Your message dated Sat, 13 Aug 2022 10:37:09 +0200
with message-id <[email protected]>
and subject line Re: Bug#1016977: php-laravel-framework: CVE-2022-34943
has caused the Debian Bug report #1016977,
regarding php-laravel-framework: CVE-2022-34943
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1016977: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016977
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: php-laravel-framework
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for php-laravel-framework.
CVE-2022-34943[0]:
| Laravel v5.1 was discovered to contain a remote code execution (RCE)
| vulnerability via the component ChanceGenerator in __call.
https://github.com/beicheng-maker/vulns/issues/1 is very unclear and
will need to be reported upstream for their comments.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-34943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34943
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Hi
On Wed, Aug 10, 2022 at 10:11:59PM +0200, Moritz Mühlenhoff wrote:
> Source: php-laravel-framework
> X-Debbugs-CC: [email protected]
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for php-laravel-framework.
>
> CVE-2022-34943[0]:
> | Laravel v5.1 was discovered to contain a remote code execution (RCE)
> | vulnerability via the component ChanceGenerator in __call.
>
> https://github.com/beicheng-maker/vulns/issues/1 is very unclear and
> will need to be reported upstream for their comments.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2022-34943
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34943
>
> Please adjust the affected versions in the BTS as needed.
Turns out that this CVE was invalid, and further investigation showed
that it was no security issue (similar for some other CVEs assigned
for laravel).
This bug can be closed, CVE-2022-34943 now states:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none.
Reason: This candidate was withdrawn by its CNA. Further investigation
showed that it was not a security issue. Notes: none.
Same for CVE-2021-37298
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none.
Reason: This candidate was withdrawn by its CNA. Further investigation
showed that it was not a security issue. Notes: none.
Regards,
Salvatore
--- End Message ---
