David Prévot pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df4ce8c7 by David Prévot at 2020-09-02T19:33:46-04:00
CVE-2020-15094/symfony doesn’t affect stable
The vulnerability was introduced in 4.4 according to upstream, and I
checked that the interface was only introduced in 4.3.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20700,6 +20700,9 @@ CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6
are vulnerable to an inf
NOTE:
https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the
CachingHttpClient cla ...)
- symfony 4.4.13+dfsg-1
+ [buster] - symfony <not-affected> (Introduced in 4.4.0)
+ [stretch] - symfony <not-affected> (Introduced in 4.4.0)
+ [jessie] - symfony <not-affected> (Introduced in 4.4.0)
NOTE:
https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r
NOTE:
https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78
CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does
not pro ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4ce8c78f9a530a4f794c02bea73c71212db992
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4ce8c78f9a530a4f794c02bea73c71212db992
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
