summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnton Gladky <gladk@debian.org>2021-03-06 19:31:42 +0100
committerAnton Gladky <gladk@debian.org>2021-03-06 19:31:42 +0100
commit1d93d7adbcb2026928e3ab5fc60d801e105116ff (patch)
tree81bd0de3c0d931c8b2e69f53277c58ae7d1e5d63
parent1b992dbd51860b85ec6417d5afea716a0cad2522 (diff)
Update notesCVE-2020-11997
-rw-r--r--data/CVE/2020.list12
1 files changed, 7 insertions, 5 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 97a77dff92..30068ebf07 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -42556,12 +42556,14 @@ CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re
- activemq <not-affected> (Only affects 5.15.12)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
CVE-2020-11997 (Apache Guacamole 1.2.0 and earlier do not consistently restrict access ...)
- NOT-FOR-US: ancient versions in the archive
+ - guacamole-client <unfixed>
+ [stretch] - guacamole-client <ignored> (Minor issue; fix intrusive to backport)
NOTE: https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E
- TODO: check details, both guacamole-client and guacamole-server affected?
- NOTE: according to upstream only guacamole-client is affected. The fix for the
- NOTE: very ancient version in archive (0.8.3-1.1 - stretch, 0.9.9+dfsg-1 - sid)
- NOTE: is very complicated (almost impossible).
+ NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-1123
+ NOTE: https://github.com/apache/guacamole-client/pulls?q=is%3Apr+guacamole-1123+is%3Aclosed
+ NOTE: https://github.com/glyptodon/guacamole-client/pull/453
+ NOTE: https://enterprise.glyptodon.com/doc/latest/cve-2020-11997-inconsistent-restriction-of-connection-history-visibility-31424710.html
+ NOTE: https://enterprise.glyptodon.com/doc/1.x/changelog-950368.html#id-.Changelogv1.x-1.14
CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...)
{DSA-4727-1 DLA-2279-1}
- tomcat9 9.0.36-1

© 2014-2021 Faster IT GmbH | imprint | privacy policy