Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da7114af by Salvatore Bonaccorso at 2023-01-02T20:59:59+01:00
Add additional references for CVE-2022-40151 and CVE-2022-40152
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26948,11 +26948,13 @@ CVE-2022-40153
CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to
Denial of ...)
- libwoodstox-java <unfixed>
NOTE: https://github.com/x-stream/xstream/issues/304
+ NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to
Denial o ...)
- libxstream-java <unfixed> (unimportant)
NOTE: https://github.com/x-stream/xstream/issues/304
NOTE: https://github.com/x-stream/xstream/issues/314
NOTE: https://x-stream.github.io/CVE-2022-40151.html
+ NOTE: https://github.com/advisories/GHSA-f8cc-g7j8-xxpm
NOTE: Only solution for the issue is to catch the StackOverflowError in
the client code
NOTE: calling XStream.
CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may
be vulner ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7114af89cb33acce55368a3ad6c6c735123bb4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7114af89cb33acce55368a3ad6c6c735123bb4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
