Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dde7e90f by Moritz Muehlenhoff at 2022-01-19T16:42:03+01:00
new apache-log4j1.2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -467,11 +467,13 @@ CVE-2022-0266 (Authorization Bypass Through
User-Controlled Key in Packagist rem
CVE-2022-0265
RESERVED
CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was
present in A ...)
- TODO: check
+ - apache-log4j1.2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
CVE-2022-23306
RESERVED
CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL
statement as ...)
- TODO: check
+ - apache-log4j1.2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist
pimcore/p ...)
NOT-FOR-US: pimcore
CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist
pimcore/pimcore prior ...)
@@ -530,7 +532,8 @@ CVE-2022-0244 (An issue has been discovered in GitLab CE/EE
affecting all versio
CVE-2022-0243
RESERVED
CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to
deserialization ...)
- TODO: check
+ - apache-log4j1.2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
CVE-2022-22142
RESERVED
CVE-2022-21805
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dde7e90f3c21c362b78880af91bb769754b57717
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dde7e90f3c21c362b78880af91bb769754b57717
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
