[Git][security-tracker-team/security-tracker][master] jquery issues also affect node-jquery
Moritz Muehlenhoff
jmm at debian.org
Mon May 4 08:54:33 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d626fcab by Moritz Muehlenhoff at 2020-05-04T09:53:46+02:00
jquery issues also affect node-jquery
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4813,10 +4813,14 @@ CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulne
CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
- jquery <unfixed>
[jessie] - jquery <not-affected> (Vulnerable code note present)
+ [experimental] - node-jquery 3.5.0+dfsg-1
+ - node-jquery <unfixed>
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
- jquery <unfixed>
[jessie] - jquery <not-affected> (Vulnerable code note present)
+ [experimental] - node-jquery 3.5.0+dfsg-1
+ - node-jquery <unfixed>
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...)
@@ -8623,6 +8627,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is
{DSA-4672-1}
- trafficserver 8.0.7+ds-1
NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
CVE-2020-9480
RESERVED
CVE-2020-9479
@@ -27772,6 +27777,7 @@ CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3,
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/commit/5830bc72611e85e7a31098ce86710242f29076dc
CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, allowing ...)
NOT-FOR-US: Apache OFBiz
CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...)
@@ -36733,6 +36739,7 @@ CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/commit/60e0a8ce23d390b851873e020483d6f75e857158
CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which has HTT ...)
NOT-FOR-US: Dubbo
CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d626fcab143ee30e91a62bbe113fae76ac83ec62
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d626fcab143ee30e91a62bbe113fae76ac83ec62
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200504/6a7fe338/attachment.html>
More information about the debian-security-tracker-commits
mailing list