Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
117d6306 by Salvatore Bonaccorso at 2019-02-27T20:17:37Z
Move some older NFUs associated with Apache Airflow to itp tagged entry
Apache Airflow CVEs were marked as NFU previously but there is an
ITP/RFP for src:airflow corresponding to the Apache Airflow. Update the
older entries and cross-checked with CVEs on masterlist from MITRE
associated with 'Apache Airflow'.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14566,7 +14566,7 @@ CVE-2018-20247 (In Foxit Quick PDF Library (all
versions prior to 16.12), issue
CVE-2018-20246
REJECTED
CVE-2018-20245 (The LDAP auth backend
(airflow.contrib.auth.backends.ldap_auth) prior ...)
- NOT-FOR-US: Apache Airflow
+ - airflow <itp> (bug #819700)
CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could
edit the ...)
- airflow <itp> (bug #819700)
CVE-2018-20243
@@ -67034,9 +67034,9 @@ CVE-2017-17838
CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection
leak in the ...)
NOT-FOR-US: Apache DeltaSpike-JSF module
CVE-2017-17836 (In Apache Airflow 1.8.2 and earlier, an experimental Airflow
feature ...)
- NOT-FOR-US: Apache Airflow
+ - airflow <itp> (bug #819700)
CVE-2017-17835 (In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability
allowed for ...)
- NOT-FOR-US: Apache Airflow
+ - airflow <itp> (bug #819700)
CVE-2017-17834
REJECTED
CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a
...)
@@ -81735,7 +81735,7 @@ CVE-2017-15721 (In Irssi before 1.0.5, certain
incorrectly formatted DCC CTCP me
NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
NOTE:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15720 (In Apache Airflow 1.8.2 and earlier, an authenticated user can
execute ...)
- NOT-FOR-US: Apache Airflow
+ - airflow <itp> (bug #819700)
CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and
...)
NOT-FOR-US: Wicket jQuery UI
CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak
the ...)
@@ -91413,7 +91413,7 @@ CVE-2017-12616 (When using a VirtualDirContext with
Apache Tomcat 7.0.0 to 7.0.8
CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with
HTTP PUTs ...)
- tomcat7 <not-affected> (Windows-specific)
CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be
exploited to ...)
- NOT-FOR-US: Apache Airflow
+ - airflow <itp> (bug #819700)
CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are
invoked with ...)
{DLA-1162-1}
- apr 1.6.3-1 (low; bug #879708)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/117d6306a25c10931e2df3fe24f351e4fd2b2e0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/117d6306a25c10931e2df3fe24f351e4fd2b2e0d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
