[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-13959 is in velocity-tools

Emilio Pozuelo Monfort pochu at debian.org
Fri Mar 12 09:16:59 GMT 2021 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
513e4ea3 by Emilio Pozuelo Monfort at 2021-03-12T10:14:14+01:00
CVE-2020-13959 is in velocity-tools

- - - - -
10c08ec7 by Emilio Pozuelo Monfort at 2021-03-12T10:16:35+01:00
CVE-2020-13936/velocity: link to fixing commit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61655,8 +61655,9 @@ CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker
 CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...)
 	NOT-FOR-US: D-Link
 CVE-2020-13959 (The default error page for VelocityView in Apache Velocity Tools prior ...)
-	- velocity <unfixed>
+	- velocity-tools <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/2
+	NOTE: Fixed by: https://github.com/apache/velocity-tools/commit/e141828a4eb03e4b0224535eed12b5c463a24152
 CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows an attack ...)
 	NOT-FOR-US: Apache OpenOffice
 CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...)
@@ -61719,6 +61720,7 @@ CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.
 CVE-2020-13936 (An attacker that is able to modify Velocity templates may execute arbi ...)
 	- velocity <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/1
+	NOTE: Fixed by: https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485
 CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...)
 	{DSA-4727-1 DLA-2286-1}
 	- tomcat9 9.0.37-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/25eb17a3f55788fd44d40622612fa2cf7b41de76...10c08ec7a264230b15870efe187a343b4462244b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/25eb17a3f55788fd44d40622612fa2cf7b41de76...10c08ec7a264230b15870efe187a343b4462244b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210312/06503ab3/attachment.htm>

More information about the debian-security-tracker-commits mailing list