[Git][security-tracker-team/security-tracker][master] 2 commits: libspring-java no longer supported for stretch. Marking CVE-2022-22970 and...

Sun, 22 May 2022 14:08:02 -0700 


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e00cb9f6 by Ola Lundqvist at 2022-05-22T23:07:38+02:00
libspring-java no longer supported for stretch. Marking CVE-2022-22970 and 
CVE-2022-22971 accordingly.

- - - - -
a282c886 by Ola Lundqvist at 2022-05-22T23:07:39+02:00
The package node-formidable is no longer supported for stretch, so marking 
CVE-2022-21698 accordingly.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4541,6 +4541,7 @@ CVE-2022-29623 (An arbitrary file upload vulnerability in 
the file upload module
        NOT-FOR-US: expressjs/connect-multiparty
 CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 
allows att ...)
        - node-formidable <unfixed> (bug #1011341)
+       [stretch] - node-formidable <end-of-life> (No longer supported in LTS)
        NOTE: https://www.youtube.com/watch?v=C6QPKooxhAo
        NOTE: https://github.com/vyas0189/CougarCS-Backend/issues/57
        NOTE: unclear if reported upstream
@@ -24782,9 +24783,11 @@ CVE-2022-22972 (VMware Workspace ONE Access, Identity 
Manager and vRealize Autom
        NOT-FOR-US: VMware
 CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and 
old unsupp ...)
        - libspring-java <unfixed>
+       [stretch] - libspring-java <end-of-life> (No longer supported in LTS)
        NOTE: https://tanzu.vmware.com/security/cve-2022-22971
 CVE-2022-22970 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and 
old unsupp ...)
        - libspring-java <unfixed>
+       [stretch] - libspring-java <end-of-life> (No longer supported in LTS)
        NOTE: https://tanzu.vmware.com/security/cve-2022-22970
 CVE-2022-22969 (&lt;Issue Description&gt; Spring Security OAuth versions 2.5.x 
prior t ...)
        NOT-FOR-US: spring-security-oauth



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01520eb3d083a70a73425bd3eedc3422e571d9d1...a282c886eff03fb846e55b839da5a8655ce383a1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01520eb3d083a70a73425bd3eedc3422e571d9d1...a282c886eff03fb846e55b839da5a8655ce383a1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to