[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2020-1957 Use apache repository URL

Sat, 28 Mar 2020 03:42:09 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2ca443dc by Salvatore Bonaccorso at 2020-03-28T11:39:44+01:00
CVE-2020-1957 Use apache repository URL

- - - - -
4d570459 by Salvatore Bonaccorso at 2020-03-28T11:39:46+01:00
Add reference to jira issue

- - - - -
05909720 by Salvatore Bonaccorso at 2020-03-28T11:40:18+01:00
Adjust version for nss version in jessie

Only 2:3.26-1+debu8u5 got a rebase to 3.26.2 which included the fix for
CVE-2016-9074 via the upstream commit
https://hg.mozilla.org/projects/nss/rev/d38536fcc726 .

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22296,7 +22296,8 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using 
Apache Shiro with Spring dy
        - shiro <unfixed> (bug #955018)
        [jessie] - shiro <not-affected> (Vulnerable code not present)
        NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
-       NOTE: Possibly introduced in 
https://github.com/lamby/shiro/commit/a380b7d27be549e612d11ee04a84ac177677323c 
(1.5.0+)
+       NOTE: https://issues.apache.org/jira/browse/SHIRO-747
+       NOTE: Possibly introduced in 
https://github.com/apache/shiro/commit/a380b7d27be549e612d11ee04a84ac177677323c 
(1.5.0+)
        NOTE: Possible fix at https://github.com/apache/shiro/pull/203
 CVE-2020-1956
        RESERVED
@@ -189912,7 +189913,7 @@ CVE-2016-9075 (An issue where WebExtensions can use 
the mozAddonManager API to e
 CVE-2016-9074 (An existing mitigation of timing side-channel attacks is 
insufficient  ...)
        {DSA-3730-1 DSA-3716-1 DLA-759-1 DLA-752-1}
        - nss 2:3.26.2-1
-       [jessie] - nss 2:3.26-1+debu8u1
+       [jessie] - nss 2:3.26-1+debu8u5
        NOTE: Fixed by (3_26_BRANCH): 
https://hg.mozilla.org/projects/nss/rev/d38536fcc726 (3.26.1)
        - firefox-esr 45.5.0esr-1
        - icedove 1:45.5.0-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59bd7b53d7f82deaef89ef48bbbf139adb08110c...05909720467c03c189117e36a2b16eb9bd548c46

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59bd7b53d7f82deaef89ef48bbbf139adb08110c...05909720467c03c189117e36a2b16eb9bd548c46
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to