Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c0f1f2b by Abhijith PA at 2021-07-10T14:05:24+05:30
Mark CVE-2019-11291 CVE-2021-32718 CVE-2021-32719 as not-affected for stretch
Add commits for CVE-2019-11291. Remove no-dsa tag for rest
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8243,10 +8243,12 @@ CVE-2021-32720 (Sylius is an Open Source eCommerce
platform on top of Symfony. I
NOT-FOR-US: Sylius
CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In
rabbitmq-server prio ...)
- rabbitmq-server <unfixed> (bug #990524)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122
CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In
rabbitmq-server prio ...)
- rabbitmq-server <unfixed> (bug #990524)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028
CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions
prior to 6. ...)
@@ -145122,8 +145124,10 @@ CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x
prior to 2.4.27, 2.5.x prior
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8
version prior ...)
- rabbitmq-server 3.8.3-1 (bug #945601)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
[jessie] - rabbitmq-server <postponed> (Minor issue)
+ NOTE:
https://github.com/rabbitmq/rabbitmq-shovel-management/commit/c22992b289dddadba866ac2b7fc697bc66847e4f
+ NOTE:
https://github.com/rabbitmq/rabbitmq-federation-management/commit/52bf0ffbb8695060b1ae909266b9b62717e7ba2d
NOTE: https://pivotal.io/security/cve-2019-11291
CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all
query p ...)
NOT-FOR-US: Cloud Foundry
@@ -145134,7 +145138,6 @@ CVE-2019-11288 (In Pivotal tc Server, 3.x versions
prior to 3.2.19 and 4.x versi
CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x
prior to 3. ...)
- rabbitmq-server 3.8.3-1 (bug #945600)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <postponed> (Minor issue)
NOTE: https://pivotal.io/security/cve-2019-11287
CVE-2019-11286 (VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and
9.7.5, and ...)
@@ -145150,7 +145153,6 @@ CVE-2019-11282 (Cloud Foundry UAA, versions prior to
v74.3.0, contains an endpoi
CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for
PCF, ver ...)
- rabbitmq-server 3.7.18-1 (low)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue; one plugin not
vulnerable, the other only exploitable by malicious admin)
NOTE: https://pivotal.io/security/cve-2019-11281
NOTE: fix for vhost limit feature:
https://github.com/rabbitmq/rabbitmq-management/commit/42def1b51243397c1cb9192d6d064351e358bacc
@@ -270232,19 +270234,16 @@ CVE-2017-4968
REJECTED
CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all
3.4.x ...)
- rabbitmq-server 3.6.10-1 (low; bug #863586)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all
3.4.x ...)
- rabbitmq-server 3.6.10-1 (low; bug #863586)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced
later)
[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced
later)
NOTE: Fixed by:
https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10
(rabbitmq_v3_6_9)
NOTE: Introduced by:
https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368
(rabbitmq_v3_4_0)
CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all
3.4.x ...)
- rabbitmq-server 3.6.10-1 (low; bug #863586)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially
allow a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0f1f2bc6e675b64eb3fdb4b9e84efbcc4285f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0f1f2bc6e675b64eb3fdb4b9e84efbcc4285f2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
