diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-09 12:09:27 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-09 12:09:27 +0200 |
commit | 7382aabb7fe136f6fc813d1b2aba6dad1f72f491 (patch) | |
tree | 632ae7ab3064ff1b56304fd91746aab68a454821 /data/CVE/2020.list | |
parent | 2dcf67eed61c2920d64614a9732bb760d5ba343f (diff) |
Merge in the accepted packages from buster 10.11
Though the release has not been happened yet, this is the list of
packages which were copied over from buster-pu to buster.
The final 10.11 changes need to still be verifed for any missing
additional ones.
Diffstat (limited to 'data/CVE/2020.list')
-rw-r--r-- | data/CVE/2020.list | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index e175b98b8f..8060d35448 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -30612,7 +30612,7 @@ CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, {DLA-2726-1} - shiro 1.3.2-5 (bug #988728) [bullseye] - shiro 1.3.2-4+deb11u1 - [buster] - shiro <no-dsa> (Minor issue) + [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7 NOTE: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E NOTE: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950 @@ -39427,7 +39427,7 @@ CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially {DLA-2726-1} - shiro 1.3.2-5 (bug #968753) [bullseye] - shiro 1.3.2-4+deb11u1 - [buster] - shiro <no-dsa> (Minor issue) + [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...) NOT-FOR-US: Apache ActiveMQ Artemis @@ -39567,7 +39567,7 @@ CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because o CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...) {DLA-2730-1 DLA-2239-1} - libpam-tacplus 1.3.8-2.1 (low; bug #962830) - [buster] - libpam-tacplus <no-dsa> (Minor issue) + [buster] - libpam-tacplus 1.3.8-2+deb10u1 [stretch] - libpam-tacplus <no-dsa> (Minor issue) NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 NOTE: https://github.com/kravietz/pam_tacplus/issues/149 @@ -44363,7 +44363,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d {DLA-2273-1} - shiro 1.3.2-5 (bug #988728) [bullseye] - shiro 1.3.2-4+deb11u1 - [buster] - shiro <no-dsa> (Minor issue) + [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1 NOTE: https://github.com/apache/shiro/pull/211 NOTE: https://issues.apache.org/jira/browse/SHIRO-753 @@ -44373,7 +44373,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...) - xmlgraphics-commons 2.4-2 (bug #984949) [bullseye] - xmlgraphics-commons 2.4-2~deb11u1 - [buster] - xmlgraphics-commons <no-dsa> (Minor issue) + [buster] - xmlgraphics-commons 2.3-1+deb10u1 [stretch] - xmlgraphics-commons <not-affected> (Vulnerable code is not present) NOTE: https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183 NOTE: https://issues.apache.org/jira/browse/XGC-122 @@ -67963,7 +67963,7 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dy {DLA-2273-1 DLA-2181-1} - shiro 1.3.2-5 (bug #955018) [bullseye] - shiro 1.3.2-4+deb11u1 - [buster] - shiro <no-dsa> (Minor issue) + [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322 |