diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-08 17:19:52 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-08 17:19:52 +0200 |
commit | ce562cb8e63c1bec7f08092cacced48cd70b6652 (patch) | |
tree | 162940f12cba0a831fbdb7f756fda7f6dc7dbcda | |
parent | 1f83d35e0ab2f4fc2c87431c263f4b1af709320d (diff) |
Update status for CVE-2020-15708/libvirt
-rw-r--r-- | data/CVE/list | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index 6ecc2a3d00..e9b889fc7f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -3636,9 +3636,14 @@ CVE-2020-15709 NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286 CVE-2020-15708 [incorrect permissions on the UNIX domain socket allows local attacker to escalate privileges] RESERVED - - libvirt <undetermined> + - libvirt <not-affected> (Ubuntu specific issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866270#c2 - TODO: check if affects Debian packaging when using libvirtd.socket, similarly as the Ubuntu one + NOTE: Debian used to use polkit in 1.2.9-rc1-1 and only later on + NOTE: enabled as well libvirtd socket activation. Ubuntu OTOH continued + NOTE: to ship the Allow-libvirt-group-to-access-the-socket.patch patch + NOTE: which caused the CVE-2020-15708 issue. + NOTE: Upstream improved documentation in with: + NOTE: https://www.redhat.com/archives/libvir-list/2020-August/msg00360.html CVE-2020-15707 (Integer overflows were discovered in the functions grub_cmd_initrd and ...) {DSA-4735-1} - grub2 2.04-9 |