[Git][security-tracker-team/security-tracker][master] 4 commits: Marked CVE-2021-35065 as no-dsa for buster following decision for bullseye.

Thu Dec 29 21:33:48 GMT 2022


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
58fded44 by Ola Lundqvist at 2022-12-29T22:33:26+01:00
Marked CVE-2021-35065 as no-dsa for buster following decision for bullseye.

- - - - -
5dd44285 by Ola Lundqvist at 2022-12-29T22:33:28+01:00
Marked CVE-2022-46175 as no-dsa for buster following decision for bullseye.

- - - - -
962c76c0 by Ola Lundqvist at 2022-12-29T22:33:29+01:00
Marked CVE-2022-4556 and CVE-2022-4558 as no-dsa for buster following decision for bullseye.

- - - - -
91024c58 by Ola Lundqvist at 2022-12-29T22:33:29+01:00
LTS: add webkit2gtk to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3542,12 +3542,14 @@ CVE-2022-4559 (A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has
 CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has been clas ...)
 	- sogo 5.8.0-1
 	[bullseye] - sogo <no-dsa> (Minor issue)
+	[buster] - sogo <no-dsa> (Minor issue)
 	NOTE: https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3 (SOGo-5.8.0)
 CVE-2022-4557
 	RESERVED
 CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as ...)
 	- sogo 5.8.0-1
 	[bullseye] - sogo <no-dsa> (Minor issue)
+	[buster] - sogo <no-dsa> (Minor issue)
 	NOTE: https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e (SOGo-5.8.0)
 CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization bypa ...)
 	NOT-FOR-US: WP Shamsi plugin for WordPress
@@ -7781,6 +7783,7 @@ CVE-2022-46176
 CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims to be  ...)
 	- node-json5 <unfixed> (bug #1027145)
 	[bullseye] - node-json5 <no-dsa> (Minor issue)
+	[buster] - node-json5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h
 	NOTE: https://github.com/json5/json5/issues/199
 	NOTE: https://github.com/json5/json5/issues/295
@@ -112987,6 +112990,7 @@ CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.
 CVE-2021-35065 (The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular ...)
 	- node-glob-parent 6.0.2+~5.1.1-1
 	[bullseye] - node-glob-parent <no-dsa> (Minor issue)
+	[buster] - node-glob-parent <no-dsa> (Minor issue)
 	NOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)
 	NOTE: https://github.com/gulpjs/glob-parent/pull/49
 CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...)


=====================================
data/dla-needed.txt
=====================================
@@ -314,6 +314,9 @@ trafficserver
   NOTE: 20221114: https://people.debian.org/~abhijith/upload/trf/ (abhijith)
   NOTE: 20221114: Asked upstream regarding CVE-2022-31779 (abhijith)
 --
+webkit2gtk
+  NOTE: 20221229: Programming language: C++.
+--
 xdg-utils
   NOTE: 20221120: Programming language: C.
   NOTE: 20221120: no real fix yet



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f62c0be03a0bb5162c2c4d5442530ad94396030...91024c5863af26db990ea17182899d181a2bafd8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f62c0be03a0bb5162c2c4d5442530ad94396030...91024c5863af26db990ea17182899d181a2bafd8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221229/de229cca/attachment-0001.htm>
