[Git][security-tracker-team/security-tracker][master] new node-socket.io-parser, git-big-picture, gitlab issues

Wed, 20 Jan 2021 02:32:38 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
85d48390 by Moritz Muehlenhoff at 2021-01-20T11:31:57+01:00
new node-socket.io-parser, git-big-picture, gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -788,7 +788,7 @@ CVE-2021-21263 [Unexpected bindings in QueryBuilder]
        NOTE: 
https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
        NOTE: https://github.com/laravel/framework/pull/35865
 CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on macOS mishandles 
certificat ...)
-       TODO: check
+       NOT-FOR-US: Docker Desktop on MacOS
 CVE-2021-3161
        RESERVED
 CVE-2021-3160
@@ -6160,7 +6160,8 @@ CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on 
TP-Link TL-WR840N 6_EU_0.9.1_
 CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS 
Imaging) ...)
        NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging)
 CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a 
branch name, ...)
-       TODO: check
+       - git-big-picture 1.0.0-1
+       NOTE: https://github.com/git-big-picture/git-big-picture/pull/62
 CVE-2021-22696
        RESERVED
 CVE-2020-36177 (RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has 
an out-o ...)
@@ -7269,15 +7270,15 @@ CVE-2021-22173
 CVE-2021-22172
        RESERVED
 CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab 
Pages f ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22170
        RESERVED
 CVE-2021-22169
        RESERVED
 CVE-2021-22168 (A regular expression denial of service issue has been 
discovered in Nu ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions 
starting ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22166 (An attacker could cause a Prometheus denial of service in 
GitLab 13.7+ ...)
        - gitlab <not-affected> (Only affects Gitlab 13.7.x)
        NOTE: 
https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
@@ -8874,7 +8875,9 @@ CVE-2020-36051 (Directory traversal vulnerability in 
page_edit.php in MiniCMS V1
 CVE-2020-36050
        RESERVED
 CVE-2020-36049 (socket.io-parser before 3.4.1 allows attackers to cause a 
denial of se ...)
-       TODO: check
+       - node-socket.io-parser 3.4.1-1
+       NOTE: https://blog.caller.xyz/socketio-engineio-dos/
+       NOTE: 
https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55
 CVE-2020-36048 (Engine.IO before 4.0.0 allows attackers to cause a denial of 
service ( ...)
        TODO: check
 CVE-2020-36047



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85d483908c9806e63d97c3ad4a027969e35b7730

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85d483908c9806e63d97c3ad4a027969e35b7730
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to