[Git][security-tracker-team/security-tracker][master] jquery issues also affect node-jquery

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d626fcab by Moritz Muehlenhoff at 2020-05-04T09:53:46+02:00
jquery issues also affect node-jquery

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4813,10 +4813,14 @@ CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulne
 CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
 	- jquery <unfixed>
 	[jessie] - jquery <not-affected> (Vulnerable code note present)
+	[experimental] - node-jquery 3.5.0+dfsg-1
+	- node-jquery <unfixed>
 	NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
 CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
 	- jquery <unfixed>
 	[jessie] - jquery <not-affected> (Vulnerable code note present)
+	[experimental] - node-jquery 3.5.0+dfsg-1
+	- node-jquery <unfixed>
 	NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
 	NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
 CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...)
@@ -8623,6 +8627,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is
 	{DSA-4672-1}
 	- trafficserver 8.0.7+ds-1
 	NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
+	NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
 CVE-2020-9480
 	RESERVED
 CVE-2020-9479
@@ -27772,6 +27777,7 @@ CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3,
 	{DSA-4672-1}
 	- trafficserver 8.0.6+ds-1
 	NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
+	NOTE: https://github.com/apache/trafficserver/commit/5830bc72611e85e7a31098ce86710242f29076dc
 CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, allowing ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...)
@@ -36733,6 +36739,7 @@ CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3
 	{DSA-4672-1}
 	- trafficserver 8.0.6+ds-1
 	NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
+	NOTE: https://github.com/apache/trafficserver/commit/60e0a8ce23d390b851873e020483d6f75e857158
 CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which has HTT ...)
 	NOT-FOR-US: Dubbo
 CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d626fcab143ee30e91a62bbe113fae76ac83ec62

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d626fcab143ee30e91a62bbe113fae76ac83ec62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200504/6a7fe338/attachment.html>