[Git][security-tracker-team/security-tracker][master] bugnums

Wed, 28 Dec 2022 10:58:16 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bb3db33c by Moritz Mühlenhoff at 2022-12-28T19:57:37+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8830,8 +8830,9 @@ CVE-2022-45463
 CVE-2022-4056
        RESERVED
 CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, 
improp ...)
-       - xdg-utils <unfixed>
+       - xdg-utils <unfixed> (bug #1027160)
        NOTE: 
https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
+       NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58
 CVE-2022-4054
        RESERVED
        - gitlab <unfixed>
@@ -24525,7 +24526,7 @@ CVE-2022-40718
 CVE-2022-40717
        RESERVED
 CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, 
and 1.13. ...)
-       - consul <unfixed>
+       - consul <unfixed> (bug #1027161)
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
 CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute 
Path Trave ...)
        NOT-FOR-US: NOKIA
@@ -66079,7 +66080,7 @@ CVE-2022-24441 (The package snyk before 1.1064.0 are 
vulnerable to Code Injectio
 CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and 
before 1 ...)
        NOT-FOR-US: cocoapods-downloader
 CVE-2022-24439 (All versions of package gitpython are vulnerable to Remote 
Code Execut ...)
-       - python-git <unfixed>
+       - python-git <unfixed> (bug #1027163)
        [bullseye] - python-git <no-dsa> (Minor issue)
        [buster] - python-git <no-dsa> (Minor issue)
        NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3db33cd98415b3aa4723798a8c4bea4bb0acc6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3db33cd98415b3aa4723798a8c4bea4bb0acc6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to