[Git][security-tracker-team/security-tracker][master] 2 commits: Triage result for jquery. CVE-2020-11023 and CVE-2020-11023 are fixed with the...
Ola Lundqvist
opal at debian.org
Fri May 1 20:01:05 BST 2020
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f77705f6 by Ola Lundqvist at 2020-05-01T20:39:01+02:00
Triage result for jquery. CVE-2020-11023 and CVE-2020-11023 are fixed with the same patch. The extend function htmlPrefilter does not exist in the jessie version. Marked them as not-affected.
- - - - -
e28c9766 by Ola Lundqvist at 2020-05-01T21:00:03+02:00
Triage result for salt. Added commit notes and package to dla-needed.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3116,9 +3116,13 @@ CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x
CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
- salt 3000.2+dfsg1-1
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
+ NOTE: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
- salt 3000.2+dfsg1-1
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
+ NOTE: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
+ NOTE: There is a typo (for more info see the release notes) in the official correction.
+ NOTE: This should be fixed too since this typo causes a regression.
CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...)
NOT-FOR-US: FreeNAS
CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...)
@@ -4765,9 +4769,11 @@ CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulne
NOT-FOR-US: Moonlight iOS/tvOS
CVE-2020-11023 (In jQuery before 3.5.0, passing HTML containing <option> element ...)
- jquery <unfixed>
+ [jessie] - jquery <not-affected> (Vulnerable code note present)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
- jquery <unfixed>
+ [jessie] - jquery <not-affected> (Vulnerable code note present)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...)
=====================================
data/dla-needed.txt
=====================================
@@ -72,6 +72,9 @@ php5 (Thorsten Alteholz)
--
qemu (Adrian Bunk)
--
+salt
+ NOTE: Upstream fix for CVE-CVE-2020-11651 causes a regression. Should be fixed too.
+--
sqlite3 (Mike Gabriel)
--
squid3 (Markus Koschany)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f21b1165aead7a310cf13daff9cb36e2601c0339...e28c97660d0485bc16410f653cbc73c5ad860d3e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f21b1165aead7a310cf13daff9cb36e2601c0339...e28c97660d0485bc16410f653cbc73c5ad860d3e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200501/a22080ae/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list