Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a43d37f1 by Salvatore Bonaccorso at 2021-02-10T09:02:06+01:00
Adjust libzstd version in buster
- - - - -
206c6701 by Salvatore Bonaccorso at 2021-02-10T09:05:46+01:00
Add CVE-2020-28476/python-tornado
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -182,7 +182,7 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers
to bypass intended acc
NOTE:
https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
CVE-2019-XXXX [zstd adds read permissions to files while being compressed or
uncompressed]
- libzstd 1.4.8+dfsg-1 (bug #981404)
- [buster] - libzstd 1.3.8+dfsg-3+deb10u
+ [buster] - libzstd 1.3.8+dfsg-3+deb10u1
NOTE: https://github.com/facebook/zstd/issues/1630
CVE-2021-26852
RESERVED
@@ -23398,7 +23398,9 @@ CVE-2020-28478 (This affects the package gsap before
3.6.0. ...)
CVE-2020-28477 (This affects all versions of package immer. ...)
NOT-FOR-US: Node immer
CVE-2020-28476 (All versions of package tornado are vulnerable to Web Cache
Poisoning ...)
- TODO: check
+ - python-tornado <unfixed>
+ [buster] - python-tornado <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-PYTHON-TORNADO-1017109
CVE-2020-28475
RESERVED
CVE-2020-28474
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3b470db93a9d2ac5c2a670cce07711dba1d35d90...206c670127cadafc42a5069cfa29bdfcabe417f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3b470db93a9d2ac5c2a670cce07711dba1d35d90...206c670127cadafc42a5069cfa29bdfcabe417f2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
