[Git][security-tracker-team/security-tracker][master] Spit CVE-2022-37155 from the temporary entry for DSA-5190-1/spip

Sun Dec 25 21:07:40 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bca9c459 by Salvatore Bonaccorso at 2022-12-25T22:06:41+01:00
Spit CVE-2022-37155 from the temporary entry for DSA-5190-1/spip

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33753,7 +33753,9 @@ CVE-2022-37157
 CVE-2022-37156
 	RESERVED
 CVE-2022-37155 (RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to  ...)
-	TODO: check
+	- spip 4.1.5+dfsg-1
+	NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html
+	NOTE: https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/
 CVE-2022-37154
 	RESERVED
 CVE-2022-37153 (An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vu ...)
@@ -34765,7 +34767,7 @@ CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versio
 	- gitlab <unfixed>
 CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8 does n ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-XXXX [spip: security issues from 4.1.5 release]
+CVE-2022-XXXX [spip: XSS alowing priviledge escalation]
 	- spip 4.1.5+dfsg-1
 	[bullseye] - spip 3.2.11-3+deb11u5
 	[buster] - spip 3.2.4-1+deb10u9


=====================================
data/DSA/list
=====================================
@@ -350,6 +350,7 @@
 	{CVE-2021-33655 CVE-2022-2318 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33744 CVE-2022-34918}
 	[bullseye] - linux 5.10.127-2
 [26 Jul 2022] DSA-5190-1 spip - security update
+	{CVE-2022-37155}
 	[buster] - spip 3.2.4-1+deb10u9
 	[bullseye] - spip 3.2.11-3+deb11u5
 [24 Jul 2022] DSA-5189-1 gsasl - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca9c459d51d5ade94f390a28ff36e2b078b1355

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bca9c459d51d5ade94f390a28ff36e2b078b1355
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221225/0feb3c8d/attachment.htm>
