[Git][security-tracker-team/security-tracker][master] Track fixed version for two golang-github-nats-io-jwt issues

Salvatore Bonaccorso (@carnil) Fri, 03 Jun 2022 07:27:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
484fa420 by Salvatore Bonaccorso at 2022-06-03T16:27:30+02:00
Track fixed version for two golang-github-nats-io-jwt issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -116327,9 +116327,10 @@ CVE-2020-26894 (LiveCode v9.6.1 on Windows allows 
local, low-privileged users to
 CVE-2020-26893 (An issue was discovered in ClamXAV 3 before 3.1.1. A malicious 
actor c ...)
        NOT-FOR-US: ClamXAV
 CVE-2020-26892 (The JWT library in NATS nats-server before 2.1.9 has Incorrect 
Access  ...)
-       - golang-github-nats-io-jwt <unfixed> (bug #988950)
+       - golang-github-nats-io-jwt 2.2.0-1 (bug #988950)
        [buster] - golang-github-nats-io-jwt <no-dsa> (Minor issue)
        NOTE: https://advisories.nats.io/CVE/CVE-2020-26892.txt
+       NOTE: 
https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5
 CVE-2020-26891 (AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable 
to XSS d ...)
        - matrix-synapse 1.21.1-1
        NOTE: https://github.com/matrix-org/synapse/pull/8444
@@ -117200,9 +117201,10 @@ CVE-2020-26523 (Froala Editor before 3.2.2 allows 
XSS via pasted content. ...)
 CVE-2020-26522 (A cross-site request forgery (CSRF) vulnerability in 
mod/user/act_user ...)
        NOT-FOR-US: Garfield Petshop
 CVE-2020-26521 (The JWT library in NATS nats-server before 2.1.9 allows a 
denial of se ...)
-       - golang-github-nats-io-jwt <unfixed> (bug #988950)
+       - golang-github-nats-io-jwt 2.2.0-1 (bug #988950)
        [buster] - golang-github-nats-io-jwt <no-dsa> (Minor issue)
        NOTE: https://advisories.nats.io/CVE/CVE-2020-26521.txt
+       NOTE: 
https://github.com/nats-io/jwt/security/advisories/GHSA-h2fg-54x9-5qhq
 CVE-2020-26520
        RESERVED
 CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write 
when pa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/484fa420fc2b094ca69dee6eb81bc641bba45ee4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/484fa420fc2b094ca69dee6eb81bc641bba45ee4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for two golang-github-nats-io-jwt issues

Reply via email to