[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust libzstd version in buster

Wed Feb 10 08:06:24 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a43d37f1 by Salvatore Bonaccorso at 2021-02-10T09:02:06+01:00
Adjust libzstd version in buster

- - - - -
206c6701 by Salvatore Bonaccorso at 2021-02-10T09:05:46+01:00
Add CVE-2020-28476/python-tornado

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -182,7 +182,7 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc
 	NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
 CVE-2019-XXXX [zstd adds read permissions to files while being compressed or uncompressed]
 	- libzstd 1.4.8+dfsg-1 (bug #981404)
-	[buster] - libzstd 1.3.8+dfsg-3+deb10u
+	[buster] - libzstd 1.3.8+dfsg-3+deb10u1
 	NOTE: https://github.com/facebook/zstd/issues/1630
 CVE-2021-26852
 	RESERVED
@@ -23398,7 +23398,9 @@ CVE-2020-28478 (This affects the package gsap before 3.6.0. ...)
 CVE-2020-28477 (This affects all versions of package immer. ...)
 	NOT-FOR-US: Node immer
 CVE-2020-28476 (All versions of package tornado are vulnerable to Web Cache Poisoning  ...)
-	TODO: check
+	- python-tornado <unfixed>
+	[buster] - python-tornado <no-dsa> (Minor issue)
+	NOTE: https://snyk.io/vuln/SNYK-PYTHON-TORNADO-1017109
 CVE-2020-28475
 	RESERVED
 CVE-2020-28474



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3b470db93a9d2ac5c2a670cce07711dba1d35d90...206c670127cadafc42a5069cfa29bdfcabe417f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3b470db93a9d2ac5c2a670cce07711dba1d35d90...206c670127cadafc42a5069cfa29bdfcabe417f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210210/cc01c477/attachment-0001.html>
