[Git][security-tracker-team/security-tracker][master] 3 commits: Update PR link for CVE-2020-7105 in hiredis.

Chris Lamb lamby at debian.org
Thu Jan 23 16:40:44 GMT 2020 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19d7c28f by Chris Lamb at 2020-01-23T16:36:08+00:00
Update PR link for CVE-2020-7105 in hiredis.

- - - - -
7f5baaf1 by Chris Lamb at 2020-01-23T16:36:32+00:00
dla-needed.txt: Correct "upstream" typo.

- - - - -
4d0d86c2 by Chris Lamb at 2020-01-23T16:40:28+00:00
dla-needed.txt: Update note for hiredis.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1709,8 +1709,7 @@ CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_i
 	NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464
 CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...)
 	- hiredis <unfixed>
-	NOTE: https://github.com/redis/hiredis/issues/747
-	NOTE: https://github.com/redis/hiredis/issues/751
+	NOTE: https://github.com/redis/hiredis/issues/754
 CVE-2020-7104 (The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via th ...)
 	NOT-FOR-US: chained-quiz plugin for WordPress
 CVE-2019-20380


=====================================
data/dla-needed.txt
=====================================
@@ -29,7 +29,8 @@ graphicsmagick (Thorsten Alteholz)
 hiredis (Chris Lamb)
   NOTE: 20200118: no upstream patches, yet, but should be easy to fix (sunweaver)
   NOTE: 20200119: submitted patch upstream (lamby) 
-  NOTE: 20200123: various alternative approaches being discussed uipstream (lamby)
+  NOTE: 20200123: various alternative approaches being discussed upstream (lamby)
+  NOTE: 20200123: new PR opened upstream (lamby)
 --
 ibus
   NOTE: 20191210: Requires glib2.0 to be patched also.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/88a8362591be3b6dc178bc1dcf8766a89544b319...4d0d86c2e55d520b8200ab9ba9d51a9810264599

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/88a8362591be3b6dc178bc1dcf8766a89544b319...4d0d86c2e55d520b8200ab9ba9d51a9810264599
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200123/7db7ce0d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list