[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2022-4415: mention upstream stable tree fix
Luca Boccassi (@bluca)
bluca at debian.org
Tue Dec 20 21:55:34 GMT 2022
Luca Boccassi pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9cb19a4a by Luca Boccassi at 2022-12-20T22:34:45+01:00
CVE-2022-4415: mention upstream stable tree fix
The main branch fix will not apply on bullseye
- - - - -
17d232b2 by Luca Boccassi at 2022-12-20T22:38:41+01:00
CVE-2022-4415: buster is unaffected, add note regarding scope
- - - - -
45d13857 by Luca Boccassi at 2022-12-20T22:47:48+01:00
CVE-2020-13529: mark sid/bookworm as fixed by noting the version
- - - - -
cbcf0ca5 by Luca Boccassi at 2022-12-20T22:49:57+01:00
CVE-2020-13776: mark buster as unaffected
issue introduced later
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3123,9 +3123,10 @@ CVE-2022-4416 (A vulnerability was found in RainyGao DocSys. It has been declare
CVE-2022-4415
RESERVED
- systemd <unfixed>
+ [buster] - systemd <not-affected> (Vulnerable code introduced later)
[bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point release)
- NOTE: Preparation: https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0
- NOTE: Fixed by: https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03
+ NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/bb47600aeb38c68c857fbf0ee5f66c3144dd81ce
+ NOTE: Affects only v247 and newer, and only if building with libacl support
CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework p ...)
NOT-FOR-US: nuxt
CVE-2022-4413 (Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/frame ...)
@@ -194326,6 +194327,7 @@ CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encry
NOTE: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
NOTE: https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da
CVE-2020-13776 (systemd through v245 mishandles numerical usernames such as ones compo ...)
+ [buster] - systemd <not-affected> (Vulnerable code introduced later)
- systemd 246-2 (unimportant)
NOTE: https://github.com/systemd/systemd/issues/15985
NOTE: https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843 (v246-rc1)
@@ -194978,8 +194980,7 @@ CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.
CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...)
NOT-FOR-US: EIP Stack Group OpENer
CVE-2020-13529 (An exploitable denial-of-service vulnerability exists in Systemd 245. ...)
- [experimental] - systemd 249~rc2-1
- - systemd <unfixed> (unimportant)
+ - systemd 249.4-2 (unimportant)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
NOTE: https://github.com/systemd/systemd/issues/16774
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959397
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/10d39f46c8de2a2d779bbb7a47ad1f06e9b9c757...cbcf0ca5db58077f858e18977bddf7c17590dad8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/10d39f46c8de2a2d779bbb7a47ad1f06e9b9c757...cbcf0ca5db58077f858e18977bddf7c17590dad8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221220/3c4ffd21/attachment.htm>
More information about the debian-security-tracker-commits
mailing list