[Git][security-tracker-team/security-tracker][master] Add reference to upstream tag information for upstream commits for antisamy

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 25 18:21:17 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7d2cec9 by Salvatore Bonaccorso at 2022-04-25T19:20:42+02:00
Add reference to upstream tag information for upstream commits for antisamy

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -495,7 +495,7 @@ CVE-2022-29578
 	RESERVED
 CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE ...)
 	- libowasp-antisamy-java <not-affected> (Incomplete fix for CVE-2022-28367 not applied)
-	NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0
+	NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
 CVE-2022-29576
 	RESERVED
 CVE-2022-29575
@@ -3588,9 +3588,9 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the
 	NOTE: https://github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d (v1.2.1)
 CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE ...)
 	- libowasp-antisamy-java <unfixed> (bug #1010154)
-	NOTE: https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae
+	NOTE: https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae (v1.6.6)
 	NOTE: Make sure to fix the issue completely and include the commit otherwise opening CVE-2022-29577
-	NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0
+	NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
 CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via crafte ...)
 	- libowasp-antisamy-java <unfixed> (bug #1010154)
 	NOTE: https://github.com/nahsra/antisamy/releases/tag/v1.6.6



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7d2cec945d269d9321424c7fa256b32032d5c68

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7d2cec945d269d9321424c7fa256b32032d5c68
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220425/71c1651f/attachment.htm>

More information about the debian-security-tracker-commits mailing list