[Git][security-tracker-team/security-tracker][master] node-mongodb spu

Wed, 29 Apr 2020 14:15:16 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d36c3679 by Moritz Muehlenhoff at 2020-04-29T23:14:20+02:00
node-mongodb spu
samba postponed

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5405,6 +5405,8 @@ CVE-2020-10705
 CVE-2020-10704
        RESERVED
        - samba <unfixed>
+       [buster] - samba <postponed> (Can be fixed along in future DSA)
+       [stretch] - samba <postponed> (Can be fixed along in future DSA)
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334
        NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html
 CVE-2020-10703 [Potential denial of service via active pool without target 
path]
@@ -12610,6 +12612,7 @@ CVE-2020-7611 (All versions of 
io.micronaut:micronaut-http-client before 1.2.11
 CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to 
Deserialization of ...)
        [experimental] - node-mongodb 3.5.5+~cs11.12.19-1
        - node-mongodb 3.5.6+~cs11.12.19-1
+       [buster] - node-mongodb <no-dsa> (Minor issue)
        NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19
        NOTE: https://snyk.io/vuln/SNYK-JS-BSON-561052
        NOTE: 
https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8
@@ -81801,6 +81804,7 @@ CVE-2019-2392
 CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson 
not corr ...)
        [experimental] - node-mongodb 3.5.5+~cs11.12.19-1
        - node-mongodb 3.5.6+~cs11.12.19-1
+       [buster] - node-mongodb <no-dsa> (Minor issue)
        NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19
 CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can 
create  ...)
        NOT-FOR-US: Microsoft


=====================================
data/next-point-update.txt
=====================================
@@ -122,3 +122,7 @@ CVE-2020-9383
        [buster] - linux 4.19.118-1
 CVE-2019-19046
        [buster] - linux 4.19.118-1
+CVE-2020-7610
+       [buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1
+CVE-2019-2391
+       [buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d36c36795673e4dff772e25ab36ffc34a738dd89

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d36c36795673e4dff772e25ab36ffc34a738dd89
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to