[Git][security-tracker-team/security-tracker][master] CVE-2022-4415: mark as ignored for buster
Luca Boccassi (@bluca)
bluca at debian.org
Thu Dec 22 10:36:24 GMT 2022
Luca Boccassi pushed to branch master at Debian Security Tracker / security-tracker
Commits:
897c6306 by Luca Boccassi at 2022-12-22T11:35:54+01:00
CVE-2022-4415: mark as ignored for buster
Functionality is present in v241, but disabled by default (unlike in bullseye)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3935,11 +3935,12 @@ CVE-2022-4415
RESERVED
- systemd <unfixed> (bug #1026831)
[bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point release)
- [buster] - systemd <not-affected> (Vulnerable code introduced later)
+ [buster] - systemd <ignored> (Optional feature; disabled by default)
NOTE: Preparation (main branch commit only): https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0
NOTE: Fixed by: https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03
NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/bb47600aeb38c68c857fbf0ee5f66c3144dd81ce (v247.13)
- NOTE: Affects only v246 and newer, and only if building with libacl support
+ NOTE: Affects only v246 and newer (when acl support was enabled by default), and only if building with libacl support
+ NOTE: Optional (disabled by default) faulty behaviour introduced by v215
NOTE: https://www.openwall.com/lists/oss-security/2022/12/21/3
CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework p ...)
NOT-FOR-US: nuxt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897c630688684bf7f51676a1ecb43bf94e913cd3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897c630688684bf7f51676a1ecb43bf94e913cd3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221222/421cd8f8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list