[Git][security-tracker-team/security-tracker][master] Add CVE-2021-44120/spip

Thu, 27 Jan 2022 15:07:38 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6b895fac by Salvatore Bonaccorso at 2022-01-28T00:06:59+01:00
Add CVE-2021-44120/spip

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12606,7 +12606,9 @@ CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site 
Request Forgery (CSRF) vu
 CVE-2021-44121
        REJECTED
 CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       - spip 3.2.12-1
+       NOTE: 
https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81
+       NOTE: 
https://git.spip.net/spip/spip/commit/361cc26080d1377bc55d2cb80736e5cfaf5fd242 
(v3.2.12)
 CVE-2021-44119
        RESERVED
 CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) 
vulnerability.  ...)


=====================================
data/DLA/list
=====================================
@@ -110,7 +110,7 @@
 [29 Dec 2021] DLA-2857-2 postgis - regression update
        [stretch] - postgis 2.3.1+dfsg-2+deb9u2
 [29 Dec 2021] DLA-2867-1 spip - security update
-       {CVE-2021-44122}
+       {CVE-2021-44120 CVE-2021-44122}
        [stretch] - spip 3.1.4-4~deb9u4+deb9u2
 [29 Dec 2021] DLA-2866-1 uw-imap - security update
        {CVE-2018-19518}


=====================================
data/DSA/list
=====================================
@@ -128,7 +128,7 @@
        [buster] - sogo 4.0.7-1+deb10u2
        [bullseye] - sogo 5.0.1-4+deb11u1
 [22 Dec 2021] DSA-5028-1 spip - security update
-       {CVE-2021-44122}
+       {CVE-2021-44120 CVE-2021-44122}
        [buster] - spip 3.2.4-1+deb10u5
        [bullseye] - spip 3.2.11-3+deb11u1
 [21 Dec 2021] DSA-5027-1 xorg-server - security update



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b895fac132f7dc2ea3aafc4ece397e2750dc621

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b895fac132f7dc2ea3aafc4ece397e2750dc621
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to