Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits: 99ff2359 by Brian May at 2020-12-03T08:22:40+11:00 Mark golang-github-dgrijalva-jwt-go not-affected in buster and stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -10654,6 +10654,8 @@ CVE-2020-26161 (In Octopus Deploy through 2020.4.2, an attacker could redirect u NOT-FOR-US: Octopus Deploy CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...) - golang-github-dgrijalva-jwt-go 3.2.0-3 (bug #971556) + [buster] - golang-github-dgrijalva-jwt-go <not-affected> (vulnerable code not present until version 3.0.0) + [stretch] - golang-github-dgrijalva-jwt-go <not-affected> (vulnerable code not present until version 3.0.0) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 NOTE: https://github.com/dgrijalva/jwt-go/issues/422 NOTE: https://github.com/dgrijalva/jwt-go/pull/286 ===================================== data/dla-needed.txt ===================================== @@ -49,8 +49,6 @@ f2fs-tools -- firmware-nonfree (Emilio) -- -golang-github-dgrijalva-jwt-go (Brian May) --- golang-golang-x-net-dev -- influxdb View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99ff2359e59683f3dcd7a6260ebd0cd64d41ba7f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99ff2359e59683f3dcd7a6260ebd0cd64d41ba7f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits