[Git][security-tracker-team/security-tracker][master] Associate CVE-2022-29167 with node-hawk
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 3 17:53:19 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26e773ad by Salvatore Bonaccorso at 2022-12-03T18:52:48+01:00
Associate CVE-2022-29167 with node-hawk
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50169,7 +50169,10 @@ CVE-2022-29169 (BigBlueButton is an open source web conferencing system. Version
CVE-2022-29168 (Wire is a secure messaging application. Wire is vulnerable to arbitrar ...)
NOT-FOR-US: wire-webapp
CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for making ...)
- NOT-FOR-US: Hawk (mozilla/hawk, different from itp'ed hawk, #634344)
+ - node-hawk <unfixed>
+ NOTE: https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq
+ NOTE: https://github.com/mozilla/hawk/pull/286
+ NOTE: https://github.com/mozilla/hawk/commit/ade134119bf1fdc4909d00f5a952c966f0075ad3
CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerab ...)
NOT-FOR-US: Matrix-appservice-bridge
CVE-2022-29165 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26e773ad96ddbc72f4b43d005a874aa4f409c7db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26e773ad96ddbc72f4b43d005a874aa4f409c7db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221203/62952cc9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list