Update status for CVE-2020-14326

author: Salvatore Bonaccorso <carnil@debian.org> 2021-12-04 19:35:05 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-12-04 19:35:05 +0100
commit: b14c4d078132d8b9f89b9949db6e897cae705df2 (patch)
tree: 847bb495e4c53a0aa8abd3ec75897e09a5e1f94b /data
parent: 4f4de0c992a923f486756ed7c9db99801ef5dcaa (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 413967ea9e..156c3082c9 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -38623,10 +38623,12 @@ CVE-2020-14328 (A flaw was found in Ansible Tower in versions before 3.7.2. A Se
 CVE-2020-14327 (A Server-side request forgery (SSRF) flaw was found in Ansible Tower i ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2020-14326 (A vulnerability was found in RESTEasy, where RootNode incorrectly cach ...)
-	- resteasy <undetermined>
-	- resteasy3.0 <undetermined>
+	- resteasy <not-affected> (Vulnerable code introduced later)
+	- resteasy3.0 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855826
 	NOTE: https://issues.redhat.com/browse/RESTEASY-2643
+	NOTE: https://issues.redhat.com/browse/RESTEASY-2646
+	NOTE: Introduced by: https://github.com/resteasy/Resteasy/commit/f948c45f4ebe00531f858e289d17664bc2edd496 (4.2.0.Final)
 CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Imperson ...)
 	NOT-FOR-US: Red Hat CloudForm
 CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red  ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-12-04 19:35:05 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-12-04 19:35:05 +0100
commit	b14c4d078132d8b9f89b9949db6e897cae705df2 (patch)
tree	847bb495e4c53a0aa8abd3ec75897e09a5e1f94b /data
parent	4f4de0c992a923f486756ed7c9db99801ef5dcaa (diff)