[Git][security-tracker-team/security-tracker][master] new django-filter issue

Moritz Muehlenhoff jmm at debian.org
Thu May 6 10:00:17 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
32a88b83 by Moritz Muehlenhoff at 2021-05-06T10:59:21+02:00
new django-filter issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -544,7 +544,6 @@ CVE-2021-3520 [memory corruption due to an integer overflow bug caused by memmov
 	- lz4 1.9.3-2 (bug #987856)
 	NOTE: https://github.com/lz4/lz4/pull/972
 	NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
-	TODO: from the sources embedding it, check potential affected sources
 CVE-2021-31869
 	RESERVED
 CVE-2021-31868
@@ -5945,7 +5944,7 @@ CVE-2021-29491
 CVE-2021-29490
 	RESERVED
 CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...)
-	TODO: check
+	NOT-FOR-US: Highcharts JS
 CVE-2021-29488
 	RESERVED
 CVE-2021-29487
@@ -6916,7 +6915,7 @@ CVE-2021-29102
 CVE-2021-29101
 	RESERVED
 CVE-2021-29100 (A path traversal vulnerability exists in Esri ArcGIS Earth versions 1. ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2021-29099
 	RESERVED
 CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
@@ -45312,7 +45311,7 @@ CVE-2020-25715
 	RESERVED
 	- dogtag-pki <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1891016
-	TODO: check details
+	NOTE: https://github.com/dogtagpki/pki/commit/13f4c7fe7d71d42b46b25f3e8472ef7f35da5dd6
 CVE-2020-25714
 	RESERVED
 CVE-2020-25713 [Out of bounds read leads to segfault in raptor_xml_writer_start_element_common]
@@ -51233,7 +51232,7 @@ CVE-2020-23085
 CVE-2020-23084
 	RESERVED
 CVE-2020-23083 (Unrestricted File Upload in JEECG v4.0 and earlier allows remote attac ...)
-	TODO: check
+	NOT-FOR-US: JEECG
 CVE-2020-23082
 	RESERVED
 CVE-2020-23081
@@ -67941,7 +67940,9 @@ CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.
 CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...)
 	- glpi <removed>
 CVE-2020-15225 (django-filter is a generic system for filtering Django QuerySets based ...)
-	TODO: check
+	- django-filter 2.4.0-1
+	NOTE: https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
+	NOTE: https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b
 CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...)
 	NOT-FOR-US: Open Enclave
 CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32a88b83c17dc1dd4eb9806a0f7f5d9cf950d0be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32a88b83c17dc1dd4eb9806a0f7f5d9cf950d0be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210506/f56cd94e/attachment.htm>

More information about the debian-security-tracker-commits mailing list