[Git][security-tracker-team/security-tracker][master] Track fixed version for two golang-github-nats-io-jwt issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
484fa420 by Salvatore Bonaccorso at 2022-06-03T16:27:30+02:00
Track fixed version for two golang-github-nats-io-jwt issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -116327,9 +116327,10 @@ CVE-2020-26894 (LiveCode v9.6.1 on Windows allows local, low-privileged users to
 CVE-2020-26893 (An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor c ...)
 	NOT-FOR-US: ClamXAV
 CVE-2020-26892 (The JWT library in NATS nats-server before 2.1.9 has Incorrect Access  ...)
-	- golang-github-nats-io-jwt <unfixed> (bug #988950)
+	- golang-github-nats-io-jwt 2.2.0-1 (bug #988950)
 	[buster] - golang-github-nats-io-jwt <no-dsa> (Minor issue)
 	NOTE: https://advisories.nats.io/CVE/CVE-2020-26892.txt
+	NOTE: https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5
 CVE-2020-26891 (AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS d ...)
 	- matrix-synapse 1.21.1-1
 	NOTE: https://github.com/matrix-org/synapse/pull/8444
@@ -117200,9 +117201,10 @@ CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...)
 CVE-2020-26522 (A cross-site request forgery (CSRF) vulnerability in mod/user/act_user ...)
 	NOT-FOR-US: Garfield Petshop
 CVE-2020-26521 (The JWT library in NATS nats-server before 2.1.9 allows a denial of se ...)
-	- golang-github-nats-io-jwt <unfixed> (bug #988950)
+	- golang-github-nats-io-jwt 2.2.0-1 (bug #988950)
 	[buster] - golang-github-nats-io-jwt <no-dsa> (Minor issue)
 	NOTE: https://advisories.nats.io/CVE/CVE-2020-26521.txt
+	NOTE: https://github.com/nats-io/jwt/security/advisories/GHSA-h2fg-54x9-5qhq
 CVE-2020-26520
 	RESERVED
 CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write when pa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/484fa420fc2b094ca69dee6eb81bc641bba45ee4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/484fa420fc2b094ca69dee6eb81bc641bba45ee4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220603/d2f125b0/attachment-0001.htm>