[Git][security-tracker-team/security-tracker][master] Add CVE-2022-24795/ruby-yajl
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 9 13:03:34 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a10b4ac6 by Salvatore Bonaccorso at 2022-04-09T14:02:49+02:00
Add CVE-2022-24795/ruby-yajl
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11010,7 +11010,9 @@ CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed servi
CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for running ...)
NOT-FOR-US: RaspberryMatic
CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...)
- TODO: check
+ - ruby-yajl <unfixed>
+ NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
+ NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a10b4ac6e37660cdc9b25fcd6b831fa7abf22bcb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a10b4ac6e37660cdc9b25fcd6b831fa7abf22bcb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220409/1d19ff85/attachment.htm>
More information about the debian-security-tracker-commits
mailing list