[Git][security-tracker-team/security-tracker][master] node-mongodb spu

Moritz Muehlenhoff jmm at debian.org
Wed Apr 29 22:14:42 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d36c3679 by Moritz Muehlenhoff at 2020-04-29T23:14:20+02:00
node-mongodb spu
samba postponed

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5405,6 +5405,8 @@ CVE-2020-10705
 CVE-2020-10704
 	RESERVED
 	- samba <unfixed>
+	[buster] - samba <postponed> (Can be fixed along in future DSA)
+	[stretch] - samba <postponed> (Can be fixed along in future DSA)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334
 	NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html
 CVE-2020-10703 [Potential denial of service via active pool without target path]
@@ -12610,6 +12612,7 @@ CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11
 CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...)
 	[experimental] - node-mongodb 3.5.5+~cs11.12.19-1
 	- node-mongodb 3.5.6+~cs11.12.19-1
+	[buster] - node-mongodb <no-dsa> (Minor issue)
 	NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19
 	NOTE: https://snyk.io/vuln/SNYK-JS-BSON-561052
 	NOTE: https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8
@@ -81801,6 +81804,7 @@ CVE-2019-2392
 CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson not corr ...)
 	[experimental] - node-mongodb 3.5.5+~cs11.12.19-1
 	- node-mongodb 3.5.6+~cs11.12.19-1
+	[buster] - node-mongodb <no-dsa> (Minor issue)
 	NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19
 CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create  ...)
 	NOT-FOR-US: Microsoft


=====================================
data/next-point-update.txt
=====================================
@@ -122,3 +122,7 @@ CVE-2020-9383
 	[buster] - linux 4.19.118-1
 CVE-2019-19046
 	[buster] - linux 4.19.118-1
+CVE-2020-7610
+	[buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1
+CVE-2019-2391
+	[buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d36c36795673e4dff772e25ab36ffc34a738dd89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d36c36795673e4dff772e25ab36ffc34a738dd89
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200429/e5b9ec6c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list