[Git][security-tracker-team/security-tracker][master] CVE-2022-1106/mruby vulnerable code introduced later

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5f7708e0 by Neil Williams at 2022-04-06T11:06:08+01:00
CVE-2022-1106/mruby vulnerable code introduced later

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2034,10 +2034,10 @@ CVE-2022-27929
 CVE-2022-27928
        RESERVED
 CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby 
prior t ...)
-       - mruby <undetermined>
+       - mruby <not-affected> (Vulnerable code introduced later)
        NOTE: https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f
        NOTE: 
https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c
-       TODO: check
+       NOTE: Vulnerable code introduced in 
https://github.com/mruby/mruby/commit/b137eb2678cfba8d6ffcddff5326ebe8eb7f6a24 
(3.1.0-rc2)
 CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE 
affecting all ...)
        TODO: check
 CVE-2022-1104



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7708e06a8d80603cdbfeaa22c061440be1b40e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7708e06a8d80603cdbfeaa22c061440be1b40e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits