[Git][security-tracker-team/security-tracker][master] Review status for caddy issues

Mon, 19 Dec 2022 23:13:33 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
64fcbd56 by Salvatore Bonaccorso at 2022-12-20T08:06:24+01:00
Review status for caddy issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53451,7 +53451,9 @@ CVE-2022-29720 (74cmsSE v3.5.1 was discovered to 
contain an arbitrary file read
 CVE-2022-29719
        RESERVED
 CVE-2022-29718 (Caddy v2.4 was discovered to contain an open redirect 
vulnerability. A ...)
-       - caddy <unfixed>
+       - caddy <not-affected> (Fixed before initial upload to Debian to 
unstable; did affect experimental upload)
+       NOTE: https://github.com/caddyserver/caddy/pull/4499
+       NOTE: 
https://github.com/caddyserver/caddy/commit/3fe2c73dd04f7769a9d9673236cb94b79ac45659
 (v2.5.0-beta.1)
 CVE-2022-29717
        RESERVED
 CVE-2022-29716
@@ -193252,7 +193254,7 @@ CVE-2019-20838 (libpcre in PCRE before 8.43 allows a 
subject buffer over-read in
        NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 
(8.43)
        NOTE: Only an issue when UTF support disabled
 CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as 
demonstr ...)
-       - caddy <unfixed>
+       - caddy <not-affected> (Fixed before initial upload to Debian)
 CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related 
issue to CVE ...)
        - pound 2.8-2
        [stretch] - pound 2.7-1.3+deb9u1
@@ -289499,7 +289501,7 @@ CVE-2018-19149 (Poppler before 0.70.0 has a NULL 
pointer dereference in _poppler
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649457#c3
        NOTE: 
https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44
 (poppler-0.70.0)
 CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain 
invalid  ...)
-       - caddy <unfixed>
+       - caddy <not-affected> (Fixed before initial upload to Debian)
 CVE-2018-19147
        RESERVED
 CVE-2018-19146 (Concrete5 8.4.3 has XSS because config/concrete.php allows 
uploads (by ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64fcbd569dc6f18db3ec51cf24846868cdc59fdd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64fcbd569dc6f18db3ec51cf24846868cdc59fdd
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to