[Git][security-tracker-team/security-tracker][master] update CVE-2020-36067 CVE-2020-36066 CVE-2020-35380 with fixed version

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7586c740 by Thorsten Alteholz at 2021-01-11T10:28:03+01:00
update CVE-2020-36067 CVE-2020-36066 CVE-2020-35380 with fixed version

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5016,15 +5016,16 @@ CVE-2020-36069
 CVE-2020-36068
        RESERVED
 CVE-2020-36067 (GJSON <=v1.6.5 allows attackers to cause a denial of 
service (panic ...)
-       - golang-github-tidwall-gjson <unfixed>
+       - golang-github-tidwall-gjson 1.6.7-1
        [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
        NOTE: https://github.com/tidwall/gjson/issues/196
        NOTE: 
https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
 CVE-2020-36066 (GJSON &lt;1.6.5 allows attackers to cause a denial of service 
(remote) ...)
-       - golang-github-tidwall-gjson <unfixed>
+       - golang-github-tidwall-gjson 1.6.7-1
        [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
        NOTE: https://github.com/tidwall/gjson/issues/195
        NOTE: 
https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc
+       NOTE: fix in golang-github-tidwall-gjson is dependency on 
golang-github-tidwall-match v1.0.3
 CVE-2020-36065
        RESERVED
 CVE-2020-36064
@@ -9624,7 +9625,7 @@ CVE-2020-35381 (jsonparser 1.0.0 allows attackers to 
cause a denial of service (
        [buster] - golang-github-buger-jsonparser <no-dsa> (Minor issue)
        NOTE: https://github.com/buger/jsonparser/issues/219
 CVE-2020-35380 (GJSON before 1.6.4 allows attackers to cause a denial of 
service via c ...)
-       - golang-github-tidwall-gjson <unfixed> (bug #977622)
+       - golang-github-tidwall-gjson 1.6.7-1 (bug #977622)
        NOTE: https://github.com/tidwall/gjson/issues/192
        NOTE: 
https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc
 (v1.6.4)
 CVE-2020-35379



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7586c7403487822b7aff2e0c06e3531d9b82ea11

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7586c7403487822b7aff2e0c06e3531d9b82ea11
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits