Luca Boccassi pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9cb19a4a by Luca Boccassi at 2022-12-20T22:34:45+01:00
CVE-2022-4415: mention upstream stable tree fix
The main branch fix will not apply on bullseye
- - - - -
17d232b2 by Luca Boccassi at 2022-12-20T22:38:41+01:00
CVE-2022-4415: buster is unaffected, add note regarding scope
- - - - -
45d13857 by Luca Boccassi at 2022-12-20T22:47:48+01:00
CVE-2020-13529: mark sid/bookworm as fixed by noting the version
- - - - -
cbcf0ca5 by Luca Boccassi at 2022-12-20T22:49:57+01:00
CVE-2020-13776: mark buster as unaffected
issue introduced later
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3123,9 +3123,10 @@ CVE-2022-4416 (A vulnerability was found in RainyGao
DocSys. It has been declare
CVE-2022-4415
RESERVED
- systemd <unfixed>
+ [buster] - systemd <not-affected> (Vulnerable code introduced later)
[bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point
release)
- NOTE: Preparation:
https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0
- NOTE: Fixed by:
https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03
+ NOTE: Fixed by:
https://github.com/systemd/systemd-stable/commit/bb47600aeb38c68c857fbf0ee5f66c3144dd81ce
+ NOTE: Affects only v247 and newer, and only if building with libacl
support
CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository
nuxt/framework p ...)
NOT-FOR-US: nuxt
CVE-2022-4413 (Cross-site Scripting (XSS) - Reflected in GitHub repository
nuxt/frame ...)
@@ -194326,6 +194327,7 @@ CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses
incorrect cryptography for encry
NOTE:
https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
NOTE:
https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da
CVE-2020-13776 (systemd through v245 mishandles numerical usernames such as
ones compo ...)
+ [buster] - systemd <not-affected> (Vulnerable code introduced later)
- systemd 246-2 (unimportant)
NOTE: https://github.com/systemd/systemd/issues/15985
NOTE:
https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843
(v246-rc1)
@@ -194978,8 +194980,7 @@ CVE-2020-13531 (A use-after-free vulnerability exists
in a way Pixar OpenUSD 20.
CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP
server fun ...)
NOT-FOR-US: EIP Stack Group OpENer
CVE-2020-13529 (An exploitable denial-of-service vulnerability exists in
Systemd 245. ...)
- [experimental] - systemd 249~rc2-1
- - systemd <unfixed> (unimportant)
+ - systemd 249.4-2 (unimportant)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
NOTE: https://github.com/systemd/systemd/issues/16774
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959397
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/10d39f46c8de2a2d779bbb7a47ad1f06e9b9c757...cbcf0ca5db58077f858e18977bddf7c17590dad8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/10d39f46c8de2a2d779bbb7a47ad1f06e9b9c757...cbcf0ca5db58077f858e18977bddf7c17590dad8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
