Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a383f282 by Markus Koschany at 2022-10-29T23:47:04+02:00
CVE-2022-0699,shapelib: Mark Buster as no-dsa
Minor issue
- - - - -
d71191ca by Markus Koschany at 2022-10-29T23:48:18+02:00
Reserve DSA-5264-1 batik
- - - - -
6160ed2b by Markus Koschany at 2022-10-29T23:49:14+02:00
Reserve DSA-5265-1 tomcat9
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39444,7 +39444,6 @@ CVE-2022-29892 (Improper input validation vulnerability
in Space of Cybozu Garoo
CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14,
10.0.0-M1 ...)
{DLA-3160-1}
- tomcat9 9.0.63-1
- [bullseye] - tomcat9 <postponed> (Minor issue)
- tomcat8 <removed>
[stretch] - tomcat8 <postponed> (Minor issue)
NOTE:
https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48
(9.0.63)
@@ -51985,6 +51984,7 @@ CVE-2022-0700 (The Simple Tracking WordPress plugin
before 1.7 does not sanitise
CVE-2022-0699 (A double-free condition exists in contrib/shpsort.c of shapelib
1.5.0 ...)
- shapelib 1.5.0-3 (bug #1022557)
[bullseye] - shapelib <no-dsa> (Minor issue)
+ [buster] - shapelib <no-dsa> (Minor issue)
NOTE:
https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
NOTE: https://github.com/OSGeo/shapelib/issues/39
CVE-2022-25597 (ASUS RT-AC86U’s LPD service has insufficient filtering
for speci ...)
@@ -60381,7 +60381,6 @@ CVE-2022-23184 (In affected Octopus Server versions
when the server HTTP and HTT
CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time
of use ...)
{DLA-3160-1}
- tomcat9 9.0.58-1
- [bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
- tomcat8 <removed>
[stretch] - tomcat8 <postponed> (Minor issue; local race condition)
NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[29 Oct 2022] DSA-5265-1 tomcat9 - security update
+ {CVE-2021-43980 CVE-2022-23181 CVE-2022-29885}
+ [bullseye] - tomcat9 9.0.43-2~deb11u4
+[29 Oct 2022] DSA-5264-1 batik - security update
+ {CVE-2022-41704 CVE-2022-42890}
+ [bullseye] - batik 1.12-4+deb11u1
[29 Oct 2022] DSA-5263-1 chromium - security update
{CVE-2022-3723}
[bullseye] - chromium 107.0.5304.87-1~deb11u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ac4f6c94ac97439b2c9ab09d4bd063bbf53373a...6160ed2b1d2e4b4809f6a10127c3879d70f861c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ac4f6c94ac97439b2c9ab09d4bd063bbf53373a...6160ed2b1d2e4b4809f6a10127c3879d70f861c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
