Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits: b887c946 by Abhijith PA at 2020-10-07T14:39:00+05:30 CVE-2020-5247: backporting tests related to this issue also need latest methods backported as well CVE-2020-5249: early_hints featured introduced around v3.9 https://github.com/puma/puma/pull/1403 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -51176,7 +51176,7 @@ CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...) - puma 3.12.4-1 (bug #953122) [buster] - puma <no-dsa> (Minor issue) - [stretch] - puma <no-dsa> (Minor issue) + [stretch] - puma <not-affected> (early_hint feature added in later version) NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58 NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3 CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...) @@ -51187,7 +51187,7 @@ CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...) - puma 3.12.4-1 (bug #952766) [buster] - puma <no-dsa> (Minor issue) - [stretch] - puma <no-dsa> (Minor issue) + [stretch] - puma <no-dsa> (intrusive to backport) NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3) NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b887c946f09e4a12ae08346994d9b809e7c1a103 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b887c946f09e4a12ae08346994d9b809e7c1a103 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits