Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9bd5aae by Salvatore Bonaccorso at 2020-12-24T06:00:16+01:00
Track fixed version for CVE-2020-13987, CVE-2020-13988 and CVE-2020-17437
- - - - -
faa06ed9 by Salvatore Bonaccorso at 2020-12-24T06:04:15+01:00
De-associate some CVEs which are not affecting open-iscsi according to upstream
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21392,13 +21392,8 @@ CVE-2020-24336 (An issue was discovered in Contiki
through 3.0 and Contiki-NG th
NOT-FOR-US: Contiki
CVE-2020-24335
RESERVED
- - open-iscsi <unfixed>
- NOTE:
https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
- NOTE: Adressed upstream in 2.1.3 release
CVE-2020-24334 (The code that processes DNS responses in uIP through 1.0, as
used in C ...)
- - open-iscsi <unfixed>
- NOTE:
https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
- NOTE: Adressed upstream in 2.1.3 release
+ NOT-FOR-US: uIP
CVE-2020-24333 (A vulnerability in Arista’s CloudVision Portal (CVP)
prior to 20 ...)
NOT-FOR-US: Arista
CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the
tcsd daemon ...)
@@ -35306,19 +35301,13 @@ CVE-2020-17442 (An issue was discovered in picoTCP
1.7.0. The code for parsing t
CVE-2020-17441 (An issue was discovered in picoTCP 1.7.0. The code for
processing the ...)
NOT-FOR-US: picoTCP
CVE-2020-17440 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and
other p ...)
- - open-iscsi <unfixed>
- NOTE:
https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
- NOTE: Adressed upstream in 2.1.3 release
+ NOT-FOR-US: uIP as used in Contiki and other products (but apparently
not open-iscsi)
CVE-2020-17439 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and
other p ...)
- - open-iscsi <unfixed>
- NOTE:
https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
- NOTE: Adressed upstream in 2.1.3 release
+ NOT-FOR-US: uIP as used in Contiki and other products (but apparently
not open-iscsi)
CVE-2020-17438 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and
other p ...)
- - open-iscsi <unfixed>
- NOTE:
https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
- NOTE: Adressed upstream in 2.1.3 release
+ NOT-FOR-US: uIP as used in Contiki and other products (but apparently
not open-iscsi)
CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and
other p ...)
- - open-iscsi <unfixed>
+ - open-iscsi 2.1.3-1
NOTE:
https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
NOTE: Adressed upstream in 2.1.3 release
CVE-2020-17436
@@ -44078,10 +44067,12 @@ CVE-2020-13990
CVE-2020-13989
RESERVED
CVE-2020-13988 (An issue was discovered in Contiki through 3.0. An Integer
Overflow ex ...)
+ - open-iscsi 2.1.3-1
NOTE:
https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
NOTE: Adressed upstream in 2.1.3 release
CVE-2020-13987 (An issue was discovered in Contiki through 3.0. An
Out-of-Bounds Read ...)
- - open-iscsi <unfixed>
+ - open-iscsi 2.1.3-1
+ NOTE:
https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp
NOTE:
https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
NOTE: Adressed upstream in 2.1.3 release
CVE-2020-13986 (An issue was discovered in Contiki through 3.0. An infinite
loop exist ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c62950d7dee201a4513c9f818a14e7629bbccc63...faa06ed9d4c459ba97dc7709d477f81b7dc76421
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c62950d7dee201a4513c9f818a14e7629bbccc63...faa06ed9d4c459ba97dc7709d477f81b7dc76421
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
