[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2020-1957 Use apache repository URL

Salvatore Bonaccorso carnil at debian.org
Sat Mar 28 10:41:22 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ca443dc by Salvatore Bonaccorso at 2020-03-28T11:39:44+01:00
CVE-2020-1957 Use apache repository URL

- - - - -
4d570459 by Salvatore Bonaccorso at 2020-03-28T11:39:46+01:00
Add reference to jira issue

- - - - -
05909720 by Salvatore Bonaccorso at 2020-03-28T11:40:18+01:00
Adjust version for nss version in jessie

Only 2:3.26-1+debu8u5 got a rebase to 3.26.2 which included the fix for
CVE-2016-9074 via the upstream commit
https://hg.mozilla.org/projects/nss/rev/d38536fcc726 .

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22296,7 +22296,8 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dy
 	- shiro <unfixed> (bug #955018)
 	[jessie] - shiro <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
-	NOTE: Possibly introduced in https://github.com/lamby/shiro/commit/a380b7d27be549e612d11ee04a84ac177677323c (1.5.0+)
+	NOTE: https://issues.apache.org/jira/browse/SHIRO-747
+	NOTE: Possibly introduced in https://github.com/apache/shiro/commit/a380b7d27be549e612d11ee04a84ac177677323c (1.5.0+)
 	NOTE: Possible fix at https://github.com/apache/shiro/pull/203
 CVE-2020-1956
 	RESERVED
@@ -189912,7 +189913,7 @@ CVE-2016-9075 (An issue where WebExtensions can use the mozAddonManager API to e
 CVE-2016-9074 (An existing mitigation of timing side-channel attacks is insufficient  ...)
 	{DSA-3730-1 DSA-3716-1 DLA-759-1 DLA-752-1}
 	- nss 2:3.26.2-1
-	[jessie] - nss 2:3.26-1+debu8u1
+	[jessie] - nss 2:3.26-1+debu8u5
 	NOTE: Fixed by (3_26_BRANCH): https://hg.mozilla.org/projects/nss/rev/d38536fcc726 (3.26.1)
 	- firefox-esr 45.5.0esr-1
 	- icedove 1:45.5.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59bd7b53d7f82deaef89ef48bbbf139adb08110c...05909720467c03c189117e36a2b16eb9bd548c46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59bd7b53d7f82deaef89ef48bbbf139adb08110c...05909720467c03c189117e36a2b16eb9bd548c46
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200328/52788019/attachment.html>

More information about the debian-security-tracker-commits mailing list