[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-26160/golang-github-dgrijalva-jwt-go via unstable
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 26 20:41:04 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
22e710b3 by Salvatore Bonaccorso at 2020-11-26T21:40:21+01:00
Add fixed version for CVE-2020-26160/golang-github-dgrijalva-jwt-go via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9845,7 +9845,7 @@ CVE-2020-26162 (Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 befo
CVE-2020-26161 (In Octopus Deploy through 2020.4.2, an attacker could redirect users t ...)
NOT-FOR-US: Octopus Deploy
CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...)
- - golang-github-dgrijalva-jwt-go <unfixed> (bug #971556)
+ - golang-github-dgrijalva-jwt-go 3.2.0-3 (bug #971556)
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
NOTE: https://github.com/dgrijalva/jwt-go/issues/422
NOTE: https://github.com/dgrijalva/jwt-go/pull/426
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22e710b3732a1cb26a4178f5509dcecc90775208
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22e710b3732a1cb26a4178f5509dcecc90775208
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201126/54405ef4/attachment.html>
More information about the debian-security-tracker-commits
mailing list