Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 499dc10d by Salvatore Bonaccorso at 2022-09-10T16:18:12+02:00 Add CVE-2022-36087/python-oauthlib Note that the information from GHSA seems wrong, the issue has not been patched in v3.2.1 upstream. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10860,7 +10860,14 @@ CVE-2022-36089 (KubeVela is an application delivery platform Users using KubeVel CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations via either ...) NOT-FOR-US: GoCD CVE-2022-36087 (OAuthLib is an implementation of the OAuth request-signing logic for P ...) - TODO: check + - python-oauthlib <unfixed> + [bullseye] - python-oauthlib <not-affected> (Vulnerable code introduced later) + [buster] - python-oauthlib <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7 + NOTE: Introduced with: https://github.com/oauthlib/oauthlib/commit/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2 (v3.1.1) + NOTE: Fixed by: https://github.com/oauthlib/oauthlib/commit/e514826eea15f2b62bbc13da407b71552ef5ff4c + NOTE: Fixed by: https://github.com/oauthlib/oauthlib/commit/5d85c61998692643dd9d17e05d2646e06ce391e8 + TODO: double-check, the fix has not landed in 3.2.1 actually CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std systems. Prior ...) TODO: check CVE-2022-36085 (Open Policy Agent (OPA) is an open source, general-purpose policy engi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499dc10d1512272422e4c0149c182731773b8cd8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499dc10d1512272422e4c0149c182731773b8cd8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits