Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7586c740 by Thorsten Alteholz at 2021-01-11T10:28:03+01:00 update CVE-2020-36067 CVE-2020-36066 CVE-2020-35380 with fixed version - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5016,15 +5016,16 @@ CVE-2020-36069 CVE-2020-36068 RESERVED CVE-2020-36067 (GJSON <=v1.6.5 allows attackers to cause a denial of service (panic ...) - - golang-github-tidwall-gjson <unfixed> + - golang-github-tidwall-gjson 1.6.7-1 [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue) NOTE: https://github.com/tidwall/gjson/issues/196 NOTE: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (remote) ...) - - golang-github-tidwall-gjson <unfixed> + - golang-github-tidwall-gjson 1.6.7-1 [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue) NOTE: https://github.com/tidwall/gjson/issues/195 NOTE: https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc + NOTE: fix in golang-github-tidwall-gjson is dependency on golang-github-tidwall-match v1.0.3 CVE-2020-36065 RESERVED CVE-2020-36064 @@ -9624,7 +9625,7 @@ CVE-2020-35381 (jsonparser 1.0.0 allows attackers to cause a denial of service ( [buster] - golang-github-buger-jsonparser <no-dsa> (Minor issue) NOTE: https://github.com/buger/jsonparser/issues/219 CVE-2020-35380 (GJSON before 1.6.4 allows attackers to cause a denial of service via c ...) - - golang-github-tidwall-gjson <unfixed> (bug #977622) + - golang-github-tidwall-gjson 1.6.7-1 (bug #977622) NOTE: https://github.com/tidwall/gjson/issues/192 NOTE: https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc (v1.6.4) CVE-2020-35379 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7586c7403487822b7aff2e0c06e3531d9b82ea11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7586c7403487822b7aff2e0c06e3531d9b82ea11 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits