Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ae3324c by Moritz Muehlenhoff at 2023-02-27T20:52:48+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9554,7 +9554,7 @@ CVE-2011-10001 (A vulnerability was found in iamdroppy
phoenixcf. It has been de
CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
simplesam ...)
NOT-FOR-US: simplesamlphp-module-openidprovider
CVE-2023-XXXX [RUSTSEC-2022-0078]
- - rust-bumpalo <unfixed>
+ - rust-bumpalo <unfixed> (bug #1032088)
[bullseye] - rust-bumpalo <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0078.html
NOTE: https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111
@@ -17631,8 +17631,8 @@ CVE-2022-4494 (A vulnerability, which was classified as
critical, has been found
CVE-2022-4493 (A vulnerability classified as critical was found in scifio.
Affected b ...)
NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output)
CVE-2022-4492 (The undertow client is not checking the server identity
presented by t ...)
- - undertow <unfixed>
- TODO: check details,
https://bugzilla.redhat.com/show_bug.cgi?id=2153260 has missing public details
+ - undertow <unfixed> (bug #1032087)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2153260 has missing
public details
CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4490
@@ -25277,7 +25277,7 @@ CVE-2022-44902
CVE-2022-44901
RESERVED
CVE-2022-44900 (A directory traversal vulnerability in the
SevenZipFile.extractall() f ...)
- - py7zr <unfixed>
+ - py7zr <unfixed> (bug #1032091)
NOTE:
https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406
(v0.20.1)
NOTE: https://lessonsec.com/cve/cve-2022-44900/
CVE-2022-44899
@@ -40711,7 +40711,7 @@ CVE-2022-40154
CVE-2022-40153
REJECTED
CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to
Denial of ...)
- - libwoodstox-java <unfixed>
+ - libwoodstox-java <unfixed> (bug #1032089)
[bullseye] - libwoodstox-java <no-dsa> (Minor issue)
[buster] - libwoodstox-java <no-dsa> (Minor issue)
NOTE: https://github.com/x-stream/xstream/issues/304
@@ -42831,7 +42831,7 @@ CVE-2022-39270 (DiscoTOC is a Discourse theme component
that generates a table o
NOT-FOR-US: DiscoTOC Discourse theme
CVE-2022-39269 (PJSIP is a free and open source multimedia communication
library writt ...)
{DSA-5358-1 DLA-3335-1}
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1032092)
- pjproject <removed>
- ring 20230206.0~ds1-1
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg
@@ -88826,14 +88826,14 @@ CVE-2022-23548 (Discourse is an option source
discussion platform. Prior to vers
NOT-FOR-US: Discourse
CVE-2022-23537 (PJSIP is a free and open source multimedia communication
library writt ...)
{DSA-5358-1 DLA-3335-1}
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject <removed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
NOTE:
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
CVE-2022-23547 (PJSIP is a free and open source multimedia communication
library writt ...)
{DSA-5358-1 DLA-3335-1}
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject <removed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ae3324ced9499920d98bec6ebccbd9d1a4b6246
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ae3324ced9499920d98bec6ebccbd9d1a4b6246
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
