diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-08 17:19:52 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-08 17:19:52 +0200 |
| commit | 4f96c62322762d5dbe87c383534c399f9a18e5f5 (patch) | |
| tree | 8bf4c2b5a04aaf087b1e74d8aebc78b2bfee5c50 | |
| parent | f066d528b595aa1c647fa2fe203d11d0c0febbbe (diff) | |
Update status for CVE-2020-15708/libvirt
| -rw-r--r-- | data/CVE/2020.list | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 6e2374cf60..7dcbcaf5b9 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3618,9 +3618,14 @@ CVE-2020-15709 NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286 CVE-2020-15708 [incorrect permissions on the UNIX domain socket allows local attacker to escalate privileges] RESERVED - - libvirt <undetermined> + - libvirt <not-affected> (Ubuntu specific issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866270#c2 - TODO: check if affects Debian packaging when using libvirtd.socket, similarly as the Ubuntu one + NOTE: Debian used to use polkit in 1.2.9-rc1-1 and only later on + NOTE: enabled as well libvirtd socket activation. Ubuntu OTOH continued + NOTE: to ship the Allow-libvirt-group-to-access-the-socket.patch patch + NOTE: which caused the CVE-2020-15708 issue. + NOTE: Upstream improved documentation in with: + NOTE: https://www.redhat.com/archives/libvir-list/2020-August/msg00360.html CVE-2020-15707 (Integer overflows were discovered in the functions grub_cmd_initrd and ...) {DSA-4735-1} - grub2 2.04-9 |