[Git][security-tracker-team/security-tracker][master] 3 commits: Wrap slightly a long note

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 31 13:45:12 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d193dd3 by Salvatore Bonaccorso at 2022-08-31T14:28:56+02:00
Wrap slightly a long note

- - - - -
c7a140b5 by Salvatore Bonaccorso at 2022-08-31T14:28:57+02:00
CVE-2022-35252: Reference upstream information and upstream tag

- - - - -
a5b5c0e9 by Salvatore Bonaccorso at 2022-08-31T14:44:35+02:00
Add Debian bug reference for CVE-2022-35252/curl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9133,7 +9133,9 @@ CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacke
 	- wkhtmltopdf <unfixed> (unimportant)
 	NOTE: https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-silently
 	NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/issues/5249
-	NOTE: By design, wkhtmltopdf retrieves external resources. If it is employed inside a protected network in an automated way, a malicious actor may access internal resources. A user of wkhtmltopdf should restrict such access.
+	NOTE: By design, wkhtmltopdf retrieves external resources. If it is employed inside
+	NOTE: a protected network in an automated way, a malicious actor may access internal
+	NOTE: resources. A user of wkhtmltopdf should restrict such access.
 CVE-2022-35582
 	RESERVED
 CVE-2022-35581
@@ -10010,9 +10012,10 @@ CVE-2022-35253
 	RESERVED
 CVE-2022-35252
 	RESERVED
-	- curl <unfixed>
+	- curl <unfixed> (bug #1018831)
 	[bullseye] - curl <postponed> (Minor issue)
-	NOTE: https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb
+	NOTE: https://curl.se/docs/CVE-2022-35252.html
+	NOTE: Fixed by: https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb0ed786592c65c3 (curl-7_85_0)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/31/2
 CVE-2022-35251
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37e036fc2adbb6251b8b24c763b70ae0f31edb2d...a5b5c0e91b164c0b801b1616e5a8448d21783c29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37e036fc2adbb6251b8b24c763b70ae0f31edb2d...a5b5c0e91b164c0b801b1616e5a8448d21783c29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220831/bf9a8a18/attachment.htm>

More information about the debian-security-tracker-commits mailing list