From fa5ab2ce472d1857cc3c46c7cc340c55999368ab Mon Sep 17 00:00:00 2001 From: Anton Gladky Date: Sat, 6 Mar 2021 19:31:42 +0100 Subject: Update notes --- data/CVE/list.2020 | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 97a77dff92..30068ebf07 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -42556,12 +42556,14 @@ CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re - activemq (Only affects 5.15.12) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt CVE-2020-11997 (Apache Guacamole 1.2.0 and earlier do not consistently restrict access ...) - NOT-FOR-US: ancient versions in the archive + - guacamole-client + [stretch] - guacamole-client (Minor issue; fix intrusive to backport) NOTE: https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E - TODO: check details, both guacamole-client and guacamole-server affected? - NOTE: according to upstream only guacamole-client is affected. The fix for the - NOTE: very ancient version in archive (0.8.3-1.1 - stretch, 0.9.9+dfsg-1 - sid) - NOTE: is very complicated (almost impossible). + NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-1123 + NOTE: https://github.com/apache/guacamole-client/pulls?q=is%3Apr+guacamole-1123+is%3Aclosed + NOTE: https://github.com/glyptodon/guacamole-client/pull/453 + NOTE: https://enterprise.glyptodon.com/doc/latest/cve-2020-11997-inconsistent-restriction-of-connection-history-visibility-31424710.html + NOTE: https://enterprise.glyptodon.com/doc/1.x/changelog-950368.html#id-.Changelogv1.x-1.14 CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...) {DSA-4727-1 DLA-2279-1} - tomcat9 9.0.36-1 -- cgit v1.2.3