Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bca79971 by Moritz Muehlenhoff at 2022-07-11T21:19:27+02:00
python-reportlab fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -119313,13 +119313,12 @@ CVE-2020-28465
CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the
schema f ...)
NOT-FOR-US: Node djv
CVE-2020-28463 (All versions of package reportlab are vulnerable to
Server-side Reques ...)
- - python-reportlab <unfixed>
- [bullseye] - python-reportlab <no-dsa> (Minor issue)
+ - python-reportlab 3.5.55-1
[buster] - python-reportlab <no-dsa> (Minor issue)
[stretch] - python-reportlab <postponed> (Can be fixed in next DLA)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
NOTE: Starting in 3.5.55 trustedSchemes and trustedHosts rl_config
variables are introduced
- NOTE: which can be used to mitigate the issue.
+ NOTE: which can be used to mitigate the issue, treating this as the
fixed version
CVE-2020-28462
RESERVED
CVE-2020-28461
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca79971c11cedd40e6f22da2bc3c594389b8dbf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca79971c11cedd40e6f22da2bc3c594389b8dbf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
