[Git][security-tracker-team/security-tracker][master] Add CVE-2020-26159/libonig

Wed Sep 30 21:22:58 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
187a4d0c by Salvatore Bonaccorso at 2020-09-30T22:22:23+02:00
Add CVE-2020-26159/libonig

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,9 @@ CVE-2020-26161
 CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...)
 	TODO: check
 CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expressi ...)
-	TODO: check
+	- libonig <unfixed>
+	NOTE: https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
+	NOTE: https://github.com/kkos/oniguruma/issues/207
 CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...)
 	TODO: check
 CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It d ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/187a4d0c7b84a1544d5cad68c83505e90dcaf767

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/187a4d0c7b84a1544d5cad68c83505e90dcaf767
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200930/60c13434/attachment-0001.html>
