[Git][security-tracker-team/security-tracker][master] Track rebar3 itp/rfp bug under two CVEs for Rebar3

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98d79aa9 by Salvatore Bonaccorso at 2020-09-05T09:14:00+02:00
Track rebar3 itp/rfp bug under two CVEs for Rebar3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24464,6 +24464,7 @@ CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.
 CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command in ...)
+	- rebar3 <itp> (bug #824773)
 	TODO: check, whether this affects src:rebar (but the security implications seems a little far-fetched anyway)
 CVE-2020-13801
 	RESERVED
@@ -97629,6 +97630,7 @@ CVE-2019-1000015 (Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cros
 	NOT-FOR-US: Chamilo Chamilo-lms
 CVE-2019-1000014 (Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracl ...)
 	- rebar <not-affected> (vulnerable code is not present)
+	- rebar3 <itp> (bug #824773)
 	NOTE: https://github.com/erlang/rebar3/pull/1986
 CVE-2019-1000013 (Hex package manager hex_core version 0.3.0 and earlier contains a Sign ...)
 	NOT-FOR-US: Hex package manager



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d79aa95098f8a9fadda4f68d37bfb26512f69c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d79aa95098f8a9fadda4f68d37bfb26512f69c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200905/fd1fb778/attachment.html>