Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d340057e by Salvatore Bonaccorso at 2022-10-07T22:48:14+02:00
Add CVE-2022-39237/golang-github-sylabs-sif
Explicitly tracking as well singularity-container as it uses AFAIC the
vendored copy and is unfixed as well.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7588,7 +7588,11 @@ CVE-2022-39239 (netlify-ipx is an on-Demand image
optimization for Netlify using
CVE-2022-39238 (Arvados is an open source platform for managing and analyzing
biomedic ...)
NOT-FOR-US: Arvados
CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference
implementa ...)
- TODO: check
+ - golang-github-sylabs-sif <unfixed>
+ - singularity-container <unfixed>
+ NOTE:
https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8
+ NOTE:
https://github.com/sylabs/sif/commit/21972852d8783bc93fbf080190de8e1978f1c254
(v2.8.1)
+ NOTE:
https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52
(v2.8.1)
CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for
JavaScript. ...)
- node-matrix-js-sdk <unfixed> (bug #1021136)
NOTE:
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d340057e63ef412932665d40e89db4b78990feb5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d340057e63ef412932665d40e89db4b78990feb5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
