[Git][security-tracker-team/security-tracker][master] Add CVE-2020-15271/lookatme
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 26 20:37:54 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b96b6a39 by Salvatore Bonaccorso at 2020-10-26T21:37:24+01:00
Add CVE-2020-15271/lookatme
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26678,7 +26678,10 @@ CVE-2020-15273
CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...)
TODO: check
CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...)
- TODO: check
+ - lookatme <unfixed>
+ NOTE: https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q
+ NOTE: https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84 (v2.3.0)
+ NOTE: https://github.com/d0c-s4vage/lookatme/pull/110
CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...)
NOT-FOR-US: Node parse-server
CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b96b6a39d88dd0ecba58d28153028d51bfc0ff4d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b96b6a39d88dd0ecba58d28153028d51bfc0ff4d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201026/967f52a6/attachment.html>
More information about the debian-security-tracker-commits
mailing list