Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 15420455 by Moritz Muehlenhoff at 2022-07-12T13:54:17+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -7795,7 +7795,7 @@ CVE-2022-32513 CVE-2022-32512 RESERVED CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a s ...) - - ruby-jmespath <unfixed> + - ruby-jmespath <unfixed> (bug #1014807) NOTE: https://github.com/jmespath/jmespath.rb/pull/55 NOTE: https://github.com/jmespath/jmespath.rb/commit/e8841280053a9d9a0c90f36223f926c8b9e4ec49 (v1.6.1) CVE-2022-32510 @@ -11833,7 +11833,7 @@ CVE-2022-31082 (GLPI is a Free Asset and IT Management Software package, Data ce - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-31081 (HTTP::Daemon is a simple http server class written in perl. Versions p ...) - - libhttp-daemon-perl <unfixed> + - libhttp-daemon-perl <unfixed> (bug #1014808) [bullseye] - libhttp-daemon-perl <no-dsa> (Minor issue) [buster] - libhttp-daemon-perl <no-dsa> (Minor issue) NOTE: https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf @@ -11952,7 +11952,7 @@ CVE-2022-31035 (Argo CD is a declarative, GitOps continuous delivery tool for Ku CVE-2022-31034 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...) - - ruby-mechanize <unfixed> + - ruby-mechanize <unfixed> (bug #1014809) NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9 NOTE: Prerequisite to clear credential headers when redirecting to cross site NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0) @@ -30172,7 +30172,7 @@ CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed servi CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for running ...) NOT-FOR-US: RaspberryMatic CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...) - - ruby-yajl <unfixed> + - ruby-yajl <unfixed> (bug #1014803) [bullseye] - ruby-yajl <no-dsa> (Minor issue) [buster] - ruby-yajl <no-dsa> (Minor issue) [stretch] - ruby-yajl <no-dsa> (Minor issue) @@ -44960,7 +44960,7 @@ CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4) NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8) CVE-2021-44537 (ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ...) - - owncloud-client <unfixed> + - owncloud-client <unfixed> (bug #1014810) [buster] - owncloud-client <no-dsa> (Minor issue) [stretch] - owncloud-client <not-affected> (OAuth support introduced in 2.4) NOTE: https://owncloud.com/security-advisories/cve-2021-44537/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15420455c879a557e88e504ca27fa2bfc4c2e7b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15420455c879a557e88e504ca27fa2bfc4c2e7b8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits