Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a908fbb by Salvatore Bonaccorso at 2023-12-03T13:01:07+01:00
Track fixed version for libowasp-antisamy-java via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9173,7 +9173,7 @@ CVE-2023-43697 (Modification of Assumed-Immutable Data
(MAID) in RDT400 in SICK
CVE-2023-43696 (Improper Access Control in SICK APU allows an unprivileged
remote atta ...)
NOT-FOR-US: SICK
CVE-2023-43643 (AntiSamy is a library for performing fast, configurable
cleansing of H ...)
- - libowasp-antisamy-java <unfixed> (bug #1054164)
+ - libowasp-antisamy-java 1.7.4-1 (bug #1054164)
[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -117743,7 +117743,7 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code
execution via a .php file in the
NOTE: Vulnerability introduced by:
NOTE:
https://github.com/dompdf/dompdf/commit/0e0261b7bce372b3a05b712a023f6f742a22d57e
(v0.8.0)
CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling
on STYLE ...)
- - libowasp-antisamy-java <unfixed> (bug #1010154)
+ - libowasp-antisamy-java 1.7.4-1 (bug #1010154)
[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -117752,7 +117752,7 @@ CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows
XSS via HTML tag smuggling on
NOTE: Make sure to fix the issue completely and include the commit
otherwise opening CVE-2022-29577
NOTE:
https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0
(v1.6.7)
CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service
via crafte ...)
- - libowasp-antisamy-java <unfixed> (bug #1010154)
+ - libowasp-antisamy-java 1.7.4-1 (bug #1010154)
[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -171790,7 +171790,7 @@ CVE-2021-35045 (Cross site scripting (XSS)
vulnerability in Ice Hrm 29.0.0.OS, a
CVE-2021-35044
RESERVED
CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes
when using ...)
- - libowasp-antisamy-java <unfixed> (bug #1014981)
+ - libowasp-antisamy-java 1.7.4-1 (bug #1014981)
[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -411996,7 +411996,7 @@ CVE-2017-14737 (A cryptographic cache-based side
channel in the RSA implementati
CVE-2017-14736
RESERVED
CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as
demonstr ...)
- - libowasp-antisamy-java <unfixed> (bug #1014981)
+ - libowasp-antisamy-java 1.7.4-1 (bug #1014981)
[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -445733,7 +445733,7 @@ CVE-2016-10008 (SQL injection vulnerability in the
"Content Types > Content Type
CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen
in dotCM ...)
NOT-FOR-US: dotCMS
CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially
crafted inpu ...)
- - libowasp-antisamy-java <unfixed> (bug #1014981)
+ - libowasp-antisamy-java 1.7.4-1 (bug #1014981)
[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a908fbb4deeaa34bd1966e03e1daff12e47c987
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a908fbb4deeaa34bd1966e03e1daff12e47c987
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
