[Git][security-tracker-team/security-tracker][CVE-2020-11997] Update notes

Sat, 06 Mar 2021 10:32:17 -0800 


Anton Gladky pushed to branch CVE-2020-11997 at Debian Security Tracker / 
security-tracker


Commits:
841d5bac by Anton Gladky at 2021-03-06T19:31:42+01:00
Update notes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66265,12 +66265,14 @@ CVE-2020-11998 (A regression has been introduced in 
the commit preventing JMX re
        - activemq <not-affected> (Only affects 5.15.12)
        NOTE: 
http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
 CVE-2020-11997 (Apache Guacamole 1.2.0 and earlier do not consistently 
restrict access ...)
-       NOT-FOR-US: ancient versions in the archive
+       - guacamole-client <unfixed>
+       [stretch] - guacamole-client <ignored> (Minor issue; fix intrusive to 
backport)
        NOTE: 
https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E
-       TODO: check details, both guacamole-client and guacamole-server 
affected?
-       NOTE: according to upstream only guacamole-client is affected. The fix 
for the
-       NOTE: very ancient version in archive (0.8.3-1.1 - stretch, 
0.9.9+dfsg-1 - sid)
-       NOTE: is very complicated (almost impossible).
+       NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-1123
+       NOTE: 
https://github.com/apache/guacamole-client/pulls?q=is%3Apr+guacamole-1123+is%3Aclosed
+       NOTE: https://github.com/glyptodon/guacamole-client/pull/453
+       NOTE: 
https://enterprise.glyptodon.com/doc/latest/cve-2020-11997-inconsistent-restriction-of-connection-history-visibility-31424710.html
+       NOTE: 
https://enterprise.glyptodon.com/doc/1.x/changelog-950368.html#id-.Changelogv1.x-1.14
 CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache 
Tomcat  ...)
        {DSA-4727-1 DLA-2279-1}
        - tomcat9 9.0.36-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/841d5bac942491b0f872696ef75da942b6042916

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/841d5bac942491b0f872696ef75da942b6042916
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to