[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-29577 and CVE-2022-28367

Salvatore Bonaccorso (@carnil) Mon, 25 Apr 2022 10:14:15 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9d6cb3a2 by Salvatore Bonaccorso at 2022-04-25T19:13:14+02:00
Update information for CVE-2022-29577 and CVE-2022-28367

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -494,7 +494,8 @@ CVE-2022-29582 (In the Linux kernel before 5.17.3, 
fs/io_uring.c has a use-after
 CVE-2022-29578
        RESERVED
 CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling 
on STYLE ...)
-       NOT-FOR-US: OWASP AntiSamy
+       - libowasp-antisamy-java <not-affected> (Incomplete fix for 
CVE-2022-28367 not applied)
+       NOTE: 
https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0
 CVE-2022-29576
        RESERVED
 CVE-2022-29575
@@ -3588,6 +3589,8 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution 
via a .php file in the
 CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling 
on STYLE ...)
        - libowasp-antisamy-java <unfixed> (bug #1010154)
        NOTE: 
https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae
+       NOTE: Make sure to fix the issue completely and include the commit 
otherwise opening CVE-2022-29577
+       NOTE: 
https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0
 CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service 
via crafte ...)
        - libowasp-antisamy-java <unfixed> (bug #1010154)
        NOTE: https://github.com/nahsra/antisamy/releases/tag/v1.6.6



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d6cb3a23932b32cb51880724ecc6e3ac33325aa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d6cb3a23932b32cb51880724ecc6e3ac33325aa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-29577 and CVE-2022-28367

Reply via email to