[Git][security-tracker-team/security-tracker][master] Update Hazelcast CVEs CVE-2022-0265 CVE-2020-26168

Fri, 04 Mar 2022 01:43:36 -0800 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5c268dc7 by Neil Williams at 2022-03-04T09:42:34+00:00
Update Hazelcast <itp> CVEs CVE-2022-0265 CVE-2020-26168

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9333,7 +9333,9 @@ CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a 
use-after-free of ID and
 CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist 
remdex/l ...)
        NOT-FOR-US: livehelperchat
 CVE-2022-0265 (Improper Restriction of XML External Entity Reference in GitHub 
reposi ...)
-       TODO: check
+       - hazelcast <itp> (bug #745640)
+       NOTE: 
https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748
 (v5.1)
+       NOTE: https://huntr.dev/bounties/d63972a2-b910-480a-a86b-d1f75d24d563/
 CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was 
present in A ...)
        {DLA-2905-1}
        - apache-log4j1.2 1.2.17-11 (bug #1004482)
@@ -99585,7 +99587,8 @@ CVE-2020-26170
 CVE-2020-26169
        RESERVED
 CVE-2020-26168 (The LDAP authentication method in LdapLoginModule in Hazelcast 
IMDG En ...)
-       NOT-FOR-US: Hazelcast
+       - hazelcast <itp> (bug #745640)
+       NOTE: https://docs.hazelcast.org/docs/ern/index.html#4-2-2 (v4.2.2)
 CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature 
allows an ano ...)
        NOT-FOR-US: FUEL CMS
 CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the 
file descr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c268dc76663e07b3186da9fcb073f81ab04d2b2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c268dc76663e07b3186da9fcb073f81ab04d2b2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to