[Git][security-tracker-team/security-tracker][master] CVE-2020-15094/symfony doesn’t affect stable
David Prévot
taffit at debian.org
Thu Sep 3 00:36:27 BST 2020
David Prévot pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df4ce8c7 by David Prévot at 2020-09-02T19:33:46-04:00
CVE-2020-15094/symfony doesn’t affect stable
The vulnerability was introduced in 4.4 according to upstream, and I
checked that the interface was only introduced in 4.3.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20700,6 +20700,9 @@ CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an inf
NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...)
- symfony 4.4.13+dfsg-1
+ [buster] - symfony <not-affected> (Introduced in 4.4.0)
+ [stretch] - symfony <not-affected> (Introduced in 4.4.0)
+ [jessie] - symfony <not-affected> (Introduced in 4.4.0)
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r
NOTE: https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78
CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4ce8c78f9a530a4f794c02bea73c71212db992
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4ce8c78f9a530a4f794c02bea73c71212db992
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200902/a0c48204/attachment.html>
More information about the debian-security-tracker-commits
mailing list