[Git][security-tracker-team/security-tracker][master] 2 commits: Upstream issue for CVE-2022-35583
Stefano Rivera (@stefanor)
stefanor at debian.org
Tue Aug 30 10:55:30 BST 2022
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc90ce1e by Stefano Rivera at 2022-08-30T11:47:06+02:00
Upstream issue for CVE-2022-35583
- - - - -
354bd0fd by Stefano Rivera at 2022-08-30T11:52:05+02:00
Upstream hasn't looked at wkhtmltopdf's CVE
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9017,6 +9017,7 @@ CVE-2022-35584
CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to g ...)
- wkhtmltopdf <unfixed>
NOTE: https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-silently
+ NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/issues/5249
CVE-2022-35582
RESERVED
CVE-2022-35581
=====================================
data/dla-needed.txt
=====================================
@@ -104,6 +104,7 @@ upx-ucl (Thorsten Alteholz)
--
wkhtmltopdf
NOTE: 20220819: Programming language: C++.
+ NOTE: 20220830: No progress yet, upstream
--
zlib (Emilio)
NOTE: 20220813: Programming language: C.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d99d0ed678c2e2009d48d611d293fa2eb7ad869c...354bd0fddf6aa841c56cdc1a934e71560106c40a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d99d0ed678c2e2009d48d611d293fa2eb7ad869c...354bd0fddf6aa841c56cdc1a934e71560106c40a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220830/b87ed71c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list