Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: e00cb9f6 by Ola Lundqvist at 2022-05-22T23:07:38+02:00 libspring-java no longer supported for stretch. Marking CVE-2022-22970 and CVE-2022-22971 accordingly. - - - - - a282c886 by Ola Lundqvist at 2022-05-22T23:07:39+02:00 The package node-formidable is no longer supported for stretch, so marking CVE-2022-21698 accordingly. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4541,6 +4541,7 @@ CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module NOT-FOR-US: expressjs/connect-multiparty CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...) - node-formidable <unfixed> (bug #1011341) + [stretch] - node-formidable <end-of-life> (No longer supported in LTS) NOTE: https://www.youtube.com/watch?v=C6QPKooxhAo NOTE: https://github.com/vyas0189/CougarCS-Backend/issues/57 NOTE: unclear if reported upstream @@ -24782,9 +24783,11 @@ CVE-2022-22972 (VMware Workspace ONE Access, Identity Manager and vRealize Autom NOT-FOR-US: VMware CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...) - libspring-java <unfixed> + [stretch] - libspring-java <end-of-life> (No longer supported in LTS) NOTE: https://tanzu.vmware.com/security/cve-2022-22971 CVE-2022-22970 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...) - libspring-java <unfixed> + [stretch] - libspring-java <end-of-life> (No longer supported in LTS) NOTE: https://tanzu.vmware.com/security/cve-2022-22970 CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x prior t ...) NOT-FOR-US: spring-security-oauth View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01520eb3d083a70a73425bd3eedc3422e571d9d1...a282c886eff03fb846e55b839da5a8655ce383a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01520eb3d083a70a73425bd3eedc3422e571d9d1...a282c886eff03fb846e55b839da5a8655ce383a1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits