[Git][security-tracker-team/security-tracker][master] Mark golang-github-dgrijalva-jwt-go not-affected in buster and stretch

Wed Dec 2 21:22:54 GMT 2020


Brian May pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99ff2359 by Brian May at 2020-12-03T08:22:40+11:00
Mark golang-github-dgrijalva-jwt-go not-affected in buster and stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -10654,6 +10654,8 @@ CVE-2020-26161 (In Octopus Deploy through 2020.4.2, an attacker could redirect u
 	NOT-FOR-US: Octopus Deploy
 CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...)
 	- golang-github-dgrijalva-jwt-go 3.2.0-3 (bug #971556)
+	[buster] - golang-github-dgrijalva-jwt-go <not-affected> (vulnerable code not present until version 3.0.0)
+	[stretch] - golang-github-dgrijalva-jwt-go <not-affected> (vulnerable code not present until version 3.0.0)
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
 	NOTE: https://github.com/dgrijalva/jwt-go/issues/422
 	NOTE: https://github.com/dgrijalva/jwt-go/pull/286


=====================================
data/dla-needed.txt
=====================================
@@ -49,8 +49,6 @@ f2fs-tools
 --
 firmware-nonfree (Emilio)
 --
-golang-github-dgrijalva-jwt-go (Brian May)
---
 golang-golang-x-net-dev
 --
 influxdb



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99ff2359e59683f3dcd7a6260ebd0cd64d41ba7f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99ff2359e59683f3dcd7a6260ebd0cd64d41ba7f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201202/68d7eeb6/attachment-0001.html>
