Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af8064bd by Salvatore Bonaccorso at 2020-07-12T12:51:15+02:00
Add information on CVE-2020-4054/ruby-sanitize
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29878,7 +29878,9 @@ CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater
than or equal to 3.0.0 and
[stretch] - ruby-sanitize <not-affected> (Vulnerable code introduced
later)
[jessie] - ruby-sanitize <not-affected> (Vulnerable code introduced
later)
NOTE:
https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m
- NOTE:
https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9
+ NOTE: Fixed by:
https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9
(v5.2.1)
+ NOTE: Only in 5.0.0 removing of useless filtered elements content is
done by default
+ NOTE: with:
https://github.com/rgrove/sanitize/commit/faf9a0f432fda3cef29f0f8aad99d4dedf079d67
(v5.0.0)
CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a
path tra ...)
- helm-kubernetes <itp> (bug #910799)
CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site
scripting thro ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8064bdab59f1027073d0396915544bba96cb78
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8064bdab59f1027073d0396915544bba96cb78
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
