[Git][security-tracker-team/security-tracker][master] Add CVE-2020-5235/nanopb

Salvatore Bonaccorso carnil at debian.org
Tue Feb 4 20:01:56 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0663b09a by Salvatore Bonaccorso at 2020-02-04T21:01:22+01:00
Add CVE-2020-5235/nanopb

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7272,7 +7272,11 @@ CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
 	NOTE: https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f
 CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nanopb b ...)
-	TODO: check
+	- nanopb <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-gcx3-7m76-287p
+	NOTE: https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856
+	NOTE: https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3
+	NOTE: https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2
 CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vul ...)
 	TODO: check
 CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0663b09a4b3c275e9b81dd4d89dbc35412f962cd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0663b09a4b3c275e9b81dd4d89dbc35412f962cd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200204/af621382/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list