[Git][security-tracker-team/security-tracker][master] ruby-faye fixed in sid
Moritz Muehlenhoff
jmm at debian.org
Sat Jan 2 14:40:43 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5aa28900 by Moritz Muehlenhoff at 2021-01-02T15:40:23+01:00
ruby-faye fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41729,13 +41729,13 @@ CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentic
CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...)
NOT-FOR-US: Node save-server
CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...)
- - ruby-faye <unfixed> (bug #967063)
+ - ruby-faye 1.4.0-1 (bug #967063)
[buster] - ruby-faye <no-dsa> (Minor issue)
NOTE: https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9
NOTE: https://github.com/faye/faye/issues/524
NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/
CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of certificat ...)
- - ruby-faye-websocket <unfixed> (bug #967061)
+ - ruby-faye-websocket 0.11.0-1 (bug #967061)
[buster] - ruby-faye-websocket <no-dsa> (Minor issue)
NOTE: https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv
NOTE: https://github.com/faye/faye-websocket-ruby/pull/129
@@ -54002,7 +54002,7 @@ CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0
CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...)
NOT-FOR-US: Actions Http-Client
CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...)
- - ruby-faye <unfixed> (bug #959392)
+ - ruby-faye 1.4.0-1 (bug #959392)
[buster] - ruby-faye <no-dsa> (Minor issue)
NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa289009683028d401537dbcfd59bbf62ccb304
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa289009683028d401537dbcfd59bbf62ccb304
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210102/32830ae5/attachment.html>
More information about the debian-security-tracker-commits
mailing list