificate-val ...)
- - openldap <unfixed> (low)
- [buster] - openldap <no-dsa> (Minor issue)
+ - openldap <unfixed> (unimportant)
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9266 (private)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1740070
NOTE: RedHat/CentOS Patch:
https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch
+ NOTE: Affected file is compiled but Debian openssl uses GnuTLS.
CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper
validation o ...)
NOT-FOR-US: RosarioSIS
CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper
validation o ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d0bd0f25c1df5c0dcd8076ba9a305f2a483b3e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d0bd0f25c1df5c0dcd8076ba9a305f2a483b3e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
