[Git][security-tracker-team/security-tracker][master] CVE-2022-40150, CVE-2022-45685, CVE-2022-45693,libjettison-java: fixed in
Markus Koschany (@apo)
apo at debian.org
Sat Dec 31 10:31:06 GMT 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e90802f by Markus Koschany at 2022-12-31T11:30:13+01:00
CVE-2022-40150, CVE-2022-45685, CVE-2022-45693,libjettison-java: fixed in
unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9048,7 +9048,7 @@ CVE-2022-45695
CVE-2022-45694
RESERVED
CVE-2022-45693 (Jettison before v1.5.2 was discovered to contain a stack overflow via ...)
- - libjettison-java <unfixed>
+ - libjettison-java 1.5.3-1
NOTE: https://github.com/jettison-json/jettison/issues/52
CVE-2022-45692
RESERVED
@@ -9065,7 +9065,7 @@ CVE-2022-45687
CVE-2022-45686
RESERVED
CVE-2022-45685 (A stack overflow in Jettison before v1.5.2 allows attackers to cause a ...)
- - libjettison-java <unfixed>
+ - libjettison-java 1.5.3-1
NOTE: https://github.com/jettison-json/jettison/issues/54
CVE-2022-45684
RESERVED
@@ -26728,7 +26728,7 @@ CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to De
- libxstream-java <undetermined>
NOTE: https://github.com/x-stream/xstream/issues/304
CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...)
- - libjettison-java <unfixed> (bug #1022553)
+ - libjettison-java 1.5.3-1 (bug #1022553)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
NOTE: https://github.com/jettison-json/jettison/issues/45
CVE-2022-40149 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e90802f61721ac20a140ba880f96239c1c96ebb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e90802f61721ac20a140ba880f96239c1c96ebb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221231/d94a4566/attachment.htm>
More information about the debian-security-tracker-commits
mailing list