[Git][security-tracker-team/security-tracker][master] mruby updates

Sun, 10 Apr 2022 14:46:54 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9306762e by Moritz Muehlenhoff at 2022-04-10T23:46:19+02:00
mruby updates

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,11 @@ CVE-2022-1288 (A vulnerability, which was classified as 
problematic, has been fo
 CVE-2022-1287 (A vulnerability classified as critical was found in School Club 
Applic ...)
        NOT-FOR-US: School Club Application System 
 CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub 
repositor ...)
-       TODO: check
+       - mruby <unfixed>
+       [bullseye] - mruby <no-dsa> (Minor issue)
+       [buster] - mruby <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9
+       NOTE: https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189/
 CVE-2022-28888
        RESERVED
 CVE-2022-28887
@@ -487,7 +491,9 @@ CVE-2022-1278
 CVE-2022-1277
        RESERVED
 CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository 
mruby/mruby pr ...)
-       TODO: check
+       - mruby <not-affected> (Vulnerable code introduced later)
+       NOTE: https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25
+       NOTE: 
https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6
 CVE-2022-1275
        RESERVED
 CVE-2022-1274
@@ -1227,6 +1233,8 @@ CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub 
repository livehelperch
        NOT-FOR-US: livehelperchat
 CVE-2022-1212 (Use-After-Free in str_escape in mruby/mruby in GitHub 
repository mruby ...)
        - mruby <unfixed> (bug #1009044)
+       [bullseye] - mruby <no-dsa> (Minor issue)
+       [buster] - mruby <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe/
        NOTE: 
https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6
 CVE-2022-28381 (Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer 
overflo ...)
@@ -1378,7 +1386,9 @@ CVE-2022-1203
 CVE-2022-1202
        RESERVED
 CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub 
repositor ...)
-       - mruby <undetermined>
+       - mruby <unfixed>
+       [bullseye] - mruby <no-dsa> (Minor issue)
+       [buster] - mruby <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b
        NOTE: 
https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae
 CVE-2022-28327



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9306762e6bf64fc17d142cd4d753c97cf7f4802e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9306762e6bf64fc17d142cd4d753c97cf7f4802e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to