Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
15420455 by Moritz Muehlenhoff at 2022-07-12T13:54:17+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7795,7 +7795,7 @@ CVE-2022-32513
CVE-2022-32512
RESERVED
CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses
JSON.load in a s ...)
- - ruby-jmespath <unfixed>
+ - ruby-jmespath <unfixed> (bug #1014807)
NOTE: https://github.com/jmespath/jmespath.rb/pull/55
NOTE:
https://github.com/jmespath/jmespath.rb/commit/e8841280053a9d9a0c90f36223f926c8b9e4ec49
(v1.6.1)
CVE-2022-32510
@@ -11833,7 +11833,7 @@ CVE-2022-31082 (GLPI is a Free Asset and IT Management
Software package, Data ce
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-31081 (HTTP::Daemon is a simple http server class written in perl.
Versions p ...)
- - libhttp-daemon-perl <unfixed>
+ - libhttp-daemon-perl <unfixed> (bug #1014808)
[bullseye] - libhttp-daemon-perl <no-dsa> (Minor issue)
[buster] - libhttp-daemon-perl <no-dsa> (Minor issue)
NOTE:
https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf
@@ -11952,7 +11952,7 @@ CVE-2022-31035 (Argo CD is a declarative, GitOps
continuous delivery tool for Ku
CVE-2022-31034 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2022-31033 (The Mechanize library is used for automating interaction with
websites ...)
- - ruby-mechanize <unfixed>
+ - ruby-mechanize <unfixed> (bug #1014809)
NOTE:
https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
NOTE: Prerequisite to clear credential headers when redirecting to
cross site
NOTE:
https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83
(v2.8.0)
@@ -30172,7 +30172,7 @@ CVE-2022-24797 (Pomerium is an identity-aware access
proxy. In distributed servi
CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for
running ...)
NOT-FOR-US: RaspberryMatic
CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and
generation libra ...)
- - ruby-yajl <unfixed>
+ - ruby-yajl <unfixed> (bug #1014803)
[bullseye] - ruby-yajl <no-dsa> (Minor issue)
[buster] - ruby-yajl <no-dsa> (Minor issue)
[stretch] - ruby-yajl <no-dsa> (Minor issue)
@@ -44960,7 +44960,7 @@ CVE-2021-44538 (The olm_session_describe function in
Matrix libolm before 3.2.7
NOTE: Introduced by:
https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96
(3.1.4)
NOTE: Fixed by:
https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6
(3.2.8)
CVE-2021-44537 (ownCloud owncloud/client before 2.9.2 allows Resource
Injection by a s ...)
- - owncloud-client <unfixed>
+ - owncloud-client <unfixed> (bug #1014810)
[buster] - owncloud-client <no-dsa> (Minor issue)
[stretch] - owncloud-client <not-affected> (OAuth support introduced in
2.4)
NOTE: https://owncloud.com/security-advisories/cve-2021-44537/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15420455c879a557e88e504ca27fa2bfc4c2e7b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15420455c879a557e88e504ca27fa2bfc4c2e7b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
