Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36bc6443 by Moritz Muehlenhoff at 2022-06-20T14:51:57+02:00
new jodd, jupyter-notebook, jupyter-server, gitlab issue
new werkzeug non issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10905,7 +10905,7 @@ CVE-2022-29968 (An issue was discovered in the Linux
kernel through 5.17.5. io_r
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/32452a3eb8b64e01e2be717f518c0be046975b9d (5.18-rc5)
CVE-2022-1545 (It was possible to disclose details of confidential notes
created via ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer
overflow i ...)
{DSA-5160-1}
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
@@ -12003,7 +12003,10 @@ CVE-2022-29633 (An access control issue in Linglong
v1.0 allows attackers to acc
CVE-2022-29632 (An arbitrary file upload vulnerability in the component
/course/api/up ...)
NOT-FOR-US: Roncoo Education
CVE-2022-29631 (Jodd HTTP v6.0.9 was discovered to contain multiple CLRF
injection vul ...)
- TODO: check
+ - jodd <unfixed>
+ [bullseye] - jodd <no-dsa> (Minor issue)
+ [buster] - jodd <no-dsa> (Minor issue)
+ NOTE: https://github.com/oblac/jodd-http/issues/9
CVE-2022-29630
RESERVED
CVE-2022-29629
@@ -12800,10 +12803,8 @@ CVE-2022-29363 (Phpok v6.1 was discovered to contain a
deserialization vulnerabi
CVE-2022-29362 (A cross-site scripting (XSS) vulnerability in
/navigation/create?Paren ...)
NOT-FOR-US: ZKEACMS
CVE-2022-29361 (** DISPUTED ** Improper parsing of HTTP requests in Pallets
Werkzeug v ...)
- - python-werkzeug <unfixed> (unimportant)
- TODO: upstream disputes this as a misfiled CVE
+ NOTE: Disputed Werkzeug issue, no security impact
NOTE: https://github.com/pallets/werkzeug/issues/2420
- NOTE: Not considered a security issue upstream, negligible impact,
running dev server should not be run in production
CVE-2022-29360
RESERVED
CVE-2022-29359 (A stored cross-site scripting (XSS) vulnerability in
/scas/?page=clubs ...)
@@ -13166,13 +13167,18 @@ CVE-2022-29242 (GOST engine is a reference
implementation of the Russian GOST cr
NOTE:
https://github.com/gost-engine/engine/commit/b2b4d629f100eaee9f5942a106b1ccefe85b8808
(v3.0.1)
NOTE:
https://github.com/gost-engine/engine/commit/c6655a0b620a3e31f085cc906f8073fe81b2fad3
(v3.0.1)
CVE-2022-29241 (Jupyter Server provides the backend (i.e. the core services,
APIs, and ...)
- TODO: check
+ - jupyter-server <unfixed>
+ [bullseye] - jupyter-server <no-dsa> (Minor issue)
+ NOTE:
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g
CVE-2022-29240
RESERVED
CVE-2022-29239
RESERVED
CVE-2022-29238 (Jupyter Notebook is a web-based notebook environment for
interactive c ...)
- TODO: check
+ - jupyter-notebook <unfixed>
+ [bullseye] - jupyter-notebook <no-dsa> (Minor issue)
+ [buster] - jupyter-notebook <no-dsa> (Minor issue)
+ NOTE:
https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg
CVE-2022-29237 (Opencast is a free and open source solution for automated
video captur ...)
NOT-FOR-US: Opencast
CVE-2022-29236 (BigBlueButton is an open source web conferencing system.
Starting in v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36bc6443447b2700860025e29385b93eb5275eea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36bc6443447b2700860025e29385b93eb5275eea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
