[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

golang-github-dgrijalva-jwt-go / CVE-2020-26160



I note this package - golang-github-dgrijalva-jwt-go - has been marked
as vulnerable to CVE-2020-26160 in both Debian stretch and buster.

https://security-tracker.debian.org/tracker/CVE-2020-26160

But I can't find any code in these versions that even mentions the
aud/audience fields.

So I plan to mark these versions as not vulnerable.
-- 
Brian May <bam@debian.org>


Reply to: