[Git][security-tracker-team/security-tracker][master] stretch triage
Abhijith PA
abhijith at debian.org
Sun Oct 11 14:53:23 BST 2020
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
47e7d5a4 by Abhijith PA at 2020-10-11T19:22:58+05:30
stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1653,6 +1653,7 @@ CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular ex
CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...)
- node-handlebars 3:4.7.2-1
- libjs-handlebars <removed>
+ [stretch] - libjs-handlebars <no-dsa> (Only reverse depends was diaspora which not in stretch)
NOTE: https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b
NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
NOTE: https://www.npmjs.com/advisories/1300
@@ -1661,6 +1662,7 @@ CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS)
CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ...)
- node-handlebars 3:4.5.3-1
- libjs-handlebars <removed>
+ [stretch] - libjs-handlebars <no-dsa> (Only reverse depends was diaspora which not in stretch)
NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
NOTE: https://www.npmjs.com/advisories/1316
NOTE: https://www.npmjs.com/advisories/1324
=====================================
data/dla-needed.txt
=====================================
@@ -74,6 +74,8 @@ golang-1.7
--
golang-1.8
--
+golang-github-dgrijalva-jwt-go
+--
golang-golang-x-net-dev
--
guacamole-server (Markus Koschany)
@@ -87,6 +89,8 @@ jupyter-notebook
lemonldap-ng
NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could defer. (lamby)
--
+kdeconnect
+--
libonig (Markus Koschany)
NOTE: 20201002: Fix for CVE-2020-26159 is too trivial. Besides that, please consider
NOTE: 20201002: fixing other errors mentioned in https://github.com/kkos/oniguruma/issues/207
@@ -116,8 +120,13 @@ php-horde-trean
NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver)
NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver)
--
+phpmyadmin (Abhijith PA)
+--
python3.5 (Thorsten Alteholz)
--
+pluxml
+ NOTE: 20201011: issue is still open upstream. Also low priority for us (abhijith)
+--
qtsvg-opensource-src (Adrian Bunk)
--
reel
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e7d5a422a065693233318b1817832d77faf5c8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e7d5a422a065693233318b1817832d77faf5c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201011/5471701f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list