[Git][security-tracker-team/security-tracker][master] CVE-2022-1106/mruby vulnerable code introduced later

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f7708e0 by Neil Williams at 2022-04-06T11:06:08+01:00
CVE-2022-1106/mruby vulnerable code introduced later

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2034,10 +2034,10 @@ CVE-2022-27929
 CVE-2022-27928
 	RESERVED
 CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby prior t ...)
-	- mruby <undetermined>
+	- mruby <not-affected> (Vulnerable code introduced later)
 	NOTE: https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f
 	NOTE: https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c
-	TODO: check
+	NOTE: Vulnerable code introduced in https://github.com/mruby/mruby/commit/b137eb2678cfba8d6ffcddff5326ebe8eb7f6a24 (3.1.0-rc2)
 CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE affecting all ...)
 	TODO: check
 CVE-2022-1104



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7708e06a8d80603cdbfeaa22c061440be1b40e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7708e06a8d80603cdbfeaa22c061440be1b40e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220406/972ea4e3/attachment-0001.htm>