[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2022-34749 in mistune for buster LTS.

Tue Aug 16 16:17:22 BST 2022


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7abf24a6 by Chris Lamb at 2022-08-16T08:15:16-07:00
Triage CVE-2022-34749 in mistune for buster LTS.

- - - - -
d1959f4d by Chris Lamb at 2022-08-16T08:15:41-07:00
Triage CVE-2022-37394 in nova for buster LTS.

- - - - -
a3a9e490 by Chris Lamb at 2022-08-16T08:16:41-07:00
Triage CVE-2022-2514, CVE-2022-2523 & CVE-2022-2589 in fava for buster LTS.

- - - - -
688aaa54 by Chris Lamb at 2022-08-16T08:16:56-07:00
data/dla-needed.txt: Add programming language.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2409,6 +2409,7 @@ CVE-2022-37395
 CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...)
 	- nova <unfixed> (bug #1016980)
 	[bullseye] - nova <no-dsa> (Minor issue)
+	[buster] - nova <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ossa/+bug/1981813
 	NOTE: https://review.opendev.org/c/openstack/nova/+/849985
 	NOTE: https://review.opendev.org/c/openstack/nova/+/850003
@@ -3274,6 +3275,7 @@ CVE-2022-2590
 CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
 	- fava <unfixed> (bug #1016971)
 	[bullseye] - fava <no-dsa> (Minor issue)
+	[buster] - fava <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/
 	NOTE: https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539 (v1.22.3)
 CVE-2022-37037
@@ -4749,6 +4751,7 @@ CVE-2022-33963
 CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
 	- fava <unfixed> (bug #1016971)
 	[bullseye] - fava <no-dsa> (Minor issue)
+	[buster] - fava <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
 	NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2)
 CVE-2022-36381
@@ -4886,6 +4889,7 @@ CVE-2022-2515
 CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...)
 	- fava <unfixed> (bug #1016971)
 	[bullseye] - fava <no-dsa> (Minor issue)
+	[buster] - fava <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429
 	NOTE: https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711 (v1.22)
 CVE-2022-2513
@@ -8961,6 +8965,7 @@ CVE-2022-34750 (An issue was discovered in MediaWiki through 1.38.1. The lemma l
 CVE-2022-34749 (In mistune through 2.0.2, support of inline markup is implemented by u ...)
 	- mistune 2.0.3-1 (bug #1016089)
 	[bullseye] - mistune <no-dsa> (Minor issue)
+	[buster] - mistune <no-dsa> (Minor issue)
 	NOTE: https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2 (v2.0.3)
 CVE-2022-34748 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
 	NOT-FOR-US: Siemens


=====================================
data/dla-needed.txt
=====================================
@@ -75,6 +75,7 @@ php-horde-mime-viewer
   NOTE: 20220816: Programming language: PHP.
 --
 php-horde-turba
+  NOTE: 20220816: Programming language: PHP.
 --
 puma (Abhijith PA)
   NOTE: 20220801: Programming language: Ruby.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4301580e9b72e5a966e13d44e6e3ccf1f576c10...688aaa541ecd1651306d77bbe44f5fefa74cd54e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4301580e9b72e5a966e13d44e6e3ccf1f576c10...688aaa541ecd1651306d77bbe44f5fefa74cd54e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220816/8a6bb33b/attachment-0001.htm>
