Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
303c284e by Salvatore Bonaccorso at 2022-12-06T21:01:01+01:00
Update status for CVE-2022-21797
Drop reference to the broken patch applied upstream in an initial
iteration to address the issue, which resulted to be incomplete in
fixing CVE-2022-21797.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -60449,8 +60449,8 @@ CVE-2022-21797 (The package joblib from 0 and before
1.2.0 are vulnerable to Arb
[buster] - joblib <no-dsa> (Minor issue, the fix from +deb10u1 is
incomplete)
NOTE: https://github.com/joblib/joblib/issues/1128
NOTE: https://github.com/joblib/joblib/pull/1321
- NOTE: vulnerable patch
https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059
(1.2.0)
- NOTE: better fix https://github.com/joblib/joblib/pull/1327
+ NOTE: Better fix: https://github.com/joblib/joblib/pull/1327
+ NOTE: Fixed by:
https://github.com/joblib/joblib/commit/54f4d21f098591c77b48c9acfffaa4cf0a45282b
(1.2.0)
NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033
CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are
vulnerable to ...)
NOT-FOR-US: github.com/masterminds/vcs
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303c284e4888b8d063a07b75c5c0d56776e8d5a5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303c284e4888b8d063a07b75c5c0d56776e8d5a5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
