[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-{11998,13920}/activemq

Fri, 11 Sep 2020 12:09:11 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b574197b by Salvatore Bonaccorso at 2020-09-11T21:07:41+02:00
Update status for CVE-2020-{11998,13920}/activemq

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24394,6 +24394,9 @@ CVE-2020-13921 (**Resolved** Only when using 
H2/MySQL/TiDB as Apache SkyWalking
 CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create 
the JMX ...)
        - activemq <unfixed>
        NOTE: 
http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
+       NOTE: When fixing this issue make sure to use a complete fix and not 
open up
+       NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit 
preventing
+       NOTE: JMX re-bind).
 CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 
200.7.10.102.92 allow ...)
        NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed 
through  ...)
@@ -29342,7 +29345,7 @@ CVE-2020-12000 (The affected product is vulnerable to 
the handling of serialized
 CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic 
v4.11.0 ...)
        NOT-FOR-US: FactoryTalk
 CVE-2020-11998 (A regression has been introduced in the commit preventing JMX 
re-bind. ...)
-       - activemq <unfixed>
+       - activemq <not-affected> (Only affects 5.15.12)
        NOTE: 
http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
 CVE-2020-11997
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b574197b1ab84eae97a73b234079fd26212a9731

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b574197b1ab84eae97a73b234079fd26212a9731
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to