diff options
| author | Romain Tartière <romain@FreeBSD.org> | 2020-08-11 03:14:16 +0000 |
|---|---|---|
| committer | Romain Tartière <romain@FreeBSD.org> | 2020-08-11 03:14:16 +0000 |
| commit | a5b131e507e43a949d428c1c8f2e3ab1e027e04e (patch) | |
| tree | 72db2d1d1fae6cb5e7650e6d79de52cd90f9ace5 | |
| parent | editors/vscode: Resolve dependency confliction on node10 and 12 (diff) | |
Document puppetdb5 vulnerability
Notes
Notes:
svn path=/head/; revision=544660
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0f0210eb95aa..11bd88a81a7f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,36 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="10e3ed8a-db7f-11ea-8bdf-643150d3111d"> + <topic>puppetdb -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>puppetdb5</name> + <range><lt>5.2.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Puppetlabs reports:</p> + <blockquote cite="https://puppet.com/security/cve/jackson-july-2020-security-fixes/"> + <p>In June 2020, jackson-databind published security updates addressing several CVEs. Previous releases of PuppetDB contain a vulnerable version of jackson.core:jackson-databind. PuppetDB 5.2.18 contains an updated version of jackson-databind that has patched the vulnerabilities.</p> + </blockquote> + </body> + </description> + <references> + <url>https://puppet.com/security/cve/jackson-july-2020-security-fixes/</url> + <cvename>CVE-2020-9548</cvename> + <cvename>CVE-2020-14062</cvename> + <cvename>CVE-2020-14060</cvename> + <cvename>CVE-2020-14061</cvename> + <cvename>CVE-2020-14195</cvename> + </references> + <dates> + <discovery>2020-07-23</discovery> + <entry>2020-08-11</entry> + </dates> + </vuln> + <vuln vid="6b6de127-db0b-11ea-ba1e-1c39475b9f84"> <topic>bftpd -- Multiple vulnerabilities</topic> <affects> |