[Git][security-tracker-team/security-tracker][master] new jackson-dataformat-cbor, node-prismjs, python-reportlab issues
Moritz Muehlenhoff
jmm at debian.org
Fri Feb 19 15:34:29 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
676b349e by Moritz Muehlenhoff at 2021-02-19T16:34:03+01:00
new jackson-dataformat-cbor, node-prismjs, python-reportlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9256,7 +9256,10 @@ CVE-2021-23343
CVE-2021-23342
RESERVED
CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...)
- TODO: check
+ - node-prismjs <unfixed>
+ NOTE: https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609
+ NOTE: https://github.com/PrismJS/prism/pull/2584
+ NOTE: https://github.com/PrismJS/prism/issues/2583
CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local FIle In ...)
TODO: check
CVE-2021-23339 (This affects all versions of package com.typesafe.akka:akka-http-core. ...)
@@ -17197,6 +17200,7 @@ CVE-2021-20253
RESERVED
CVE-2021-20252
RESERVED
+ NOT-FOR-US: Red Hat 3scale API Management
CVE-2021-20251
RESERVED
CVE-2021-20250
@@ -24613,9 +24617,11 @@ CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. Th
CVE-2020-28492
REJECTED
CVE-2020-28491 (This affects the package com.fasterxml.jackson.dataformat:jackson-data ...)
- TODO: check
+ - jackson-dataformat-cbor <unfixed>
+ NOTE: https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
+ NOTE: https://github.com/FasterXML/jackson-dataformats-binary/issues/186
CVE-2020-28490 (The package async-git before 1.13.2 are vulnerable to Command Injectio ...)
- TODO: check
+ NOT-FOR-US: Node async-git
CVE-2020-28489
RESERVED
CVE-2020-28488
@@ -24676,7 +24682,9 @@ CVE-2020-28465
CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the schema f ...)
NOT-FOR-US: Node djv
CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...)
- TODO: check
+ - python-reportlab <unfixed>
+ [buster] - python-reportlab <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
CVE-2020-28462
RESERVED
CVE-2020-28461
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/676b349e8e4d3ae46a1fd94260eee1a677f99039
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/676b349e8e4d3ae46a1fd94260eee1a677f99039
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210219/afefa224/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list