diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-12-21 14:55:27 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-12-21 14:55:27 +0100 |
commit | 54734e35d6d51892535606462ab1295f5f752d94 (patch) | |
tree | f91019b04d2981abed5eba8cd554d26123d145c7 /data/CVE/2018.list | |
parent | 3b76477149af3003e4bbbdfa5f4d29b2f2c50a21 (diff) |
CVE-2018-10886 Clarify why we kept the CVE
Diffstat (limited to 'data/CVE/2018.list')
-rw-r--r-- | data/CVE/2018.list | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index e62a263f6b..9f1de715b5 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -27674,8 +27674,10 @@ CVE-2018-10886 NOTE: https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe NOTE: https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1584407 - NOTE: The CVE will be rejected, as it was assigned by Red Hat's CNA but is out of - NOTE: scope of the assigning CNA. + NOTE: The CVE was rejected, as it was assigned by Red Hat's CNA but is out of + NOTE: scope of the assigning CNA. The rejection was not due to technical invalid + NOTE: issue but because it was assigned by a CNA which did not cover the scope + NOTE: for ant. Would fall under Apache CNA instead. CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy c ...) NOT-FOR-US: atomic-openshift CVE-2018-10884 (Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-s ...) |