[Git][security-tracker-team/security-tracker][master] puppet n/a

Fri, 18 Sep 2020 09:16:07 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8102df61 by Moritz Muehlenhoff at 2020-09-18T18:15:11+02:00
puppet n/a
add link to Samba advisory

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61259,6 +61259,7 @@ CVE-2020-1472 (An elevation of privilege vulnerability 
exists when an attacker e
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14497
        NOTE: Mitigation: server schannel = yes; but code changes planned.
        NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/2
+       NOTE: https://www.samba.org/samba/security/CVE-2020-1472.html
 CVE-2020-1471 (An elevation of privilege vulnerability exists when Microsoft 
Windows  ...)
        NOT-FOR-US: Microsoft
 CVE-2020-1470 (An elevation of privilege vulnerability exists when the Windows 
Work F ...)
@@ -113249,7 +113250,7 @@ CVE-2019-2212 (In poisson_distribution of random, 
there is an out of bounds read
        [stretch] - libc++ <no-dsa> (Minor issue)
        [jessie] - libc++ <no-dsa> (Minor issue, Jessie versions of software 
that uses poisson distribution have low popcon)
        - llvm-toolchain-6.0 <unfixed>
-       [buster] - llvm-toolchain-6.0 <no-dsa> (Minor issue)
+       [buster] - llvm-toolchain-6.0 <ignored> (Minor issue)
        [jessie] - llvm-toolchain-6.0 <no-dsa> (Minor issue, Jessie versions of 
software that uses poisson distribution have low popcon)
        - llvm-toolchain-8 <unfixed>
        NOTE: 
https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39
@@ -139890,10 +139891,7 @@ CVE-2018-11753
 CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH 
session de ...)
        NOT-FOR-US: cisco_ios Puppet module
 CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in 
the SSL co ...)
-       - puppet <unfixed> (bug #952925)
-       [buster] - puppet <no-dsa> (Minor issue)
-       [stretch] - puppet <no-dsa> (Minor issue)
-       [jessie] - puppet <ignored> (Patch too invasive to backport, minor 
issue)
+       - puppet <not-affected> (Only affects 6.x, see #952925)
        NOTE: https://puppet.com/security/cve/CVE-2018-11751/
        NOTE: https://tickets.puppetlabs.com/browse/PUP-9459
        NOTE: 
https://github.com/puppetlabs/puppet/commit/b49c11b6425738441d6f33285d2630fa434a123e



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8102df61bd48d5764085f365388f76d70af8615d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8102df61bd48d5764085f365388f76d70af8615d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to