Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7abf24a6 by Chris Lamb at 2022-08-16T08:15:16-07:00
Triage CVE-2022-34749 in mistune for buster LTS.
- - - - -
d1959f4d by Chris Lamb at 2022-08-16T08:15:41-07:00
Triage CVE-2022-37394 in nova for buster LTS.
- - - - -
a3a9e490 by Chris Lamb at 2022-08-16T08:16:41-07:00
Triage CVE-2022-2514, CVE-2022-2523 & CVE-2022-2589 in fava for buster LTS.
- - - - -
688aaa54 by Chris Lamb at 2022-08-16T08:16:56-07:00
data/dla-needed.txt: Add programming language.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2409,6 +2409,7 @@ CVE-2022-37395
CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x
before 2 ...)
- nova <unfixed> (bug #1016980)
[bullseye] - nova <no-dsa> (Minor issue)
+ [buster] - nova <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ossa/+bug/1981813
NOTE: https://review.opendev.org/c/openstack/nova/+/849985
NOTE: https://review.opendev.org/c/openstack/nova/+/850003
@@ -3274,6 +3275,7 @@ CVE-2022-2590
CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository
beancount/ ...)
- fava <unfixed> (bug #1016971)
[bullseye] - fava <no-dsa> (Minor issue)
+ [buster] - fava <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/
NOTE:
https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
(v1.22.3)
CVE-2022-37037
@@ -4749,6 +4751,7 @@ CVE-2022-33963
CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository
beancount/ ...)
- fava <unfixed> (bug #1016971)
[bullseye] - fava <no-dsa> (Minor issue)
+ [buster] - fava <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
NOTE:
https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
(v1.22.2)
CVE-2022-36381
@@ -4886,6 +4889,7 @@ CVE-2022-2515
CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are
vulnerable t ...)
- fava <unfixed> (bug #1016971)
[bullseye] - fava <no-dsa> (Minor issue)
+ [buster] - fava <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
NOTE:
https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
(v1.22)
CVE-2022-2513
@@ -8961,6 +8965,7 @@ CVE-2022-34750 (An issue was discovered in MediaWiki
through 1.38.1. The lemma l
CVE-2022-34749 (In mistune through 2.0.2, support of inline markup is
implemented by u ...)
- mistune 2.0.3-1 (bug #1016089)
[bullseye] - mistune <no-dsa> (Minor issue)
+ [buster] - mistune <no-dsa> (Minor issue)
NOTE:
https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2
(v2.0.3)
CVE-2022-34748 (A vulnerability has been identified in Simcenter Femap (All
versions & ...)
NOT-FOR-US: Siemens
=====================================
data/dla-needed.txt
=====================================
@@ -75,6 +75,7 @@ php-horde-mime-viewer
NOTE: 20220816: Programming language: PHP.
--
php-horde-turba
+ NOTE: 20220816: Programming language: PHP.
--
puma (Abhijith PA)
NOTE: 20220801: Programming language: Ruby.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4301580e9b72e5a966e13d44e6e3ccf1f576c10...688aaa541ecd1651306d77bbe44f5fefa74cd54e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4301580e9b72e5a966e13d44e6e3ccf1f576c10...688aaa541ecd1651306d77bbe44f5fefa74cd54e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
