Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6dfce36a by security tracker role at 2022-09-03T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-3118
+ RESERVED
CVE-2022-39808
RESERVED
CVE-2022-39807
@@ -1256,8 +1258,8 @@ CVE-2022-39199
RESERVED
CVE-2022-39198
RESERVED
-CVE-2022-3099
- RESERVED
+CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0359.
...)
+ TODO: check
CVE-2022-3098
RESERVED
CVE-2022-3097
@@ -19625,6 +19627,7 @@ CVE-2022-32225 (A reflected DOM-Based XSS vulnerability
has been discovered in t
NOT-FOR-US: Veeam
CVE-2022-32224
RESERVED
+ {DLA-3093-1}
- rails 2:6.1.6.1+dfsg-1 (bug #1016140)
NOTE: https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
NOTE: Fixed by:
https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a
(main)
@@ -32953,6 +32956,7 @@ CVE-2022-27778 (A use of incorrectly resolved name
vulnerability fixed in 7.83.1
NOTE: https://curl.se/docs/CVE-2022-27778.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3
(curl-7_83_1)
CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and
< 5. ...)
+ {DLA-3093-1}
- rails 2:6.1.6.1+dfsg-1 (bug #1016982)
NOTE:
https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
NOTE: Fixed by:
https://github.com/rails/rails/commit/123f42a573f7fcbf391885c135ca809f21615180
(v6.1.5.1)
@@ -45748,6 +45752,7 @@ CVE-2022-23634 (Puma is a Ruby/Rack web server built
for parallelism. Prior to `
NOTE:
https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
(v5.6.3)
NOTE: Related issue to CVE-2022-23633 for src:rails
CVE-2022-23633 (Action Pack is a framework for handling and responding to web
requests ...)
+ {DLA-3093-1}
- rails 2:6.1.4.6+dfsg-1 (bug #1005389)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5
NOTE: Fixed by:
https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545
(v6.1.4.5)
@@ -49663,6 +49668,7 @@ CVE-2022-22579 (An information disclosure issue was
addressed with improved stat
CVE-2022-22578 (A logic issue was addressed with improved validation. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-22577 (An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0
that co ...)
+ {DLA-3093-1}
- rails 2:6.1.6.1+dfsg-1 (bug #1011941)
NOTE:
https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533
NOTE:
https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec
(v6.1.5.1)
@@ -55214,6 +55220,7 @@ CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7
through 2.17.0 (excluding secur
CVE-2022-21832
RESERVED
CVE-2022-21831 (A code injection vulnerability exists in the Active Storage
>= v5.2 ...)
+ {DLA-3093-1}
- rails 2:6.1.4.7+dfsg-1 (bug #1011940)
NOTE: https://github.com/advisories/GHSA-w749-p3v6-hccq
NOTE:
https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54
(v6.1.4.7)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dfce36a51397e6fee844ce41427a0fa848756f6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dfce36a51397e6fee844ce41427a0fa848756f6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
