Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3eebf82e by Moritz Muehlenhoff at 2022-04-18T20:24:55+02:00
new spring/nekohtml issues (concludes external check)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12418,7 +12418,11 @@ CVE-2022-24841
CVE-2022-24840
RESERVED
CVE-2022-24839 (org.cyberneko.html is an html parser written in Java. The fork
of `org ...)
- TODO: check
+ - nekohtml <unfixed>
+ [bullseye] - nekohtml <no-dsa> (Minor issue)
+ [buster] - nekohtml <no-dsa> (Minor issue)
+ NOTE:
https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
+ NOTE:
https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
CVE-2022-24838 (Nextcloud Calendar is a calendar application for the nextcloud
framewo ...)
TODO: check
CVE-2022-24837 (HedgeDoc is an open-source, web-based, self-hosted,
collaborative mark ...)
@@ -19014,7 +19018,10 @@ CVE-2022-22970
CVE-2022-22969
RESERVED
CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20,
and older ...)
- TODO: check
+ - libspring-java <unfixed>
+ [bullseye] - libspring-java <no-dsa> (Minor issue)
+ [buster] - libspring-java <no-dsa> (Minor issue)
+ NOTE: https://tanzu.vmware.com/security/cve-2022-22968
CVE-2022-22967
RESERVED
CVE-2022-22966 (An authenticated, high privileged malicious actor with network
access ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eebf82e0e7ee9a8a8db919277bdcea9fb19ccee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eebf82e0e7ee9a8a8db919277bdcea9fb19ccee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
