Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 653297d6 by Markus Koschany at 2023-09-04T12:39:44+02:00 Triage some wabt CVE as fixed in unstable and earlier versions. According to upstream CVE-2022-43280, CVE-2022-43281, CVE-2022-43282 and CVE-2022-43283 have been fixed with pull request https://github.com/WebAssembly/wabt/pull/1887 https://github.com/WebAssembly/wabt/pull/1931 First fixing version in Debian was 1.0.30-1 Pull request https://github.com/WebAssembly/wabt/pull/2218 fixed at least CVE-2023-31670. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -13011,7 +13011,7 @@ CVE-2023-31740 (There is a command injection vulnerability in the Linksys E2000 CVE-2023-31708 (A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers ...) NOT-FOR-US: EyouCMS CVE-2023-31670 (An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and ...) - - wabt <unfixed> (unimportant) + - wabt 1.0.33-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/2199 NOTE: Crash in CLI tool, no security impact CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in /authenticatio ...) @@ -61441,19 +61441,19 @@ CVE-2022-43285 (Nginx NJS v0.7.4 was discovered to contain a segmentation violat CVE-2022-43284 (Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation vi ...) NOT-FOR-US: njs CVE-2022-43283 (wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.) - - wabt <unfixed> (unimportant) + - wabt 1.0.30-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/1985 NOTE: Crash in CLI tool, no security impact CVE-2022-43282 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...) - - wabt <unfixed> (unimportant) + - wabt 1.0.30-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/1983 NOTE: Crash in CLI tool, no security impact CVE-2022-43281 (wasm-interp v1.0.29 was discovered to contain a heap overflow via the ...) - - wabt <unfixed> (unimportant) + - wabt 1.0.30-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/1981 NOTE: Crash in CLI tool, no security impact CVE-2022-43280 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...) - - wabt <unfixed> (unimportant) + - wabt 1.0.30-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/1982 NOTE: Crash in CLI tool, no security impact CVE-2022-43279 (LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerabil ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653297d601c73f51176d8eac23734a5ed27a9630 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653297d601c73f51176d8eac23734a5ed27a9630 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
