diff options
author | Abhijith PA <abhijith@disroot.org> | 2020-10-11 19:22:58 +0530 |
---|---|---|
committer | Abhijith PA <abhijith@disroot.org> | 2020-10-11 19:22:58 +0530 |
commit | 47e7d5a422a065693233318b1817832d77faf5c8 (patch) | |
tree | 29950649ab354aad46b2dc9ce5b647245c4bf978 /data | |
parent | 8688c41027733c7dbc0313694192ac1d84256576 (diff) |
stretch triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 2 | ||||
-rw-r--r-- | data/dla-needed.txt | 9 |
2 files changed, 11 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 4dabe148b2..08d0489295 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1653,6 +1653,7 @@ CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular ex CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...) - node-handlebars 3:4.7.2-1 - libjs-handlebars <removed> + [stretch] - libjs-handlebars <no-dsa> (Only reverse depends was diaspora which not in stretch) NOTE: https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388 NOTE: https://www.npmjs.com/advisories/1300 @@ -1661,6 +1662,7 @@ CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS) CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ...) - node-handlebars 3:4.5.3-1 - libjs-handlebars <removed> + [stretch] - libjs-handlebars <no-dsa> (Only reverse depends was diaspora which not in stretch) NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478 NOTE: https://www.npmjs.com/advisories/1316 NOTE: https://www.npmjs.com/advisories/1324 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 060298ce1b..0d828dc9c3 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -74,6 +74,8 @@ golang-1.7 -- golang-1.8 -- +golang-github-dgrijalva-jwt-go +-- golang-golang-x-net-dev -- guacamole-server (Markus Koschany) @@ -87,6 +89,8 @@ jupyter-notebook lemonldap-ng NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could defer. (lamby) -- +kdeconnect +-- libonig (Markus Koschany) NOTE: 20201002: Fix for CVE-2020-26159 is too trivial. Besides that, please consider NOTE: 20201002: fixing other errors mentioned in https://github.com/kkos/oniguruma/issues/207 @@ -116,8 +120,13 @@ php-horde-trean NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) -- +phpmyadmin (Abhijith PA) +-- python3.5 (Thorsten Alteholz) -- +pluxml + NOTE: 20201011: issue is still open upstream. Also low priority for us (abhijith) +-- qtsvg-opensource-src (Adrian Bunk) -- reel |