Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5e278078 by Salvatore Bonaccorso at 2020-08-03T21:14:00+02:00 Add CVE-2020-15134/ruby-faye - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2615,7 +2615,11 @@ CVE-2020-15136 CVE-2020-15135 RESERVED CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...) - TODO: check + - ruby-faye <unfixed> + [buster] - ruby-faye <no-dsa> (Minor issue) + NOTE: https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9 + NOTE: https://github.com/faye/faye/issues/524 + NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of certificat ...) - ruby-faye-websocket <unfixed> [buster] - ruby-faye-websocket <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e278078cf323c8d39fcac0cf2122af4c7b00814 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e278078cf323c8d39fcac0cf2122af4c7b00814 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits