Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fc61619c by Moritz Muehlenhoff at 2021-01-25T10:13:00+01:00
new python-clickhouse-driver issue
NFUs
bottle no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20923,14 +20923,15 @@ CVE-2020-28474
CVE-2020-28473 (The package bottle from 0 and before 0.12.19 are vulnerable to
Web Cac ...)
{DLA-2531-1}
- python-bottle 0.12.19-1
+ [buster] - python-bottle <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-BOTTLE-1017108
NOTE: Fixed by:
https://github.com/bottlepy/bottle/commit/57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b
(0.12.19)
CVE-2020-28472 (This affects the package @aws-sdk/shared-ini-file-loader
before 1.0.0- ...)
- TODO: check
+ NOT-FOR-US: aws-sdk-js
CVE-2020-28471
RESERVED
CVE-2020-28470 (This affects the package @scullyio/scully before 1.0.9. The
transfer s ...)
- TODO: check
+ NOT-FOR-US: scully
CVE-2020-28469
RESERVED
CVE-2020-28468 (This affects the package pwntools before 4.3.1. The shellcraft
generat ...)
@@ -20966,7 +20967,7 @@ CVE-2020-28454
CVE-2020-28453
RESERVED
CVE-2020-28452 (This affects the package
com.softwaremill.akka-http-session:core_2.12 ...)
- TODO: check
+ NOT-FOR-US: akka-http-session
CVE-2020-28451
RESERVED
CVE-2020-28450
@@ -23992,7 +23993,7 @@ CVE-2020-27860
CVE-2020-27859 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
NOT-FOR-US: NEC ESMPRO Manager
CVE-2020-27858 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: CA Arcserve
CVE-2020-27857
RESERVED
CVE-2020-27856
@@ -25995,11 +25996,11 @@ CVE-2020-27223
CVE-2020-27222
RESERVED
CVE-2020-27221 (In Eclipse OpenJ9 up to version 0.23, there is potential for a
stack-b ...)
- TODO: check
+ NOT-FOR-US: Eclipse OpenJ9
CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check
whether ...)
- TODO: check
+ NOT-FOR-US: Eclipse Hono
CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP
404 (Not ...)
- TODO: check
+ NOT-FOR-US: Eclipse Hawkbit
CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102,
10.0.0.alpha0 ...)
- jetty9 9.4.35-1 (bug #976211)
[stretch] - jetty9 <no-dsa> (Minor issue)
@@ -26271,9 +26272,9 @@ CVE-2020-27100
CVE-2020-27099
RESERVED
CVE-2020-27098 (In checkGrantUriPermission of UriGrantsManagerService.java,
there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-27097 (In checkGrantUriPermission of UriGrantsManagerService.java,
there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-27096
RESERVED
CVE-2020-27095
@@ -27062,7 +27063,7 @@ CVE-2020-26770
CVE-2020-26769
RESERVED
CVE-2020-26768 (Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site
Scriptin ...)
- TODO: check
+ NOT-FOR-US: Formstone
CVE-2020-26767
RESERVED
CVE-2020-26766 (A Cross Site Request Forgery (CSRF) vulnerability exists in
the logins ...)
@@ -27080,7 +27081,9 @@ CVE-2020-26761
CVE-2020-26760
RESERVED
CVE-2020-26759 (clickhouse-driver before 0.1.5 allows a malicious clickhouse
server to ...)
- TODO: check
+ - python-clickhouse-driver 0.2.0-1
+ NOTE:
https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b
+ NOTE:
https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598
CVE-2020-26758
RESERVED
CVE-2020-26757
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc61619cd6a06c7932ce8b800950eccc2e908585
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc61619cd6a06c7932ce8b800950eccc2e908585
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
