[Git][security-tracker-team/security-tracker][master] new jackson-dataformat-cbor, node-prismjs, python-reportlab issues

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
676b349e by Moritz Muehlenhoff at 2021-02-19T16:34:03+01:00
new jackson-dataformat-cbor, node-prismjs, python-reportlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9256,7 +9256,10 @@ CVE-2021-23343
 CVE-2021-23342
        RESERVED
 CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular 
Expression ...)
-       TODO: check
+       - node-prismjs <unfixed>
+       NOTE: 
https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609
+       NOTE: https://github.com/PrismJS/prism/pull/2584
+       NOTE: https://github.com/PrismJS/prism/issues/2583
 CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local 
FIle In ...)
        TODO: check
 CVE-2021-23339 (This affects all versions of package 
com.typesafe.akka:akka-http-core. ...)
@@ -17197,6 +17200,7 @@ CVE-2021-20253
        RESERVED
 CVE-2021-20252
        RESERVED
+       NOT-FOR-US: Red Hat 3scale API Management
 CVE-2021-20251
        RESERVED
 CVE-2021-20250
@@ -24613,9 +24617,11 @@ CVE-2020-28493 (This affects the package jinja2 from 
0.0.0 and before 2.11.3. Th
 CVE-2020-28492
        REJECTED
 CVE-2020-28491 (This affects the package 
com.fasterxml.jackson.dataformat:jackson-data ...)
-       TODO: check
+       - jackson-dataformat-cbor <unfixed>
+       NOTE: 
https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
+       NOTE: https://github.com/FasterXML/jackson-dataformats-binary/issues/186
 CVE-2020-28490 (The package async-git before 1.13.2 are vulnerable to Command 
Injectio ...)
-       TODO: check
+       NOT-FOR-US: Node async-git
 CVE-2020-28489
        RESERVED
 CVE-2020-28488
@@ -24676,7 +24682,9 @@ CVE-2020-28465
 CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the 
schema f ...)
        NOT-FOR-US: Node djv
 CVE-2020-28463 (All versions of package reportlab are vulnerable to 
Server-side Reques ...)
-       TODO: check
+       - python-reportlab <unfixed>
+       [buster] - python-reportlab <no-dsa> (Minor issue)
+       NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
 CVE-2020-28462
        RESERVED
 CVE-2020-28461



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/676b349e8e4d3ae46a1fd94260eee1a677f99039

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/676b349e8e4d3ae46a1fd94260eee1a677f99039
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits