Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 98d79aa9 by Salvatore Bonaccorso at 2020-09-05T09:14:00+02:00 Track rebar3 itp/rfp bug under two CVEs for Rebar3 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -24464,6 +24464,7 @@ CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9. CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...) NOT-FOR-US: Foxit Reader CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command in ...) + - rebar3 <itp> (bug #824773) TODO: check, whether this affects src:rebar (but the security implications seems a little far-fetched anyway) CVE-2020-13801 RESERVED @@ -97629,6 +97630,7 @@ CVE-2019-1000015 (Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cros NOT-FOR-US: Chamilo Chamilo-lms CVE-2019-1000014 (Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracl ...) - rebar <not-affected> (vulnerable code is not present) + - rebar3 <itp> (bug #824773) NOTE: https://github.com/erlang/rebar3/pull/1986 CVE-2019-1000013 (Hex package manager hex_core version 0.3.0 and earlier contains a Sign ...) NOT-FOR-US: Hex package manager View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d79aa95098f8a9fadda4f68d37bfb26512f69c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d79aa95098f8a9fadda4f68d37bfb26512f69c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits