[Git][security-tracker-team/security-tracker][master] mruby updates
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Apr 10 22:46:42 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9306762e by Moritz Muehlenhoff at 2022-04-10T23:46:19+02:00
mruby updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,11 @@ CVE-2022-1288 (A vulnerability, which was classified as problematic, has been fo
CVE-2022-1287 (A vulnerability classified as critical was found in School Club Applic ...)
NOT-FOR-US: School Club Application System
CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repositor ...)
- TODO: check
+ - mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ NOTE: https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9
+ NOTE: https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189/
CVE-2022-28888
RESERVED
CVE-2022-28887
@@ -487,7 +491,9 @@ CVE-2022-1278
CVE-2022-1277
RESERVED
CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby pr ...)
- TODO: check
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25
+ NOTE: https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6
CVE-2022-1275
RESERVED
CVE-2022-1274
@@ -1227,6 +1233,8 @@ CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub repository livehelperch
NOT-FOR-US: livehelperchat
CVE-2022-1212 (Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby ...)
- mruby <unfixed> (bug #1009044)
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe/
NOTE: https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6
CVE-2022-28381 (Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflo ...)
@@ -1378,7 +1386,9 @@ CVE-2022-1203
CVE-2022-1202
RESERVED
CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub repositor ...)
- - mruby <undetermined>
+ - mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b
NOTE: https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae
CVE-2022-28327
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9306762e6bf64fc17d142cd4d753c97cf7f4802e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9306762e6bf64fc17d142cd4d753c97cf7f4802e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220410/173b4f27/attachment.htm>
More information about the debian-security-tracker-commits
mailing list