[Git][security-tracker-team/security-tracker][master] 2 commits: Track drupal7 for CVE-2020-36193 (sa-core-2021-001)
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 21 19:38:43 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b1f94a4 by Salvatore Bonaccorso at 2021-01-21T20:36:13+01:00
Track drupal7 for CVE-2020-36193 (sa-core-2021-001)
- - - - -
a7be746e by Salvatore Bonaccorso at 2021-01-21T20:38:29+01:00
DLA 2530-1: Track version for drupal7 fixing the issue
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17654,8 +17654,10 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may enc
CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)
NOT-FOR-US: installer of Kaspersky Anti-Ransomware Tool (KART)
CVE-2020-36193 (Tar.php in Archive_Tar through 1.4.11 allows write operations with Dir ...)
+ - drupal7 <removed>
- php-pear <unfixed> (bug #980428)
NOTE: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
+ NOTE: https://www.drupal.org/sa-core-2021-001
CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...)
{DSA-4817-1 DLA-2466-1 DLA-2465-1}
- drupal7 <removed>
=====================================
data/DLA/list
=====================================
@@ -1,6 +1,6 @@
[21 Jan 2021] DLA-2530-1 drupal7 - security update
{CVE-2020-36193}
- [stretch] - drupal7 7.52-2
+ [stretch] - drupal7 7.52-2+deb9u14
[21 Jan 2021] DLA-2529-1 mutt - security update
{CVE-2021-3181}
[stretch] - mutt 1.7.2-1+deb9u5
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c7728ffc7a7d44d1237bf9c58c4801fef46cbecb...a7be746e3af06f69307fdf72c858a1af357389b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c7728ffc7a7d44d1237bf9c58c4801fef46cbecb...a7be746e3af06f69307fdf72c858a1af357389b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210121/cc621ef0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list