[Git][security-tracker-team/security-tracker][master] python-reportlab fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jul 11 20:19:56 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bca79971 by Moritz Muehlenhoff at 2022-07-11T21:19:27+02:00
python-reportlab fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -119313,13 +119313,12 @@ CVE-2020-28465
CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the schema f ...)
NOT-FOR-US: Node djv
CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...)
- - python-reportlab <unfixed>
- [bullseye] - python-reportlab <no-dsa> (Minor issue)
+ - python-reportlab 3.5.55-1
[buster] - python-reportlab <no-dsa> (Minor issue)
[stretch] - python-reportlab <postponed> (Can be fixed in next DLA)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
NOTE: Starting in 3.5.55 trustedSchemes and trustedHosts rl_config variables are introduced
- NOTE: which can be used to mitigate the issue.
+ NOTE: which can be used to mitigate the issue, treating this as the fixed version
CVE-2020-28462
RESERVED
CVE-2020-28461
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca79971c11cedd40e6f22da2bc3c594389b8dbf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca79971c11cedd40e6f22da2bc3c594389b8dbf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220711/a504cc4c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list