Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Fix #102513

Closed
kieferrm opened this issue Jul 14, 2020 · 10 comments
Closed

Security Fix #102513

kieferrm opened this issue Jul 14, 2020 · 10 comments
Assignees
@kieferrm
Milestone
June 2020 Recovery 1

Comments

@kieferrm
Copy link
Member

kieferrm commented Jul 14, 2020
edited
Loading

Details in https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1416
@kieferrm kieferrm added this to the June 2020 Recovery 1 milestone Jul 14, 2020
@kieferrm kieferrm self-assigned this Jul 14, 2020
@MLefebvreICO
Copy link

Just received update 1.47.1 linking to this issue, but it doesn't have details 😐

@kieferrm
Copy link
Member Author

I updated the link. The MITRE copy is not yet updated.

@aaomidi
Copy link

aaomidi commented Jul 14, 2020

The link currently just goes to this milestone (https://github.com/microsoft/vscode/milestone/128), is that expected?

@vp2177
Copy link
Contributor

vp2177 commented Jul 14, 2020

Details in https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1416

That page is currently empty, so is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1416

However, if anyone is wondering, just google (bing?) the CVE number.

@jlk
Copy link

jlk commented Jul 15, 2020

The milestone page is "empty," but if you click "closed" you'll see it. Probably should tweak the link to show closed issues.

@wwahammy
Copy link

Is there a commit/PR we can see fixing this bug? It's not super helpful to know a CVE existed if we can't verify that it was fixed properly.

@Lightfire228 Lightfire228 mentioned this issue Jul 15, 2020
Closed
@ExE-Boss
Copy link
Contributor

ExE-Boss commented Jul 15, 2020
edited
Loading

@wwahammy It seems like the bug was in the closed source vscode‑distro component: 1.47.0...1.47.1.

@wwahammy
Copy link

Ah, so there's some proprietary software that VSCode uses that apparently does something which can lead to a security hole. We don't know what it does or how risky it is to run.

@mahen23

This comment has been minimized.

Sign in to view
@jlk
Copy link

jlk commented Jul 16, 2020

A thumbs down isn't enough on this one. There's zero tolerance for backwater attitude @mahen23. Reporting.

@microsoft microsoft locked as too heated and limited conversation to collaborators Jul 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@kieferrm kieferrm

Labels
None yet
Projects
None yet
Milestone
June 2020 Recovery 1
Development

No branches or pull requests
8 participants
@wwahammy @jlk @vp2177 @mahen23 @aaomidi @ExE-Boss @kieferrm @MLefebvreICO