Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ee8d0e6 by Salvatore Bonaccorso at 2022-09-29T11:11:29+02:00
Add Matrix SDK related CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5858,11 +5858,11 @@ CVE-2022-39259
CVE-2022-39258 (mailcow is a mailserver suite. A vulnerability innversions
prior to 20 ...)
NOT-FOR-US: mailcow
CVE-2022-39257 (Matrix iOS SDK allows developers to build iOS apps compatible
with Mat ...)
- TODO: check
+ NOT-FOR-US: Matrix iOS SDK
CVE-2022-39256 (Orckestra C1 CMS is a .NET based Web Content Management
System. A vuln ...)
NOT-FOR-US: Orckestra C1 CMS
CVE-2022-39255 (Matrix iOS SDK allows developers to build iOS apps compatible
with Mat ...)
- TODO: check
+ NOT-FOR-US: Matrix iOS SDK
CVE-2022-39254
RESERVED
CVE-2022-39253
@@ -5870,17 +5870,26 @@ CVE-2022-39253
CVE-2022-39252
RESERVED
CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for
JavaScript. ...)
- TODO: check
+ - node-matrix-js-sdk <undetermined>
+ NOTE:
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
+ NOTE:
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
+ NOTE:
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
+ TODO: check if affecting the nodejs version of matrix-js-sdk
CVE-2022-39250
RESERVED
CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for
JavaScript. ...)
- TODO: check
+ - node-matrix-js-sdk <undetermined>
+ NOTE:
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
+ NOTE:
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
+ NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3061
+ NOTE:
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
+ TODO: check if affecting the nodejs version of matrix-js-sdk
CVE-2022-39248 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to
version 1. ...)
- TODO: check
+ NOT-FOR-US: Matrix SDK for Android
CVE-2022-39247
RESERVED
CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to
version 1. ...)
- TODO: check
+ NOT-FOR-US: Matrix SDK for Android
CVE-2022-39245 (Mist is the command-line interface for the makedeb Package
Repository. ...)
TODO: check
CVE-2022-39244
@@ -5900,7 +5909,11 @@ CVE-2022-39238 (Arvados is an open source platform for
managing and analyzing bi
CVE-2022-39237
RESERVED
CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for
JavaScript. ...)
- TODO: check
+ - node-matrix-js-sdk <undetermined>
+ NOTE:
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
+ NOTE:
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
+ NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3488
+ TODO: check if affects nodejs version of matrix-js-sdk
CVE-2022-39235
RESERVED
CVE-2022-39234
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ee8d0e6d607d3470a359af5fff8fc271f34c526
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ee8d0e6d607d3470a359af5fff8fc271f34c526
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
