Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3658150 by Moritz Muehlenhoff at 2022-07-17T12:34:03+02:00
commons-configuration2 fixed in sid
puppetdb fixed in experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5415,7 +5415,7 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux
kernel before 5.17.6 is vuln
NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1
NOTE:
https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5)
CVE-2022-33980 (Apache Commons Configuration performs variable interpolation,
allowing ...)
- - commons-configuration2 <unfixed> (bug #1014960)
+ - commons-configuration2 2.8.0-1 (bug #1014960)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
- vim <unfixed>
@@ -94643,6 +94643,7 @@ CVE-2021-27022 (A flaw was discovered in bolt-server
and ace where running a tas
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: https://puppet.com/security/cve/CVE-2021-27022/
CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an
escalation ...)
+ [experimental] - puppetdb 7.10.1-1
- puppetdb <unfixed> (bug #990419)
[buster] - puppetdb <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2021-27021/
@@ -94653,6 +94654,7 @@ CVE-2021-27021 (A flaw was discovered in Puppet DB,
this flaw results in an esca
CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing
user inp ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2021-27019 (PuppetDB logging included potentially sensitive system
information. ...)
+ [experimental] - puppetdb 7.10.1-1
- puppetdb <unfixed>
[buster] - puppetdb <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/CVE-2021-27019/
@@ -173861,6 +173863,7 @@ CVE-2020-7944 (In Continuous Delivery for Puppet
Enterprise (CD4PE) before 3.4.0
NOT-FOR-US: Puppet Enterprise
CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and
debugging in ...)
- puppet <not-affected> (Doesn't affect Puppet masters
(passenger-based) in Debian)
+ [experimental] - puppetdb 7.10.1-1
- puppetdb <unfixed> (low)
[buster] - puppetdb <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/CVE-2020-7943/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3658150f2a0191961e5e3ffdb0463a11a2c4561
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3658150f2a0191961e5e3ffdb0463a11a2c4561
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
