[Git][security-tracker-team/security-tracker][master] Update old CVE-2016-7036 and associate it with python-jose
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 26 14:52:26 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7bf5a4b1 by Salvatore Bonaccorso at 2024-04-26T15:51:49+02:00
Update old CVE-2016-7036 and associate it with python-jose
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -499122,7 +499122,8 @@ CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated whe
CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell jwt be ...)
NOT-FOR-US: Malcolm Fell jwt
CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified impact b ...)
- NOT-FOR-US: Python jose
+ - python-jose <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/mpdavis/python-jose/commit/89b46353b9f611e9da38de3d2fedf52331167b93 (1.3.2)
CVE-2016-7035 (An authorization flaw was found in Pacemaker before 1.1.16, where it d ...)
- pacemaker 1.1.15-3 (bug #843041)
[wheezy] - pacemaker <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bf5a4b12101ad78c9e908e5cbcb4f7c9dd317f6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bf5a4b12101ad78c9e908e5cbcb4f7c9dd317f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240426/42db0702/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list