[Git][security-tracker-team/security-tracker][master] Review status for caddy issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 20 07:13:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
64fcbd56 by Salvatore Bonaccorso at 2022-12-20T08:06:24+01:00
Review status for caddy issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53451,7 +53451,9 @@ CVE-2022-29720 (74cmsSE v3.5.1 was discovered to contain an arbitrary file read
CVE-2022-29719
RESERVED
CVE-2022-29718 (Caddy v2.4 was discovered to contain an open redirect vulnerability. A ...)
- - caddy <unfixed>
+ - caddy <not-affected> (Fixed before initial upload to Debian to unstable; did affect experimental upload)
+ NOTE: https://github.com/caddyserver/caddy/pull/4499
+ NOTE: https://github.com/caddyserver/caddy/commit/3fe2c73dd04f7769a9d9673236cb94b79ac45659 (v2.5.0-beta.1)
CVE-2022-29717
RESERVED
CVE-2022-29716
@@ -193252,7 +193254,7 @@ CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in
NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 (8.43)
NOTE: Only an issue when UTF support disabled
CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...)
- - caddy <unfixed>
+ - caddy <not-affected> (Fixed before initial upload to Debian)
CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related issue to CVE ...)
- pound 2.8-2
[stretch] - pound 2.7-1.3+deb9u1
@@ -289499,7 +289501,7 @@ CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in _poppler
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649457#c3
NOTE: https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 (poppler-0.70.0)
CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid ...)
- - caddy <unfixed>
+ - caddy <not-affected> (Fixed before initial upload to Debian)
CVE-2018-19147
RESERVED
CVE-2018-19146 (Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64fcbd569dc6f18db3ec51cf24846868cdc59fdd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64fcbd569dc6f18db3ec51cf24846868cdc59fdd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221220/7ebcf3f5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list