[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 30 21:10:28 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc893a05 by security tracker role at 2022-04-30T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1966,8 +1966,7 @@ CVE-2022-1366
 	RESERVED
 CVE-2022-1365 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
 	NOT-FOR-US: lquixada/cross-fetch
-CVE-2022-29265
-	RESERVED
+CVE-2022-29265 (Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2022-1364
 	RESERVED
@@ -4442,8 +4441,7 @@ CVE-2022-28325
 CVE-2022-28324
 	RESERVED
 	NOT-FOR-US: Echo MediaWiki extension
-CVE-2022-28323
-	RESERVED
+CVE-2022-28323 (An issue was discovered in MediaWiki through 1.37.2. The SecurePoll ex ...)
 	NOT-FOR-US: SecurePoll MediaWiki extension
 CVE-2022-28322
 	RESERVED
@@ -26861,6 +26859,7 @@ CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12
 	NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230
 CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive]
 	RESERVED
+	{DLA-2987-1}
 	- libarchive 3.5.2-1 (bug #1001990)
 	[bullseye] - libarchive 3.4.3-2+deb11u1
 	[buster] - libarchive <no-dsa> (Minor issue)
@@ -26869,6 +26868,7 @@ CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times,
 	NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2)
 CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target]
 	RESERVED
+	{DLA-2987-1}
 	- libarchive 3.5.2-1 (bug #1001986)
 	[bullseye] - libarchive 3.4.3-2+deb11u1
 	[buster] - libarchive <no-dsa> (Minor issue)
@@ -173981,6 +173981,7 @@ CVE-2019-19223 (A Broken Access Control vulnerability in the D-Link DSL-2680 web
 CVE-2019-19222 (A Stored XSS issue in the D-Link DSL-2680 web administration interface ...)
 	NOT-FOR-US: D-Link
 CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string ...)
+	{DLA-2987-1}
 	- libarchive 3.4.2-1 (bug #945287)
 	[buster] - libarchive <no-dsa> (Minor issue)
 	[jessie] - libarchive <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc893a05106bddc33b64ce8870120bb2a7cb5462

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc893a05106bddc33b64ce8870120bb2a7cb5462
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220430/b197e23a/attachment.htm>
