Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9106f41f by Salvatore Bonaccorso at 2022-04-29T22:04:04+02:00 Add note for CVE-2020-28463 The issue is not fixed upstream, starting with 3.5.55 upstream version though two new rl_config variables are introduced which can be used to mitigate the issue. Link: https://www.reportlab.com/docs/reportlab-userguide.pdf - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -102697,6 +102697,8 @@ CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side [buster] - python-reportlab <no-dsa> (Minor issue) [stretch] - python-reportlab <postponed> (Can be fixed in next DLA) NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 + NOTE: Starting in 3.5.55 trustedSchemes and trustedHosts rl_config variables are introduced + NOTE: which can be used to mitigate the issue. CVE-2020-28462 RESERVED CVE-2020-28461 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9106f41f76fc217f3f8b9b0b5a705ab28eb28324 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9106f41f76fc217f3f8b9b0b5a705ab28eb28324 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
