Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bcaceebb by Sylvain Beucler at 2025-06-23T20:51:02+02:00
CVE-2020-36309/nginx,libnginx-mod-http-lua: add context
"Breaking GitHub Private Pages for $35k"
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -349464,6 +349464,8 @@ CVE-2020-36309 (ngx_http_lua_module (aka
lua-nginx-module) before 0.10.16 in Ope
[bullseye] - nginx <ignored> (Minor issue, too intrusive to backport,
see #986787)
[buster] - nginx <ignored> (Minor issue, too intrusive to backport, see
#986787)
[stretch] - nginx <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://news.ycombinator.com/item?id=26709159
+ NOTE: https://robertchen.cc/blog/2021/04/03/github-pages-xss
NOTE: https://github.com/openresty/lua-nginx-module/pull/1654
NOTE: src:nginx/1.22.0-3 removed the http-lua module and moved it to a
separate package
CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers
to discov ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcaceebba8d83820ae853620aa94e0f523595bf9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcaceebba8d83820ae853620aa94e0f523595bf9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
