[Git][security-tracker-team/security-tracker][master] oauth2-proxy ITP

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4913b69 by Moritz Mühlenhoff at 2021-02-16T18:58:53+01:00
oauth2-proxy ITP

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14430,7 +14430,7 @@ CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, wi
 CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before versi ...)
 	NOT-FOR-US: Traccar
 CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...)
-	NOT-FOR-US: OAuth2 Proxy
+	- oauth2-proxy <itp> (bug #982891)
 CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...)
 	{DLA-2555-1}
 	- netty 1:4.1.48-2 (bug #982580)
@@ -67739,7 +67739,7 @@ CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with
 	NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j
 	NOTE: Depends on qtwebkit, which is not covered by security support
 CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...)
-	NOT-FOR-US: OAuth2 Proxy
+	- oauth2-proxy <itp> (bug #982891)
 CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...)
 	NOT-FOR-US: Sorcery
 CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...)
@@ -82861,7 +82861,7 @@ CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nan
 CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vu ...)
 	NOT-FOR-US: MessagePack for C#
 CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
-	NOT-FOR-US: OAuth2 Proxy
+	- oauth2-proxy <itp> (bug #982891)
 CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...)
 	NOT-FOR-US: Ethereum
 CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN  ...)
@@ -85769,7 +85769,7 @@ CVE-2020-4039
 CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...)
 	NOT-FOR-US: Node graphql-playground-html
 CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users  ...)
-	NOT-FOR-US: OAuth2 Proxy
+	- oauth2-proxy <itp> (bug #982891)
 CVE-2020-4036
 	RESERVED
 CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4913b69bfdeb561b9773412792adc6e112774b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4913b69bfdeb561b9773412792adc6e112774b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210216/795fca61/attachment-0001.html>