Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: d834879f by Moritz Muehlenhoff at 2020-09-08T20:03:34+02:00 NFUs new reel issue - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -41456,21 +41456,21 @@ CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...) NOT-FOR-US: Node mversion CVE-2020-7687 (This affects all versions of package fast-http. There is no path sanit ...) - TODO: check + NOT-FOR-US: Node fast-http CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. There i ...) - TODO: check + NOT-FOR-US: Node rollup-plugin-dev-server CVE-2020-7685 (This affects all versions of package UmbracoForms. When using the defa ...) - TODO: check + NOT-FOR-US: UmbracoForms CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There is no ...) - TODO: check + NOT-FOR-US: Node rollup-plugin-server CVE-2020-7683 (This affects all versions of package rollup-plugin-server. There is no ...) - TODO: check + NOT-FOR-US: Node rollup-plugin-server CVE-2020-7682 (This affects all versions of package marked-tree. There is no path san ...) - TODO: check + NOT-FOR-US: Node marked-tree CVE-2020-7681 (This affects all versions of package marscode. There is no path saniti ...) - TODO: check + NOT-FOR-US: Node marscode CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). ...) - TODO: check + NOT-FOR-US: docsify CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...) NOT-FOR-US: Node casperjs CVE-2020-7678 @@ -41498,16 +41498,16 @@ CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where goli CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo is use ...) NOT-FOR-US: Ruby gem agoo CVE-2020-7669 (This affects all versions of package github.com/u-root/u-root/pkg/taru ...) - TODO: check + NOT-FOR-US: github.com/u-root/u-root/pkg/tarutil Go package CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the ExtractT ...) - golang-github-unknwon-cae <removed> (bug #967956) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384 CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before version 0.1. ...) NOT-FOR-US: github.com/sassoftware/go-rpmutils/cpio go module CVE-2020-7666 (This affects all versions of package github.com/u-root/u-root/pkg/cpio ...) - TODO: check + NOT-FOR-US: github.com/u-root/u-root/pkg/cpio Go package CVE-2020-7665 (This affects all versions of package github.com/u-root/u-root/pkg/uzip ...) - TODO: check + NOT-FOR-US: github.com/u-root/u-root/pkg/uzip Go package CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Extract ...) - golang-github-unknwon-cae <removed> (bug #967955) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383 @@ -41519,11 +41519,12 @@ CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of Servic ...) NOT-FOR-US: Node websocket-extensions CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial ...) - TODO: check + NOT-FOR-US: Node url-regex CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject ...) NOT-FOR-US: serialize-javascript Node package CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...) - TODO: check + - reel <removed> + NOTE: https://snyk.io/vuln/SNYK-RUBY-REEL-569135 CVE-2020-7658 (meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP ...) NOT-FOR-US: meinheld CVE-2020-7657 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d834879ff051f07f073c868e47bee239d353dd56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d834879ff051f07f073c868e47bee239d353dd56 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits