Stefano Rivera pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc90ce1e by Stefano Rivera at 2022-08-30T11:47:06+02:00
Upstream issue for CVE-2022-35583
- - - - -
354bd0fd by Stefano Rivera at 2022-08-30T11:52:05+02:00
Upstream hasn't looked at wkhtmltopdf's CVE
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9017,6 +9017,7 @@ CVE-2022-35584
CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an
attacker to g ...)
- wkhtmltopdf <unfixed>
NOTE:
https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-silently
+ NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/issues/5249
CVE-2022-35582
RESERVED
CVE-2022-35581
=====================================
data/dla-needed.txt
=====================================
@@ -104,6 +104,7 @@ upx-ucl (Thorsten Alteholz)
--
wkhtmltopdf
NOTE: 20220819: Programming language: C++.
+ NOTE: 20220830: No progress yet, upstream
--
zlib (Emilio)
NOTE: 20220813: Programming language: C.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d99d0ed678c2e2009d48d611d293fa2eb7ad869c...354bd0fddf6aa841c56cdc1a934e71560106c40a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d99d0ed678c2e2009d48d611d293fa2eb7ad869c...354bd0fddf6aa841c56cdc1a934e71560106c40a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
