Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1c0f1f2b by Abhijith PA at 2021-07-10T14:05:24+05:30 Mark CVE-2019-11291 CVE-2021-32718 CVE-2021-32719 as not-affected for stretch Add commits for CVE-2019-11291. Remove no-dsa tag for rest - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8243,10 +8243,12 @@ CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. I NOT-FOR-US: Sylius CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) - rabbitmq-server <unfixed> (bug #990524) + [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122 CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) - rabbitmq-server <unfixed> (bug #990524) + [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028 CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) @@ -145122,8 +145124,10 @@ CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...) - rabbitmq-server 3.8.3-1 (bug #945601) [buster] - rabbitmq-server <no-dsa> (Minor issue) - [stretch] - rabbitmq-server <no-dsa> (Minor issue) + [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present) [jessie] - rabbitmq-server <postponed> (Minor issue) + NOTE: https://github.com/rabbitmq/rabbitmq-shovel-management/commit/c22992b289dddadba866ac2b7fc697bc66847e4f + NOTE: https://github.com/rabbitmq/rabbitmq-federation-management/commit/52bf0ffbb8695060b1ae909266b9b62717e7ba2d NOTE: https://pivotal.io/security/cve-2019-11291 CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query p ...) NOT-FOR-US: Cloud Foundry @@ -145134,7 +145138,6 @@ CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versi CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...) - rabbitmq-server 3.8.3-1 (bug #945600) [buster] - rabbitmq-server <no-dsa> (Minor issue) - [stretch] - rabbitmq-server <no-dsa> (Minor issue) [jessie] - rabbitmq-server <postponed> (Minor issue) NOTE: https://pivotal.io/security/cve-2019-11287 CVE-2019-11286 (VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and ...) @@ -145150,7 +145153,6 @@ CVE-2019-11282 (Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoi CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...) - rabbitmq-server 3.7.18-1 (low) [buster] - rabbitmq-server <no-dsa> (Minor issue) - [stretch] - rabbitmq-server <no-dsa> (Minor issue) [jessie] - rabbitmq-server <no-dsa> (Minor issue; one plugin not vulnerable, the other only exploitable by malicious admin) NOTE: https://pivotal.io/security/cve-2019-11281 NOTE: fix for vhost limit feature: https://github.com/rabbitmq/rabbitmq-management/commit/42def1b51243397c1cb9192d6d064351e358bacc @@ -270232,19 +270234,16 @@ CVE-2017-4968 REJECTED CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) - rabbitmq-server 3.6.10-1 (low; bug #863586) - [stretch] - rabbitmq-server <no-dsa> (Minor issue) [jessie] - rabbitmq-server <no-dsa> (Minor issue) [wheezy] - rabbitmq-server <no-dsa> (Minor issue) CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) - rabbitmq-server 3.6.10-1 (low; bug #863586) - [stretch] - rabbitmq-server <no-dsa> (Minor issue) [jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced later) [wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9) NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0) CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) - rabbitmq-server 3.6.10-1 (low; bug #863586) - [stretch] - rabbitmq-server <no-dsa> (Minor issue) [jessie] - rabbitmq-server <no-dsa> (Minor issue) [wheezy] - rabbitmq-server <no-dsa> (Minor issue) CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0f1f2bc6e675b64eb3fdb4b9e84efbcc4285f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0f1f2bc6e675b64eb3fdb4b9e84efbcc4285f2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits