Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits: 20407ff7 by Emilio Pozuelo Monfort at 2021-06-03T08:48:13+02:00 CVE-2021-29509/puma n/a on stretch - - - - - 1b2c2833 by Emilio Pozuelo Monfort at 2021-06-03T08:48:14+02:00 CVE-2021-29509/puma: link to official commit - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10132,8 +10132,9 @@ CVE-2021-29510 (Pydantic is a data validation and settings management using Pyth NOTE: https://github.com/samuelcolvin/pydantic/commit/7e83fdd2563ffac081db7ecdf1affa65ef38c468 CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The f ...) - puma 4.3.8-1 (bug #989054) + [stretch] - puma <not-affected> (Incomplete fix for CVE-2019-16770 not applied) NOTE: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5 - NOTE: https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837 + NOTE: https://github.com/puma/puma/commit/df72887170c7ef3614c941c9bdefb4a1f3546ebf NOTE: CVE is related to an incomplete fix for CVE-2019-16770 CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...) NOT-FOR-US: Wire @@ -120878,6 +120879,8 @@ CVE-2019-16770 (In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved clien [stretch] - puma <no-dsa> (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994 NOTE: https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e + NOTE: This is an incomplete fix. When fixing this issue make sure to also apply + NOTE: the fix for CVE-2021-29509 to not open that CVE. CVE-2019-16769 (The serialize-javascript npm package before version 2.1.1 is vulnerabl ...) NOT-FOR-US: serialize-javascript Node package CVE-2019-16768 (In affected versions of Sylius, exception messages from internal excep ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/601364f11f4b95027281a6dd964ad35c76aa8e49...1b2c2833ddac6904a84b74f4b042eea3b12e7339 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/601364f11f4b95027281a6dd964ad35c76aa8e49...1b2c2833ddac6904a84b74f4b042eea3b12e7339 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits