[Git][security-tracker-team/security-tracker][master] NFU

Mon, 14 Sep 2020 05:59:10 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
769ad082 by Moritz Muehlenhoff at 2020-09-14T14:58:14+02:00
NFU
clarified older TODO for CNI plugins

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29978,6 +29978,7 @@ CVE-2020-11978 (An issue was found in Apache Airflow 
versions 1.10.10 and below.
        - airflow <itp> (bug #819700)
 CVE-2020-11977
        RESERVED
+       NOT-FOR-US: Apache Syncope
 CVE-2020-11976 (By crafting a special URL it is possible to make Wicket 
deliver unproc ...)
        NOT-FOR-US: Apache Wicket
 CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which 
offers the  ...)
@@ -84304,7 +84305,6 @@ CVE-2019-12107 (The upnp_event_prepare function in 
upnpevents.c in MiniUPnP Mini
        - miniupnpd 2.1-6 (bug #930050)
        [stretch] - miniupnpd 1.8.20140523-4.1+deb9u2
        NOTE: 
https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94
-       TODO: check, might affect minidlna
 CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 
1.4 and ...)
        {DLA-1805-1}
        - minissdpd 1.5.20190210-1 (bug #929297)
@@ -90460,9 +90460,10 @@ CVE-2019-9947 (An issue was discovered in urllib2 in 
Python 2.x through 2.7.16 a
        NOTE: Patch 2.7: 
https://github.com/python/cpython/commit/bb8071a4cae5ab3fe321481dd3d73662ffb26052
 CVE-2019-9946 (Cloud Native Computing Foundation (CNCF) CNI (Container 
Networking Int ...)
        - kubernetes 1.17.4-1
-       - golang-github-containernetworking-plugins <undetermined>
+       - golang-github-containernetworking-plugins <not-affected> (Fixed 
before initial upload)
+       - singularity-container 3.5.0+ds1-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1692712
-       TODO: singularity-container seems to embed as well a copy of cni
+       NOTE: singularity-container embeds a copy, but switched to packaged one 
in 3.5.0+ds1-1, marking as fixed
 CVE-2019-9945 (SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. 
The NGI ...)
        NOT-FOR-US: SoftNAS Cloud
 CVE-2019-9944 (In Open Microscopy Environment OMERO.server 5.0.0 through 
5.6.0, the r ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/769ad0823ff056f04e716ec04e57f317014ef9de

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/769ad0823ff056f04e716ec04e57f317014ef9de
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to