Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e00cb9f6 by Ola Lundqvist at 2022-05-22T23:07:38+02:00
libspring-java no longer supported for stretch. Marking CVE-2022-22970 and
CVE-2022-22971 accordingly.
- - - - -
a282c886 by Ola Lundqvist at 2022-05-22T23:07:39+02:00
The package node-formidable is no longer supported for stretch, so marking
CVE-2022-21698 accordingly.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4541,6 +4541,7 @@ CVE-2022-29623 (An arbitrary file upload vulnerability in
the file upload module
NOT-FOR-US: expressjs/connect-multiparty
CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4
allows att ...)
- node-formidable <unfixed> (bug #1011341)
+ [stretch] - node-formidable <end-of-life> (No longer supported in LTS)
NOTE: https://www.youtube.com/watch?v=C6QPKooxhAo
NOTE: https://github.com/vyas0189/CougarCS-Backend/issues/57
NOTE: unclear if reported upstream
@@ -24782,9 +24783,11 @@ CVE-2022-22972 (VMware Workspace ONE Access, Identity
Manager and vRealize Autom
NOT-FOR-US: VMware
CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and
old unsupp ...)
- libspring-java <unfixed>
+ [stretch] - libspring-java <end-of-life> (No longer supported in LTS)
NOTE: https://tanzu.vmware.com/security/cve-2022-22971
CVE-2022-22970 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and
old unsupp ...)
- libspring-java <unfixed>
+ [stretch] - libspring-java <end-of-life> (No longer supported in LTS)
NOTE: https://tanzu.vmware.com/security/cve-2022-22970
CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x
prior t ...)
NOT-FOR-US: spring-security-oauth
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01520eb3d083a70a73425bd3eedc3422e571d9d1...a282c886eff03fb846e55b839da5a8655ce383a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01520eb3d083a70a73425bd3eedc3422e571d9d1...a282c886eff03fb846e55b839da5a8655ce383a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
