[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2020-26159

Wed Feb 3 08:16:32 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b84a7a7b by Salvatore Bonaccorso at 2021-02-03T09:14:33+01:00
Remove notes from CVE-2020-26159

Further investigation showed that this was only a false positive and the
CVE got rejected.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30081,11 +30081,6 @@ CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended
 	NOTE: https://github.com/dgrijalva/jwt-go/pull/286
 CVE-2020-26159
 	REJECTED
-	NOTE: This was a false positive, see #972113
-	NOTE: original report: https://github.com/kkos/oniguruma/issues/207
-	NOTE: original patch: https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
-	NOTE: followup report: https://github.com/kkos/oniguruma/issues/221
-	NOTE: revert: https://github.com/kkos/oniguruma/commit/3603d78f0a3dc80e4d450509120c26a5ffcd293b
 CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...)
 	- node-handlebars <not-affected> (Introduced in 4.4.4 and fixed in 4.4.5, no vulnerable version uploaded)
 	- libjs-handlebars <not-affected> (Introduced in 4.4.4 and fixed in 4.4.5, no vulnerable version uploaded)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b84a7a7b62cab1931f46b72f5ec2ed778195d7a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b84a7a7b62cab1931f46b72f5ec2ed778195d7a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210203/7241da02/attachment.html>
