Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 887df33a by Salvatore Bonaccorso at 2023-11-27T18:56:23+01:00 Add additional CVEs for hoteldruid Thanks for upstream to confirm the validity of the CVEs (though not yet published) - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -65468,8 +65468,15 @@ CVE-2022-45594 RESERVED CVE-2022-45593 RESERVED -CVE-2022-45592 +CVE-2023-34854 [Authenticated remote code execution via backup/restore in HotelDruid] + - hoteldruid 3.0.6-1 + [bookworm] - hoteldruid <no-dsa> (Minor issue) + [bullseye] - hoteldruid <no-dsa> (Minor issue) +CVE-2022-45592 [(1) Server Side Request Forgery (SSRF), (2) persistant Cross site scripting (XSS), and (3) File upload vulnerability.] RESERVED + - hoteldruid 3.0.6-1 + [bookworm] - hoteldruid <no-dsa> (Minor issue) + [bullseye] - hoteldruid <no-dsa> (Minor issue) CVE-2022-45591 RESERVED CVE-2022-45590 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/887df33ab5bb5b160e419e30661dec18342a593a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/887df33ab5bb5b160e419e30661dec18342a593a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits