-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby-rack-cors
Version: 0.2.9-1+deb8u1
CVE ID : CVE-2019-18978
This package allowed ../ directory traversal to access private resources
because resource matching did not ensure that pathnames were in a canonical
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: storebackup
Version: 3.2.1-1+deb8u1
CVE ID : CVE-2020-7040
Debian Bug : 949393
storeBackup.pl in storeBackup through 3.5 relies on the
/tmp/storeBackup.lock pathname, which allows symlink attacks
that possibly