[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Dec 28 18:58:05 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb3db33c by Moritz Mühlenhoff at 2022-12-28T19:57:37+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8830,8 +8830,9 @@ CVE-2022-45463
 CVE-2022-4056
 	RESERVED
 CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, improp ...)
-	- xdg-utils <unfixed>
+	- xdg-utils <unfixed> (bug #1027160)
 	NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
+	NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58
 CVE-2022-4054
 	RESERVED
 	- gitlab <unfixed>
@@ -24525,7 +24526,7 @@ CVE-2022-40718
 CVE-2022-40717
 	RESERVED
 CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...)
-	- consul <unfixed>
+	- consul <unfixed> (bug #1027161)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
 CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Trave ...)
 	NOT-FOR-US: NOKIA
@@ -66079,7 +66080,7 @@ CVE-2022-24441 (The package snyk before 1.1064.0 are vulnerable to Code Injectio
 CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1 ...)
 	NOT-FOR-US: cocoapods-downloader
 CVE-2022-24439 (All versions of package gitpython are vulnerable to Remote Code Execut ...)
-	- python-git <unfixed>
+	- python-git <unfixed> (bug #1027163)
 	[bullseye] - python-git <no-dsa> (Minor issue)
 	[buster] - python-git <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3db33cd98415b3aa4723798a8c4bea4bb0acc6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb3db33cd98415b3aa4723798a8c4bea4bb0acc6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221228/28d98ec0/attachment.htm>

More information about the debian-security-tracker-commits mailing list