[Git][security-tracker-team/security-tracker][master] caddy entered the archive, mark as unfixed for pending review status

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 20 06:50:48 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c1c68b8 by Salvatore Bonaccorso at 2022-12-20T07:50:17+01:00
caddy entered the archive, mark as unfixed for pending review status

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53451,7 +53451,7 @@ CVE-2022-29720 (74cmsSE v3.5.1 was discovered to contain an arbitrary file read
 CVE-2022-29719
 	RESERVED
 CVE-2022-29718 (Caddy v2.4 was discovered to contain an open redirect vulnerability. A ...)
-	- caddy <itp> (bug #810890)
+	- caddy <unfixed>
 CVE-2022-29717
 	RESERVED
 CVE-2022-29716
@@ -193252,7 +193252,7 @@ CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in
 	NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 (8.43)
 	NOTE: Only an issue when UTF support disabled
 CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...)
-	- caddy <itp> (bug #810890)
+	- caddy <unfixed>
 CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related issue to CVE ...)
 	- pound 2.8-2
 	[stretch] - pound 2.7-1.3+deb9u1
@@ -289499,7 +289499,7 @@ CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in _poppler
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649457#c3
 	NOTE: https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 (poppler-0.70.0)
 CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid  ...)
-	- caddy <itp> (bug #810890)
+	- caddy <unfixed>
 CVE-2018-19147
 	RESERVED
 CVE-2018-19146 (Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c1c68b8b6736ac2b75d174a6ceeb0c53e84e4f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c1c68b8b6736ac2b75d174a6ceeb0c53e84e4f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221220/cf7bbc01/attachment.htm>

More information about the debian-security-tracker-commits mailing list