[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-36309

Sat Nov 26 10:15:42 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5dd8fc81 by Salvatore Bonaccorso at 2022-11-26T11:14:13+01:00
Update information for CVE-2020-36309

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -116799,11 +116799,13 @@ CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8. arch/x86
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e
 CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...)
-	- nginx <unfixed> (bug #986787)
+	- libnginx-mod-http-lua 1:0.10.22-4
+	- nginx 1.22.0-3 (bug #986787)
 	[bullseye] - nginx <ignored> (Minor issue, too intrusive to backport, see #986787)
 	[buster] - nginx <ignored> (Minor issue, too intrusive to backport, see #986787)
 	[stretch] - nginx <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/openresty/lua-nginx-module/pull/1654
+	NOTE: src:nginx/1.22.0-3 removed the http-lua module and moved it to a separate package
 CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...)
 	{DLA-2658-1}
 	- redmine 4.0.7-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd8fc8191005e50c7d709e7923df37fcab6d9cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd8fc8191005e50c7d709e7923df37fcab6d9cc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221126/2ea98b9d/attachment.htm>
