Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: caecd657 by Salvatore Bonaccorso at 2020-12-06T20:51:02+01:00 Add CVE-2020-1750{8,9}/trafficserver - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -29128,10 +29128,16 @@ CVE-2020-17511 CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...) - shiro <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7 -CVE-2020-17509 +CVE-2020-17509 [ATS negative cache option is vulnerable to a cache poisoning attack] RESERVED -CVE-2020-17508 + - trafficserver 8.1.1+ds-1 + NOTE: https://github.com/apache/trafficserver/pull/7359 + NOTE: https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E +CVE-2020-17508 [The ATS ESI plugin has a memory disclosure vulnerability] RESERVED + - trafficserver 8.1.1+ds-1 + NOTE: https://github.com/apache/trafficserver/pull/7358 + NOTE: https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...) {DLA-2377-1 DLA-2376-1} - qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caecd657d8e60be605b5c5c3b2ddddd52184b089 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caecd657d8e60be605b5c5c3b2ddddd52184b089 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits