[Git][security-tracker-team/security-tracker][master] new ansible issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
651df17f by Moritz Muehlenhoff at 2020-05-15T09:22:36+02:00
new ansible issue
new pip non issue
new issue in ITPd kibana
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6459,8 +6459,11 @@ CVE-2020-10745
        RESERVED
 CVE-2020-10744
        RESERVED
+       - ansible <unfixed>
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566
 CVE-2020-10743
        RESERVED
+       - kibana <itp> (bug #700337)
 CVE-2020-10742
        RESERVED
        - linux <undetermined>
@@ -32410,6 +32413,7 @@ CVE-2020-1162
        RESERVED
 CVE-2020-1161
        RESERVED
+       NOT-FOR-US: Microsoft .NET
 CVE-2020-1160
        RESERVED
 CVE-2020-1159
@@ -32516,6 +32520,7 @@ CVE-2020-1109
        RESERVED
 CVE-2020-1108
        RESERVED
+       NOT-FOR-US: Microsoft .NET
 CVE-2020-1107
        RESERVED
 CVE-2020-1106
@@ -80309,7 +80314,9 @@ CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal 
via ../ in an entry in a
 CVE-2018-20226 (An organization administrator can add a super administrator in 
THEHIVE ...)
        NOT-FOR-US: THEHIVE
 CVE-2018-20225 (An issue was discovered in pip (all versions) because it 
installs the  ...)
-       TODO: check
+       - python-pip <unfixed> (unimportant)
+       NOTE: 
https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html
+       NOTE: pip is inherently affected by malicious packages, use packages 
from Debian instead :-)
 CVE-2018-20224
        RESERVED
 CVE-2018-20223



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651df17fbe481dd8249c09fc89081120f70ab2c7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651df17fbe481dd8249c09fc89081120f70ab2c7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits