Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 676b349e by Moritz Muehlenhoff at 2021-02-19T16:34:03+01:00 new jackson-dataformat-cbor, node-prismjs, python-reportlab issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9256,7 +9256,10 @@ CVE-2021-23343 CVE-2021-23342 RESERVED CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...) - TODO: check + - node-prismjs <unfixed> + NOTE: https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609 + NOTE: https://github.com/PrismJS/prism/pull/2584 + NOTE: https://github.com/PrismJS/prism/issues/2583 CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local FIle In ...) TODO: check CVE-2021-23339 (This affects all versions of package com.typesafe.akka:akka-http-core. ...) @@ -17197,6 +17200,7 @@ CVE-2021-20253 RESERVED CVE-2021-20252 RESERVED + NOT-FOR-US: Red Hat 3scale API Management CVE-2021-20251 RESERVED CVE-2021-20250 @@ -24613,9 +24617,11 @@ CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. Th CVE-2020-28492 REJECTED CVE-2020-28491 (This affects the package com.fasterxml.jackson.dataformat:jackson-data ...) - TODO: check + - jackson-dataformat-cbor <unfixed> + NOTE: https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6 + NOTE: https://github.com/FasterXML/jackson-dataformats-binary/issues/186 CVE-2020-28490 (The package async-git before 1.13.2 are vulnerable to Command Injectio ...) - TODO: check + NOT-FOR-US: Node async-git CVE-2020-28489 RESERVED CVE-2020-28488 @@ -24676,7 +24682,9 @@ CVE-2020-28465 CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the schema f ...) NOT-FOR-US: Node djv CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...) - TODO: check + - python-reportlab <unfixed> + [buster] - python-reportlab <no-dsa> (Minor issue) + NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 CVE-2020-28462 RESERVED CVE-2020-28461 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/676b349e8e4d3ae46a1fd94260eee1a677f99039 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/676b349e8e4d3ae46a1fd94260eee1a677f99039 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits