[Git][security-tracker-team/security-tracker][master] update CVE-2020-36067 CVE-2020-36066 CVE-2020-35380 with fixed version
Thorsten Alteholz
alteholz at debian.org
Mon Jan 11 09:29:34 GMT 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7586c740 by Thorsten Alteholz at 2021-01-11T10:28:03+01:00
update CVE-2020-36067 CVE-2020-36066 CVE-2020-35380 with fixed version
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5016,15 +5016,16 @@ CVE-2020-36069
CVE-2020-36068
RESERVED
CVE-2020-36067 (GJSON <=v1.6.5 allows attackers to cause a denial of service (panic ...)
- - golang-github-tidwall-gjson <unfixed>
+ - golang-github-tidwall-gjson 1.6.7-1
[buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
NOTE: https://github.com/tidwall/gjson/issues/196
NOTE: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (remote) ...)
- - golang-github-tidwall-gjson <unfixed>
+ - golang-github-tidwall-gjson 1.6.7-1
[buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
NOTE: https://github.com/tidwall/gjson/issues/195
NOTE: https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc
+ NOTE: fix in golang-github-tidwall-gjson is dependency on golang-github-tidwall-match v1.0.3
CVE-2020-36065
RESERVED
CVE-2020-36064
@@ -9624,7 +9625,7 @@ CVE-2020-35381 (jsonparser 1.0.0 allows attackers to cause a denial of service (
[buster] - golang-github-buger-jsonparser <no-dsa> (Minor issue)
NOTE: https://github.com/buger/jsonparser/issues/219
CVE-2020-35380 (GJSON before 1.6.4 allows attackers to cause a denial of service via c ...)
- - golang-github-tidwall-gjson <unfixed> (bug #977622)
+ - golang-github-tidwall-gjson 1.6.7-1 (bug #977622)
NOTE: https://github.com/tidwall/gjson/issues/192
NOTE: https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc (v1.6.4)
CVE-2020-35379
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7586c7403487822b7aff2e0c06e3531d9b82ea11
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7586c7403487822b7aff2e0c06e3531d9b82ea11
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210111/327b0fb2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list