[Git][security-tracker-team/security-tracker][master] Add CVE-2022-36227/libarchive

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e12857e6 by Salvatore Bonaccorso at 2022-11-22T11:14:23+01:00
Add CVE-2022-36227/libarchive

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28055,7 +28055,10 @@ CVE-2022-36229
 CVE-2022-36228
        RESERVED
 CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error 
after ca ...)
-       TODO: check
+       - libarchive <unfixed>
+       NOTE: https://github.com/libarchive/libarchive/issues/1754
+       NOTE: https://github.com/libarchive/libarchive/pull/1759
+       NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5
 CVE-2022-36226 (SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability 
via /Si ...)
        NOT-FOR-US: SiteServerCMS
 CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request 
Forgery (C ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12857e62bcc6ff50df3e1cc80cf2c0bd75dcb99

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12857e62bcc6ff50df3e1cc80cf2c0bd75dcb99
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits