Re: [EXTERNAL] TRA-2021-14/CVE-2021-20095 status

Hi Sylvain,

Those CVEs were registered in error and were requested to be listed as REJECTED. There are no plans to re-register these issues under new identifiers.

Regards,

Rajiv

On Mon, Oct 18, 2021 at 8:54 AM Sylvain Beucler <beuc@beuc.net> wrote:

*** CAUTION: This email was sent from an EXTERNAL source. Think before clicking links or opening attachments. ***

Hello,

I'm part of the Debian LTS Team and we would like to track which shipped
versions of python-babel are affected by the vulnerability described in
your advisory TRA-2021-14.
https://fr.tenable.com/security/research/tra-2021-14

The Advisory Timeline shows that CVE-2021-20095 was assigned by your CNA
to reference this issue, but was withdrawn the next day with no public
rationale.
As far as we know, no later CVE superseded it, hence there is currently
no standard way to track this issue.

Was there a security reason for the CVE withdrawal, and is there plan to
register a new one?

Cheers!
Sylvain Beucler
Debian LTS Team

Rajiv Motwani | Senior Director of Research, Vulnerability Detection

Tenable

7021 Columbia Gateway Drive, Suite 500

Columbia, MD 21046

rmotwani@tenable.com

M: +1 (978) 875-3486

tenable.com

Reply to:

References:

TRA-2021-14/CVE-2021-20095 status
- From: Sylvain Beucler <beuc@beuc.net>