Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: bca79971 by Moritz Muehlenhoff at 2022-07-11T21:19:27+02:00 python-reportlab fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -119313,13 +119313,12 @@ CVE-2020-28465 CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the schema f ...) NOT-FOR-US: Node djv CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...) - - python-reportlab <unfixed> - [bullseye] - python-reportlab <no-dsa> (Minor issue) + - python-reportlab 3.5.55-1 [buster] - python-reportlab <no-dsa> (Minor issue) [stretch] - python-reportlab <postponed> (Can be fixed in next DLA) NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 NOTE: Starting in 3.5.55 trustedSchemes and trustedHosts rl_config variables are introduced - NOTE: which can be used to mitigate the issue. + NOTE: which can be used to mitigate the issue, treating this as the fixed version CVE-2020-28462 RESERVED CVE-2020-28461 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca79971c11cedd40e6f22da2bc3c594389b8dbf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca79971c11cedd40e6f22da2bc3c594389b8dbf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits