Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5ae3324c by Moritz Muehlenhoff at 2023-02-27T20:52:48+01:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9554,7 +9554,7 @@ CVE-2011-10001 (A vulnerability was found in iamdroppy phoenixcf. It has been de CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesam ...) NOT-FOR-US: simplesamlphp-module-openidprovider CVE-2023-XXXX [RUSTSEC-2022-0078] - - rust-bumpalo <unfixed> + - rust-bumpalo <unfixed> (bug #1032088) [bullseye] - rust-bumpalo <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0078.html NOTE: https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111 @@ -17631,8 +17631,8 @@ CVE-2022-4494 (A vulnerability, which was classified as critical, has been found CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affected b ...) NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output) CVE-2022-4492 (The undertow client is not checking the server identity presented by t ...) - - undertow <unfixed> - TODO: check details, https://bugzilla.redhat.com/show_bug.cgi?id=2153260 has missing public details + - undertow <unfixed> (bug #1032087) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2153260 has missing public details CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4490 @@ -25277,7 +25277,7 @@ CVE-2022-44902 CVE-2022-44901 RESERVED CVE-2022-44900 (A directory traversal vulnerability in the SevenZipFile.extractall() f ...) - - py7zr <unfixed> + - py7zr <unfixed> (bug #1032091) NOTE: https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406 (v0.20.1) NOTE: https://lessonsec.com/cve/cve-2022-44900/ CVE-2022-44899 @@ -40711,7 +40711,7 @@ CVE-2022-40154 CVE-2022-40153 REJECTED CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...) - - libwoodstox-java <unfixed> + - libwoodstox-java <unfixed> (bug #1032089) [bullseye] - libwoodstox-java <no-dsa> (Minor issue) [buster] - libwoodstox-java <no-dsa> (Minor issue) NOTE: https://github.com/x-stream/xstream/issues/304 @@ -42831,7 +42831,7 @@ CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table o NOT-FOR-US: DiscoTOC Discourse theme CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5358-1 DLA-3335-1} - - asterisk <unfixed> + - asterisk <unfixed> (bug #1032092) - pjproject <removed> - ring 20230206.0~ds1-1 NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg @@ -88826,14 +88826,14 @@ CVE-2022-23548 (Discourse is an option source discussion platform. Prior to vers NOT-FOR-US: Discourse CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5358-1 DLA-3335-1} - - asterisk <unfixed> + - asterisk <unfixed> (bug #1032092) - ring 20230206.0~ds1-1 - pjproject <removed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5358-1 DLA-3335-1} - - asterisk <unfixed> + - asterisk <unfixed> (bug #1032092) - ring 20230206.0~ds1-1 - pjproject <removed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ae3324ced9499920d98bec6ebccbd9d1a4b6246 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ae3324ced9499920d98bec6ebccbd9d1a4b6246 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits