Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7abf24a6 by Chris Lamb at 2022-08-16T08:15:16-07:00 Triage CVE-2022-34749 in mistune for buster LTS. - - - - - d1959f4d by Chris Lamb at 2022-08-16T08:15:41-07:00 Triage CVE-2022-37394 in nova for buster LTS. - - - - - a3a9e490 by Chris Lamb at 2022-08-16T08:16:41-07:00 Triage CVE-2022-2514, CVE-2022-2523 & CVE-2022-2589 in fava for buster LTS. - - - - - 688aaa54 by Chris Lamb at 2022-08-16T08:16:56-07:00 data/dla-needed.txt: Add programming language. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2409,6 +2409,7 @@ CVE-2022-37395 CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...) - nova <unfixed> (bug #1016980) [bullseye] - nova <no-dsa> (Minor issue) + [buster] - nova <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/ossa/+bug/1981813 NOTE: https://review.opendev.org/c/openstack/nova/+/849985 NOTE: https://review.opendev.org/c/openstack/nova/+/850003 @@ -3274,6 +3275,7 @@ CVE-2022-2590 CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) - fava <unfixed> (bug #1016971) [bullseye] - fava <no-dsa> (Minor issue) + [buster] - fava <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/ NOTE: https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539 (v1.22.3) CVE-2022-37037 @@ -4749,6 +4751,7 @@ CVE-2022-33963 CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) - fava <unfixed> (bug #1016971) [bullseye] - fava <no-dsa> (Minor issue) + [buster] - fava <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2) CVE-2022-36381 @@ -4886,6 +4889,7 @@ CVE-2022-2515 CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...) - fava <unfixed> (bug #1016971) [bullseye] - fava <no-dsa> (Minor issue) + [buster] - fava <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429 NOTE: https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711 (v1.22) CVE-2022-2513 @@ -8961,6 +8965,7 @@ CVE-2022-34750 (An issue was discovered in MediaWiki through 1.38.1. The lemma l CVE-2022-34749 (In mistune through 2.0.2, support of inline markup is implemented by u ...) - mistune 2.0.3-1 (bug #1016089) [bullseye] - mistune <no-dsa> (Minor issue) + [buster] - mistune <no-dsa> (Minor issue) NOTE: https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2 (v2.0.3) CVE-2022-34748 (A vulnerability has been identified in Simcenter Femap (All versions & ...) NOT-FOR-US: Siemens ===================================== data/dla-needed.txt ===================================== @@ -75,6 +75,7 @@ php-horde-mime-viewer NOTE: 20220816: Programming language: PHP. -- php-horde-turba + NOTE: 20220816: Programming language: PHP. -- puma (Abhijith PA) NOTE: 20220801: Programming language: Ruby. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4301580e9b72e5a966e13d44e6e3ccf1f576c10...688aaa541ecd1651306d77bbe44f5fefa74cd54e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4301580e9b72e5a966e13d44e6e3ccf1f576c10...688aaa541ecd1651306d77bbe44f5fefa74cd54e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits