Debian Bug report logs -
#988950
CVE-2020-26892 CVE-2020-26521
Package:
src:golang-github-nats-io-jwt;
Maintainer for src:golang-github-nats-io-jwt is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Fri, 21 May 2021 19:54:01 UTC
Severity: grave
Tags: s ...
Folks,
The NATS project has a new advisories website:
<advisoriesnatsio/>
We also have two new CVEs; both relate to our JWT handling and both
affect the NATS server:
* CVE-2020-26521
+ Nil deref in JWT library, causing Go panic
+ NATS server upgrade required to avoid Denial-of-Service
+ 2020-11-02
* CVE-2020-26892
+ Inc ...