Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a7cd35a5 by Moritz Muehlenhoff at 2023-02-17T19:30:25+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35994,7 +35994,7 @@ CVE-2022-40737 (An issue was discovered in Bento4
through 1.6.0-639. A buffer ov
CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie
excessive memory ...)
NOT-FOR-US: Bento4
CVE-2022-40735 (The Diffie-Hellman Key Agreement Protocol allows use of long
exponents ...)
- TODO: check
+ NOTE: Generic Diffie-Hellman protocol issue
CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through
2.5.1 a ...)
NOT-FOR-US: Laravel Filemanager
CVE-2022-40733
@@ -46039,7 +46039,7 @@ CVE-2022-2585
CVE-2022-2584 (The dag-pb codec can panic when decoding invalid blocks. ...)
NOT-FOR-US: go-codec-dagpb
CVE-2022-2583 (A race condition can cause incorrect HTTP request routing. ...)
- TODO: check
+ NOT-FOR-US: ntbosscher/gobase
CVE-2022-2582 (The AWS S3 Crypto SDK sends an unencrypted hash of the
plaintext along ...)
- golang-github-aws-aws-sdk-go 1.34.22-1
[buster] - golang-github-aws-aws-sdk-go <postponed> (Limited support,
minor issue, hash leak, invasive, follow bullseye DSAs/point-releases)
@@ -46070,7 +46070,7 @@ CVE-2020-36567 (Unsanitized input in the default logger
in github.com/gin-gonic/
NOTE: https://github.com/gin-gonic/gin/pull/2237
NOTE:
https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
(v1.6.0)
CVE-2020-36566 (Due to improper path santization, archives containing relative
file pa ...)
- TODO: check
+ NOT-FOR-US: Go whyrusleeping/tar-utils
CVE-2020-36565 (Due to improper sanitization of user input on Windows, the
static file ...)
TODO: check
CVE-2020-36564 (Due to improper validation of caller input, validation is
silently dis ...)
@@ -46082,9 +46082,9 @@ CVE-2019-25075 (HTML injection combined with path
traversal in the Email service
CVE-2019-25074
RESERVED
CVE-2019-25073 (Improper path santiziation in github.com/goadesign/goa before
v3.0.9, ...)
- TODO: check
+ NOT-FOR-US: github.com/goadesign/goa
CVE-2016-15005 (CSRF tokens are generated using math/rand, which is not a
cryptographi ...)
- TODO: check
+ NOT-FOR-US: github.com/dinever/golf
CVE-2022-37023 (Apache Geode versions prior to 1.15.0 are vulnerable to a
deserializat ...)
NOT-FOR-US: Apache Geode
CVE-2022-37022 (Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable
to a dese ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7cd35a5f272daaabd45f8e575b5b894253097aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7cd35a5f272daaabd45f8e575b5b894253097aa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
