[Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-21797

Tue Dec 6 20:02:18 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
303c284e by Salvatore Bonaccorso at 2022-12-06T21:01:01+01:00
Update status for CVE-2022-21797

Drop reference to the broken patch applied upstream in an initial
iteration to address the issue, which resulted to be incomplete in
fixing CVE-2022-21797.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60449,8 +60449,8 @@ CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arb
 	[buster] - joblib <no-dsa> (Minor issue, the fix from +deb10u1 is incomplete)
 	NOTE: https://github.com/joblib/joblib/issues/1128
 	NOTE: https://github.com/joblib/joblib/pull/1321
-	NOTE: vulnerable patch https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 (1.2.0)
-	NOTE: better fix https://github.com/joblib/joblib/pull/1327
+	NOTE: Better fix: https://github.com/joblib/joblib/pull/1327
+	NOTE: Fixed by: https://github.com/joblib/joblib/commit/54f4d21f098591c77b48c9acfffaa4cf0a45282b (1.2.0)
 	NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033
 CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnerable to ...)
 	NOT-FOR-US: github.com/masterminds/vcs



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303c284e4888b8d063a07b75c5c0d56776e8d5a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303c284e4888b8d063a07b75c5c0d56776e8d5a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221206/f42891f6/attachment.htm>
