[Git][security-tracker-team/security-tracker][master] 3 commits: Wrap slightly a long note

Wed, 31 Aug 2022 05:45:20 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7d193dd3 by Salvatore Bonaccorso at 2022-08-31T14:28:56+02:00
Wrap slightly a long note

- - - - -
c7a140b5 by Salvatore Bonaccorso at 2022-08-31T14:28:57+02:00
CVE-2022-35252: Reference upstream information and upstream tag

- - - - -
a5b5c0e9 by Salvatore Bonaccorso at 2022-08-31T14:44:35+02:00
Add Debian bug reference for CVE-2022-35252/curl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9133,7 +9133,9 @@ CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF 
which allows an attacke
        - wkhtmltopdf <unfixed> (unimportant)
        NOTE: 
https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-silently
        NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/issues/5249
-       NOTE: By design, wkhtmltopdf retrieves external resources. If it is 
employed inside a protected network in an automated way, a malicious actor may 
access internal resources. A user of wkhtmltopdf should restrict such access.
+       NOTE: By design, wkhtmltopdf retrieves external resources. If it is 
employed inside
+       NOTE: a protected network in an automated way, a malicious actor may 
access internal
+       NOTE: resources. A user of wkhtmltopdf should restrict such access.
 CVE-2022-35582
        RESERVED
 CVE-2022-35581
@@ -10010,9 +10012,10 @@ CVE-2022-35253
        RESERVED
 CVE-2022-35252
        RESERVED
-       - curl <unfixed>
+       - curl <unfixed> (bug #1018831)
        [bullseye] - curl <postponed> (Minor issue)
-       NOTE: https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb
+       NOTE: https://curl.se/docs/CVE-2022-35252.html
+       NOTE: Fixed by: 
https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb0ed786592c65c3 
(curl-7_85_0)
        NOTE: https://www.openwall.com/lists/oss-security/2022/08/31/2
 CVE-2022-35251
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37e036fc2adbb6251b8b24c763b70ae0f31edb2d...a5b5c0e91b164c0b801b1616e5a8448d21783c29

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37e036fc2adbb6251b8b24c763b70ae0f31edb2d...a5b5c0e91b164c0b801b1616e5a8448d21783c29
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to