Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d626fcab by Moritz Muehlenhoff at 2020-05-04T09:53:46+02:00
jquery issues also affect node-jquery
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4813,10 +4813,14 @@ CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the
pairing process is vulne
CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before
3.5.0, pa ...)
- jquery <unfixed>
[jessie] - jquery <not-affected> (Vulnerable code note present)
+ [experimental] - node-jquery 3.5.0+dfsg-1
+ - node-jquery <unfixed>
NOTE:
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before
3.5.0, pass ...)
- jquery <unfixed>
[jessie] - jquery <not-affected> (Vulnerable code note present)
+ [experimental] - node-jquery 3.5.0+dfsg-1
+ - node-jquery <unfixed>
NOTE:
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
NOTE:
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version
1.0.8 ca ...)
@@ -8623,6 +8627,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9,
and 8.0.0 to 8.0.6 is
{DSA-4672-1}
- trafficserver 8.0.7+ds-1
NOTE:
https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE:
https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
CVE-2020-9480
RESERVED
CVE-2020-9479
@@ -27772,6 +27777,7 @@ CVE-2020-1944 (There is a vulnerability in Apache
Traffic Server 6.0.0 to 6.2.3,
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
NOTE:
https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE:
https://github.com/apache/trafficserver/commit/5830bc72611e85e7a31098ce86710242f29076dc
CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized,
allowing ...)
NOT-FOR-US: Apache OFBiz
CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory
generated ...)
@@ -36733,6 +36739,7 @@ CVE-2019-17565 (There is a vulnerability in Apache
Traffic Server 6.0.0 to 6.2.3
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
NOTE:
https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE:
https://github.com/apache/trafficserver/commit/60e0a8ce23d390b851873e020483d6f75e857158
CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which
has HTT ...)
NOT-FOR-US: Dubbo
CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to
9.0.29, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d626fcab143ee30e91a62bbe113fae76ac83ec62
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d626fcab143ee30e91a62bbe113fae76ac83ec62
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
