[Git][security-tracker-team/security-tracker][master] Add note for CVE-2020-28463
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 29 21:08:15 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9106f41f by Salvatore Bonaccorso at 2022-04-29T22:04:04+02:00
Add note for CVE-2020-28463
The issue is not fixed upstream, starting with 3.5.55 upstream version
though two new rl_config variables are introduced which can be used to
mitigate the issue.
Link: https://www.reportlab.com/docs/reportlab-userguide.pdf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -102697,6 +102697,8 @@ CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side
[buster] - python-reportlab <no-dsa> (Minor issue)
[stretch] - python-reportlab <postponed> (Can be fixed in next DLA)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
+ NOTE: Starting in 3.5.55 trustedSchemes and trustedHosts rl_config variables are introduced
+ NOTE: which can be used to mitigate the issue.
CVE-2020-28462
RESERVED
CVE-2020-28461
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9106f41f76fc217f3f8b9b0b5a705ab28eb28324
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9106f41f76fc217f3f8b9b0b5a705ab28eb28324
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220429/8ae3b3f8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list