[Git][security-tracker-team/security-tracker][master] CVE-2020-5247: backporting tests related to this issue also need
Abhijith PA
abhijith at debian.org
Wed Oct 7 10:16:20 BST 2020
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b887c946 by Abhijith PA at 2020-10-07T14:39:00+05:30
CVE-2020-5247: backporting tests related to this issue also need
latest methods backported as well
CVE-2020-5249: early_hints featured introduced around v3.9
https://github.com/puma/puma/pull/1403
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -51176,7 +51176,7 @@ CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their
CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
- puma 3.12.4-1 (bug #953122)
[buster] - puma <no-dsa> (Minor issue)
- [stretch] - puma <no-dsa> (Minor issue)
+ [stretch] - puma <not-affected> (early_hint feature added in later version)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...)
@@ -51187,7 +51187,7 @@ CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a
CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...)
- puma 3.12.4-1 (bug #952766)
[buster] - puma <no-dsa> (Minor issue)
- [stretch] - puma <no-dsa> (Minor issue)
+ [stretch] - puma <no-dsa> (intrusive to backport)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3)
NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b887c946f09e4a12ae08346994d9b809e7c1a103
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b887c946f09e4a12ae08346994d9b809e7c1a103
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201007/dd0f195a/attachment.html>
More information about the debian-security-tracker-commits
mailing list