Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
58fded44 by Ola Lundqvist at 2022-12-29T22:33:26+01:00
Marked CVE-2021-35065 as no-dsa for buster following decision for bullseye.
- - - - -
5dd44285 by Ola Lundqvist at 2022-12-29T22:33:28+01:00
Marked CVE-2022-46175 as no-dsa for buster following decision for bullseye.
- - - - -
962c76c0 by Ola Lundqvist at 2022-12-29T22:33:29+01:00
Marked CVE-2022-4556 and CVE-2022-4558 as no-dsa for buster following decision
for bullseye.
- - - - -
91024c58 by Ola Lundqvist at 2022-12-29T22:33:29+01:00
LTS: add webkit2gtk to dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3542,12 +3542,14 @@ CVE-2022-4559 (A vulnerability was found in INEX
IPX-Manager up to 6.2.0. It has
CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has
been clas ...)
- sogo 5.8.0-1
[bullseye] - sogo <no-dsa> (Minor issue)
+ [buster] - sogo <no-dsa> (Minor issue)
NOTE:
https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3
(SOGo-5.8.0)
CVE-2022-4557
RESERVED
CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and
classified as ...)
- sogo 5.8.0-1
[bullseye] - sogo <no-dsa> (Minor issue)
+ [buster] - sogo <no-dsa> (Minor issue)
NOTE:
https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e
(SOGo-5.8.0)
CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to
authorization bypa ...)
NOT-FOR-US: WP Shamsi plugin for WordPress
@@ -7781,6 +7783,7 @@ CVE-2022-46176
CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that
aims to be ...)
- node-json5 <unfixed> (bug #1027145)
[bullseye] - node-json5 <no-dsa> (Minor issue)
+ [buster] - node-json5 <no-dsa> (Minor issue)
NOTE:
https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h
NOTE: https://github.com/json5/json5/issues/199
NOTE: https://github.com/json5/json5/issues/295
@@ -112987,6 +112990,7 @@ CVE-2021-35066 (An XXE vulnerability exists in
ConnectWise Automate before 2021.
CVE-2021-35065 (The glob-parent package before 6.0.1 for Node.js allows ReDoS
(regular ...)
- node-glob-parent 6.0.2+~5.1.1-1
[bullseye] - node-glob-parent <no-dsa> (Minor issue)
+ [buster] - node-glob-parent <no-dsa> (Minor issue)
NOTE:
https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
(v6.0.1)
NOTE: https://github.com/gulpjs/glob-parent/pull/49
CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege
escalation thro ...)
=====================================
data/dla-needed.txt
=====================================
@@ -314,6 +314,9 @@ trafficserver
NOTE: 20221114: https://people.debian.org/~abhijith/upload/trf/ (abhijith)
NOTE: 20221114: Asked upstream regarding CVE-2022-31779 (abhijith)
--
+webkit2gtk
+ NOTE: 20221229: Programming language: C++.
+--
xdg-utils
NOTE: 20221120: Programming language: C.
NOTE: 20221120: no real fix yet
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f62c0be03a0bb5162c2c4d5442530ad94396030...91024c5863af26db990ea17182899d181a2bafd8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f62c0be03a0bb5162c2c4d5442530ad94396030...91024c5863af26db990ea17182899d181a2bafd8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
