Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e9c98e73 by Salvatore Bonaccorso at 2023-01-02T20:54:12+01:00
Update information for CVE-2022-40151 and CVE-2022-40152
Clarified status, CVE-2022-40151 is for x-stream, while CVE-2022-40152
is related to Woodstox.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26946,11 +26946,15 @@ CVE-2022-40154
CVE-2022-40153
REJECTED
CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to
Denial of ...)
- - libxstream-java <undetermined>
+ - libwoodstox-java <unfixed>
NOTE: https://github.com/x-stream/xstream/issues/304
CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to
Denial o ...)
- - libxstream-java <undetermined>
+ - libxstream-java <unfixed> (unimportant)
NOTE: https://github.com/x-stream/xstream/issues/304
+ NOTE: https://github.com/x-stream/xstream/issues/314
+ NOTE: https://x-stream.github.io/CVE-2022-40151.html
+ NOTE: Only solution for the issue is to catch the StackOverflowError in
the client code
+ NOTE: calling XStream.
CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may
be vulner ...)
{DLA-3259-1}
- libjettison-java 1.5.3-1 (bug #1022553)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9c98e738b38c77c5b8f3d61b46c9116b88e4db3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9c98e738b38c77c5b8f3d61b46c9116b88e4db3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
