Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4ca70a32 by Tobias Frost at 2023-07-02T18:54:45+02:00 Triage packages with embedded code copies of yajl for CVE-2022-24795, CVE-2017-16516 and CVE-2023-33460 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2815,6 +2815,10 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse - ruby-yajl <unfixed> [bookworm] - ruby-yajl <no-dsa> (Minor issue) [bullseye] - ruby-yajl <no-dsa> (Minor issue) + - argyll <unfixed> (bug #1040151) + - collada2gltf <unfixed> (bug #1040153) + - lnav <unfixed> + - r-cran-jsonlite <unfixed> CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...) NOT-FOR-US: Sogou Workflow CVE-2023-33381 (A command injection vulnerability was found in the ping functionality ...) @@ -104246,6 +104250,14 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation [buster] - ruby-yajl <no-dsa> (Minor issue) [stretch] - ruby-yajl <no-dsa> (Minor issue) - yajl <unfixed> (bug #1040036) + - burp <unfixed> (bug #1040146) + - crun <unfixed> (bug #1040147) + - argyll <unfixed> (bug #1040150) + - collada2gltf <unfixed> (bug #1040153) + - epics-base <unfixed> (bug #1040159) + - lnav <unfixed> (bug #1040160) + - r-cran-jsonlite <unfixed> (bug #1040161) + - whitedb 0.7.3+git211004+dfsg-1 NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6 NOTE: https://github.com/brianmario/yajl-ruby/commit/e8de283a6d64f0902740fd09e858fc3d7d803161 @@ -381972,6 +381984,14 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is [stretch] - ruby-yajl <no-dsa> (Minor issue) [jessie] - ruby-yajl <no-dsa> (Minor issue) - yajl <unfixed> (bug #1040036) + - burp <unfixed> (bug #1040146) + - crun <unfixed> (bug #1040147) + - argyll <unfixed> (bug #1040150) + - collada2gltf <unfixed> (bug #1040153) + - epics-base <unfixed> (bug #1040159) + - lnav <unfixed> (bug #1040160) + - r-cran-jsonlite <unfixed> (bug #1040161) + - whitedb 0.7.3+git211004+dfsg-1 NOTE: https://github.com/brianmario/yajl-ruby/issues/176 NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce NOTE: yail: https://github.com/lloyd/yajl/issues/248 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca70a328445d5dbfe035198a3e3a680c3660f9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca70a328445d5dbfe035198a3e3a680c3660f9d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits