Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f77705f6 by Ola Lundqvist at 2020-05-01T20:39:01+02:00
Triage result for jquery. CVE-2020-11023 and CVE-2020-11023 are fixed with the
same patch. The extend function htmlPrefilter does not exist in the jessie
version. Marked them as not-affected.
- - - - -
e28c9766 by Ola Lundqvist at 2020-05-01T21:00:03+02:00
Triage result for salt. Added commit notes and package to dla-needed.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3116,9 +3116,13 @@ CVE-2020-11653 (An issue was discovered in Varnish Cache
before 6.0.6 LTS, 6.1.x
CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and
3000 bef ...)
- salt 3000.2+dfsg1-1
NOTE:
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
+ NOTE:
https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and
3000 bef ...)
- salt 3000.2+dfsg1-1
NOTE:
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
+ NOTE:
https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
+ NOTE: There is a typo (for more info see the release notes) in the
official correction.
+ NOTE: This should be fixed too since this typo causes a regression.
CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS)
11.2 before ...)
NOT-FOR-US: FreeNAS
CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through
12.9.2. Membe ...)
@@ -4765,9 +4769,11 @@ CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the
pairing process is vulne
NOT-FOR-US: Moonlight iOS/tvOS
CVE-2020-11023 (In jQuery before 3.5.0, passing HTML containing <option>
element ...)
- jquery <unfixed>
+ [jessie] - jquery <not-affected> (Vulnerable code note present)
NOTE:
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before
3.5.0, pass ...)
- jquery <unfixed>
+ [jessie] - jquery <not-affected> (Vulnerable code note present)
NOTE:
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
NOTE:
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version
1.0.8 ca ...)
=====================================
data/dla-needed.txt
=====================================
@@ -72,6 +72,9 @@ php5 (Thorsten Alteholz)
--
qemu (Adrian Bunk)
--
+salt
+ NOTE: Upstream fix for CVE-CVE-2020-11651 causes a regression. Should be
fixed too.
+--
sqlite3 (Mike Gabriel)
--
squid3 (Markus Koschany)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f21b1165aead7a310cf13daff9cb36e2601c0339...e28c97660d0485bc16410f653cbc73c5ad860d3e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f21b1165aead7a310cf13daff9cb36e2601c0339...e28c97660d0485bc16410f653cbc73c5ad860d3e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
