[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20060/python-urllib3

Salvatore Bonaccorso carnil at debian.org
Wed Dec 12 05:55:03 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c664458 by Salvatore Bonaccorso at 2018-12-12T05:54:29Z
Add CVE-2018-20060/python-urllib3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,23 @@ CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/
 CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...)
 	NOT-FOR-US: Frappe ERPNext
 CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP ...)
-	TODO: check
+	- python-urllib3 1.24-1
+	NOTE: https://github.com/urllib3/urllib3/issues/1316
+	NOTE: https://github.com/urllib3/urllib3/pull/1346
+	NOTE: https://github.com/urllib3/urllib3/commit/3d7f98b07b6e6e04c2e89cdf5afb18024a2d804c
+	NOTE: https://github.com/urllib3/urllib3/commit/f99912beeaf230ee3634b938d3ea426ffd1f3e57
+	NOTE: https://github.com/urllib3/urllib3/commit/48dba048081dfcb999afcda715d17147aa15b6ea
+	NOTE: https://github.com/urllib3/urllib3/commit/23e2eb56af23db5a1eeb8ad9b51dd99a27c15522
+	NOTE: https://github.com/urllib3/urllib3/commit/5e9c6b9175d66170ef65fc703f2e46788a59ca0c
+	NOTE: https://github.com/urllib3/urllib3/commit/9c9dd6f3014e89bb9c532b641abcf1b24c3896ab
+	NOTE: https://github.com/urllib3/urllib3/commit/6245ddddb7f80740c5c15e1750e5b9f68c5b2b5f
+	NOTE: https://github.com/urllib3/urllib3/commit/3b5f27449e153ad05186beca8fbd9b134936fe50
+	NOTE: https://github.com/urllib3/urllib3/commit/1742538d57865e61125c6c12a755b5db41636fe7
+	NOTE: https://github.com/urllib3/urllib3/commit/2a42e70ff077006d5a6da92251ddbb2939303f94
+	NOTE: https://github.com/urllib3/urllib3/commit/e8a727a0b8389f5f75981858a8bbb319646f4450
+	NOTE: https://github.com/urllib3/urllib3/commit/63948f3a607ed8e7a3ce9ac4e20782359896e27e
+	NOTE: https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532
+	NOTE: Fixed upstream in 1.23
 CVE-2018-20059 (jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. ...)
 	NOT-FOR-US: Pippo
 CVE-2018-20058 (In Evernote before 7.6 on macOS, there is a local file path traversal ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c6644581461c109411c8da5c9e2d2db3450a406

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c6644581461c109411c8da5c9e2d2db3450a406
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181212/d50af518/attachment.html>

More information about the debian-security-tracker-commits mailing list