[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2020-13757/python-rsa: fix reason

Sylvain Beucler beuc at debian.org
Fri Apr 2 15:58:27 BST 2021 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ef66630 by Sylvain Beucler at 2021-04-02T16:32:12+02:00
CVE-2020-13757/python-rsa: fix reason
There actually is a rdep (awscli)

- - - - -
47a206af by Sylvain Beucler at 2021-04-02T16:50:01+02:00
CVE-2020-26248/ruby-nokogiri: code is mostly present in stretch AFAICS

- - - - -
bae3545c by Sylvain Beucler at 2021-04-02T16:55:17+02:00
dla: golang-gogoprotobuf: reference mailing-list thread

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -38509,7 +38509,6 @@ CVE-2020-26248 (In the PrestaShop module "productcomments" before version 4.2.1,
 CVE-2020-26247 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
 	- ruby-nokogiri 1.11.1+dfsg-1 (low; bug #978967)
 	[buster] - ruby-nokogiri <no-dsa> (Minor issue)
-	[stretch] - ruby-nokogiri <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
 	NOTE: https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b (v1.11.0.rc4)
 CVE-2020-26246 (Pimcore is an open source digital experience platform. In Pimcore befo ...)
@@ -66606,7 +66605,7 @@ CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decrypti
 	- python-rsa <unfixed> (bug #962142)
 	[buster] - python-rsa <no-dsa> (Minor issue)
 	[stretch] - python-rsa <no-dsa> (Minor issue)
-	[jessie] - python-rsa <no-dsa> (No reverse dependencies)
+	[jessie] - python-rsa <no-dsa> (Minor issue)
 	NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
 CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...)
 	NOT-FOR-US: Sabberworm PHP CSS Parser


=====================================
data/dla-needed.txt
=====================================
@@ -60,6 +60,7 @@ golang-gogoprotobuf
   NOTE: 20210308: If anyone have a good way to regression test the package this information is appreciated.
   NOTE: 20210308: If anyone have information on what the result of the missing range check is, that information is also appreciated.
   NOTE: 20210318: The generated code is in many other go packages.
+  NOTE: 20210329: See discussion at https://lists.debian.org/debian-lts/2021/03/msg00011.html
 --
 gsoap
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/90a7cf725485a1a655af7bc2f1c2973e94c083dd...bae3545c60649f3e5e2ce3663ea9f65c9bee5d64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/90a7cf725485a1a655af7bc2f1c2973e94c083dd...bae3545c60649f3e5e2ce3663ea9f65c9bee5d64
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210402/887dc868/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list