diff --git a/2020/13xxx/CVE-2020-13936.json b/2020/13xxx/CVE-2020-13936.json index 9703cfdd85b..cb0b7e74871 100644 --- a/2020/13xxx/CVE-2020-13936.json +++ b/2020/13xxx/CVE-2020-13936.json @@ -129,6 +129,11 @@ "refsource": "MLIST", "name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3", "url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4@%3Cdev.santuario.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)", + "url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da@%3Cdev.ws.apache.org%3E" } ] }, diff --git a/2020/13xxx/CVE-2020-13949.json b/2020/13xxx/CVE-2020-13949.json index f2371371aea..8685c97a178 100644 --- a/2020/13xxx/CVE-2020-13949.json +++ b/2020/13xxx/CVE-2020-13949.json @@ -308,6 +308,11 @@ "refsource": "MLIST", "name": "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)", "url": "https://lists.apache.org/thread.html/r7597683cc8b87a31ec864835225a543dad112d7841bf1f17bf7eb8db@%3Cissues.hbase.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new issue #11028: Bump Thrift library version", + "url": "https://lists.apache.org/thread.html/rfbb01bb85cdc2022f3b96bdc416dbfcb49a2855b3a340aa88b2e1de9@%3Ccommits.druid.apache.org%3E" } ] }, diff --git a/2020/25xxx/CVE-2020-25097.json b/2020/25xxx/CVE-2020-25097.json index a485c48ef8c..4f354f461bc 100644 --- a/2020/25xxx/CVE-2020-25097.json +++ b/2020/25xxx/CVE-2020-25097.json @@ -66,6 +66,11 @@ "url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch", "refsource": "MISC", "name": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4873", + "url": "https://www.debian.org/security/2021/dsa-4873" } ] } diff --git a/2020/27xxx/CVE-2020-27170.json b/2020/27xxx/CVE-2020-27170.json index 3d880c51ef2..771b48c1606 100644 --- a/2020/27xxx/CVE-2020-27170.json +++ b/2020/27xxx/CVE-2020-27170.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-e49da8a226", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210324 Re: [CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged local users to leak content of kernel memory", + "url": "http://www.openwall.com/lists/oss-security/2021/03/24/4" } ] } diff --git a/2020/27xxx/CVE-2020-27171.json b/2020/27xxx/CVE-2020-27171.json index b6a4dfca8da..fb9544ec9d3 100644 --- a/2020/27xxx/CVE-2020-27171.json +++ b/2020/27xxx/CVE-2020-27171.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-e49da8a226", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210324 Re: [CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak content of kernel memory", + "url": "http://www.openwall.com/lists/oss-security/2021/03/24/5" } ] }