Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 480756ed by Salvatore Bonaccorso at 2022-05-30T20:41:38+02:00 CVE-2014-10402: Update note to directly reference the upstream commit - - - - - a6bcdc6c by Salvatore Bonaccorso at 2022-05-30T20:57:41+02:00 Add temporary tracking for spip issues fixed upstream with 4.1.2, 4.0.7 and 3.2.15 And as backported for the DSA 5152-1. There are no CVEs assigned for the issues, so apply a temporary entry just covering the whole update. Link: https://lists.debian.org/debian-security-announce/2022/msg00120.html - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,30 @@ +CVE-2022-XXXX [Sanitizing and other XSS protections] + - spip 4.1.2+dfsg-1 + [bullseye] - spip 3.2.11-3+deb11u4 + [buster] - spip 3.2.4-1+deb10u8 + NOTE: https://git.spip.net/spip/spip/commit/3b99287c9e1f7b9aee4c7e22b2a233fde5becd86 + NOTE: https://git.spip.net/spip/spip/commit/edb6a01c6dd2420ed5e125385252d37b86f93d68 + NOTE: https://git.spip.net/spip-team/securite/issues/3597 (not public) + NOTE: https://git.spip.net/spip/spip/commit/b28e1f9a39dd54e0f0bbfe3b211160e71d2562b7 + NOTE: https://git.spip.net/spip-team/securite/issues/3602 (not public) + NOTE: https://git.spip.net/spip/spip/commit/772a4baeda4eed24cbe8953fa60e7c7dcd6859a2 + NOTE: https://git.spip.net/spip-team/securite/issues/3698 (not public) + NOTE: https://git.spip.net/spip/spip/commit/e9a03a38d5ee606b79d795f8e28c29d4eb74838e + NOTE: https://git.spip.net/spip-team/securite/issues/3702 (not public) + NOTE: https://git.spip.net/spip/spip/commit/d99890f66906ab52aa18f9df6109e694192bc54e + NOTE: https://git.spip.net/spip-team/securite/issues/3703 (not public) + NOTE: https://git.spip.net/spip/spip/commit/97845aa30aa8d845d88b86715eab53b1de5e9c6d + NOTE: https://git.spip.net/spip-team/securite/issues/3728 (not public) + NOTE: https://git.spip.net/spip/spip/commit/754677579b34a1705a83b8d2674baaba17472b4d + NOTE: https://git.spip.net/spip/spip/commit/871777b0f56ce92c26fde3a3a53c625eb68dcff6 + NOTE: https://git.spip.net/spip-team/securite/issues/4494 (not public) + NOTE: https://git.spip.net/spip/spip/commit/901f583021938d4b1b1632cc8ec51950a1f3e988 + NOTE: https://git.spip.net/spip/spip/commit/ac67fc5be53e2e085c0599144a217b440dd72fa1 + NOTE: https://git.spip.net/spip/spip/commit/2ce34e62ebe457d06339d5b3cb92852d1d80635c + NOTE: https://git.spip.net/spip/spip/commit/8283532c94dac9f08c1fd250b433491d3fe22c84 + NOTE: https://git.spip.net/spip-team/securite/issues/3733 (not public) + NOTE: https://git.spip.net/spip/svp/commit/bf0ff95ac535f1aa53e6a946ea739fd71106f182 + NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-1-2-SPIP-4-0-7-SPIP-3-2.html?lang=fr CVE-2022-31798 RESERVED CVE-2022-31797 @@ -118287,7 +118314,8 @@ CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl [buster] - libdbi-perl 1.642-1+deb10u2 [stretch] - libdbi-perl <postponed> (Revisit when fixed upstream) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590 - NOTE: https://github.com/perl5-dbi/dbi/commit/12e3b14f54524ca81498f40cfa3678604429b2d6 (master) + NOTE: Test case: https://github.com/perl5-dbi/dbi/commit/27b10b5c3aacabc091046beaba478e671bb6111c + NOTE: Fixed by: https://github.com/perl5-dbi/dbi/commit/19d0fb169eed475e1c053e99036b8668625cfa94 (master) CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...) {DLA-2392-1 DLA-2391-1} - ruby2.7 2.7.1-4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d279cbd3a50ed02f6ee784b4a4b1cb85dc995b87...a6bcdc6c07d0cafce905b70e50332620965fe201 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d279cbd3a50ed02f6ee784b4a4b1cb85dc995b87...a6bcdc6c07d0cafce905b70e50332620965fe201 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
