Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2a84b22 by Salvatore Bonaccorso at 2022-06-10T07:26:56+02:00
Add CVE-2022-3104{2,3}/guzzle
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4505,10 +4505,16 @@ CVE-2022-31045
RESERVED
CVE-2022-31044
RESERVED
-CVE-2022-31043
+CVE-2022-31043 [Fix failure to strip Authorization header on HTTP downgrade]
RESERVED
-CVE-2022-31042
+ - guzzle <unfixed>
+ NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
+ NOTE:
https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
(7.4.4)
+CVE-2022-31042 [Failure to strip the Cookie header on change in host or HTTP
downgrade]
RESERVED
+ - guzzle <unfixed>
+ NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
+ NOTE:
https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
(7.4.4)
CVE-2022-31041
RESERVED
CVE-2022-31040
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2a84b22d091f661187a0d80ebafbb4783b5545f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2a84b22d091f661187a0d80ebafbb4783b5545f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
