Back to bug 1330264
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2016-04-25 18:37:42 UTC | Whiteboard | impact=moderate,public=20160425,reported=20160422,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-330,rhn_satellite_6/pulp=affected | impact=moderate,public=20160425,reported=20160422,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected |
| Kurt Seifried | 2016-04-25 18:37:48 UTC | CC | rhui-bugs | |
| Kurt Seifried | 2016-04-25 18:38:41 UTC | CC | rbarlow | |
| Kurt Seifried | 2016-04-25 18:39:53 UTC | Summary | CVE-2016-3704 Pulp: Unsafe use of bash 12228 for NSS DB password and seed | CVE-2016-3704 Pulp: Unsafe use of bash $RANDOM for NSS DB password and seed |
| Kurt Seifried | 2016-04-25 18:49:22 UTC | Blocks | 1330273 | |
| Kurt Seifried | 2016-04-25 19:02:48 UTC | Depends On | 1330283 | |
| Dennis Kliban | 2016-04-25 19:13:19 UTC | CC | dkliban | |
| Link ID | Pulp Redmine 1858 | |||
| pulp-infra | 2016-04-25 19:14:28 UTC | CC | mhrivnak | |
| pulp-infra | 2016-04-25 19:14:30 UTC | CC | bbouters | |
| Kurt Seifried | 2016-08-24 15:48:14 UTC | Depends On | 1369890 | |
| pulp-infra | 2016-11-21 21:02:07 UTC | Status | NEW | POST |
| Kurt Seifried | 2016-11-28 18:34:53 UTC | Depends On | 1399327 | |
| Kurt Seifried | 2017-03-15 03:59:12 UTC | Blocks | 1432305 | |
| pulp-infra | 2017-06-05 18:21:11 UTC | CC | pcreech | |
| pulp-infra | 2017-06-05 18:21:14 UTC | CC | ttereshc | |
| Kurt Seifried | 2017-07-13 00:49:44 UTC | Whiteboard | impact=moderate,public=20160425,reported=20160422,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected | impact=moderate,public=20160425,reported=20160422,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected |
| Brian Bouterse | 2017-07-26 20:00:27 UTC | CC | bbouters | |
| Kurt Seifried | 2017-10-19 23:48:19 UTC | Doc Text | Pulp makes unsafe use of Bash's $RANDOM to generate a NSS DB password and seed resulting in insufficient randomness. An attacker could potentially guess the seed used given enough time and compute resources. | |
| Whiteboard | impact=moderate,public=20160425,reported=20160422,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected | impact=moderate,public=20160425,reported=20160421,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected | ||
| Eric Christensen | 2017-10-20 12:48:36 UTC | Whiteboard | impact=moderate,public=20160425,reported=20160421,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected | impact=moderate,public=20160425,reported=20160420,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected |
| Viliam Križan | 2018-02-12 10:27:28 UTC | Whiteboard | impact=moderate,public=20160425,reported=20160420,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected | impact=moderate,public=20160425,reported=20160422,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected |
| Kurt Seifried | 2018-02-16 18:08:48 UTC | Summary | CVE-2016-3704 Pulp: Unsafe use of bash $RANDOM for NSS DB password and seed | CVE-2016-3704 pulp: Unsafe use of bash $RANDOM for NSS DB password and seed |
| Martin Prpič | 2018-02-21 08:31:57 UTC | Status | POST | NEW |
| pulp-infra | 2018-02-21 08:35:42 UTC | Status | NEW | POST |
| pulp-infra | 2018-05-25 15:21:06 UTC | CC | rchan | |
| pulp-infra | 2018-09-19 15:16:04 UTC | CC | daviddavis | |
| PnT Account Manager | 2019-04-22 21:30:49 UTC | CC | tjay | |
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=moderate,public=20160425,reported=20160422,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-330,rhn_satellite_6/pulp=affected,rhui-2/pulp=notaffected | |
| PnT Account Manager | 2020-02-21 22:29:16 UTC | CC | rbarlow | |
| pulp-infra | 2020-10-05 14:27:07 UTC | CC | bmbouter | |
| pulp-infra | 2020-10-05 14:27:09 UTC | CC | ipanova | |
| pulp-infra | 2021-04-06 17:58:38 UTC | CC | ggainey | |
| Red Hat Bugzilla | 2021-11-14 22:29:20 UTC | CC | daviddavis | |
| Red Hat Bugzilla | 2022-07-18 09:51:41 UTC | CC | mmccune | |
| Red Hat Bugzilla | 2022-11-30 23:28:33 UTC | CC | tlestach | |
| Red Hat Bugzilla | 2023-07-07 08:31:44 UTC | Assignee | security-response-team | nobody |
Back to bug 1330264