[Git][security-tracker-team/security-tracker][master] Add three new trafficserver issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 20 07:15:58 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3297b0aa by Salvatore Bonaccorso at 2022-12-20T08:15:24+01:00
Add three new trafficserver issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22852,7 +22852,9 @@ CVE-2022-40745
 CVE-2022-40744
 	RESERVED
 CVE-2022-40743 (Improper Input Validation vulnerability for the xdebug plugin in Apach ...)
-	TODO: check
+	- trafficserver <unfixed>
+	NOTE: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02
+	TODO: check, appears to affect only 9.1.x versions
 CVE-2022-3233 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3232 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
@@ -31943,7 +31945,8 @@ CVE-2022-37393 (Zimbra's sudo configuration permits the zimbra user to execute t
 CVE-2022-2634 (An attacker may be able to execute malicious actions due to the lack o ...)
 	NOT-FOR-US: Digi ConnectPort X2D
 CVE-2022-37392 (Improper Check for Unusual or Exceptional Conditions vulnerability in  ...)
-	TODO: check
+	- trafficserver <unfixed>
+	NOTE: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02
 CVE-2022-37391
 	RESERVED
 CVE-2022-37390
@@ -44316,7 +44319,8 @@ CVE-2022-32751
 CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...)
 	NOT-FOR-US: IBM
 CVE-2022-32749 (Improper Check for Unusual or Exceptional Conditions vulnerability han ...)
-	TODO: check
+	- trafficserver <unfixed>
+	NOTE: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02
 CVE-2022-32748
 	RESERVED
 CVE-2022-32747



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3297b0aac7c1a16c88e837eb5ed28e12ae5d0d9e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3297b0aac7c1a16c88e837eb5ed28e12ae5d0d9e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221220/463c2074/attachment.htm>

More information about the debian-security-tracker-commits mailing list