[Git][security-tracker-team/security-tracker][master] new node-socket.io-parser, git-big-picture, gitlab issues
Moritz Muehlenhoff
jmm at debian.org
Wed Jan 20 10:32:27 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85d48390 by Moritz Muehlenhoff at 2021-01-20T11:31:57+01:00
new node-socket.io-parser, git-big-picture, gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -788,7 +788,7 @@ CVE-2021-21263 [Unexpected bindings in QueryBuilder]
NOTE: https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
NOTE: https://github.com/laravel/framework/pull/35865
CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on macOS mishandles certificat ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop on MacOS
CVE-2021-3161
RESERVED
CVE-2021-3160
@@ -6160,7 +6160,8 @@ CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_
CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging)
CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a branch name, ...)
- TODO: check
+ - git-big-picture 1.0.0-1
+ NOTE: https://github.com/git-big-picture/git-big-picture/pull/62
CVE-2021-22696
RESERVED
CVE-2020-36177 (RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-o ...)
@@ -7269,15 +7270,15 @@ CVE-2021-22173
CVE-2021-22172
RESERVED
CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22170
RESERVED
CVE-2021-22169
RESERVED
CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...)
- gitlab <not-affected> (Only affects Gitlab 13.7.x)
NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
@@ -8874,7 +8875,9 @@ CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS V1
CVE-2020-36050
RESERVED
CVE-2020-36049 (socket.io-parser before 3.4.1 allows attackers to cause a denial of se ...)
- TODO: check
+ - node-socket.io-parser 3.4.1-1
+ NOTE: https://blog.caller.xyz/socketio-engineio-dos/
+ NOTE: https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55
CVE-2020-36048 (Engine.IO before 4.0.0 allows attackers to cause a denial of service ( ...)
TODO: check
CVE-2020-36047
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85d483908c9806e63d97c3ad4a027969e35b7730
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85d483908c9806e63d97c3ad4a027969e35b7730
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210120/a4b21e11/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list