Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
907be172 by Neil Williams at 2022-05-06T14:10:13+01:00
CVE-2022-21949/ruby-xmlhash unfixed 1010667
- - - - -
29c55ad1 by Neil Williams at 2022-05-06T14:15:54+01:00
Process an NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12209,7 +12209,7 @@ CVE-2022-25647 (The package com.google.code.gson:gson
before 2.8.9 are vulnerabl
CVE-2022-25646
RESERVED
CVE-2022-25645 (All versions of package dset are vulnerable to Prototype
Pollution via ...)
- TODO: check
+ NOT-FOR-US: Node dset
CVE-2022-25644
RESERVED
CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype
Pollution ...)
@@ -27844,7 +27844,9 @@ CVE-2022-21951
CVE-2022-21950
RESERVED
CVE-2022-21949 (A Improper Restriction of XML External Entity Reference
vulnerability ...)
- TODO: check
+ - ruby-xmlhash <unfixed> (bug #1010667)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197928
+ NOTE:
https://github.com/coolo/xmlhash/commit/544e614e2674ad26b97a234baa013723c829b751
(1.3.8)
CVE-2022-21948
RESERVED
CVE-2022-21947 (A Improper Access Control vulnerability in Rancher Desktop of
SUSE all ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a12d4ad2505f97c9562a242ae5553cedbe5ffb5a...29c55ad1ad3ea8541bc4a49e9e6f1dff2670f25c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a12d4ad2505f97c9562a242ae5553cedbe5ffb5a...29c55ad1ad3ea8541bc4a49e9e6f1dff2670f25c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
