[Git][security-tracker-team/security-tracker][master] 3 commits: Add additional GHSA reference for CVE-2021-43848
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 3 16:03:34 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78925454 by Salvatore Bonaccorso at 2022-02-03T17:03:15+01:00
Add additional GHSA reference for CVE-2021-43848
- - - - -
22f2381e by Salvatore Bonaccorso at 2022-02-03T17:03:16+01:00
CVE-2021-21653 directly link the commits in the repository
- - - - -
4cc62952 by Salvatore Bonaccorso at 2022-02-03T17:03:16+01:00
CVE-2022-21668: Add reference for GHSA advisory
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14507,8 +14507,10 @@ CVE-2022-21669 (PuddingBot is a group management bot. In version 0.0.6-b933652 a
NOT-FOR-US: PuddingBot
CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with version 20 ...)
- pipenv <not-affected> (Vulnerable code not uploaded)
+ NOTE: https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w
NOTE: https://github.com/pypa/pipenv/releases/tag/v2022.1.8
NOTE: https://github.com/pypa/pipenv/pull/4899 (v2022.1.8)
+ NOTE: https://github.com/pypa/pipenv/commit/167909839a95ef5aa379fe12d4564b2b829cc175 (v2022.1.8)
CVE-2022-21667 (soketi is an open-source WebSockets server. There is an unhandled case ...)
NOT-FOR-US: soketi
CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is a content management system (C ...)
@@ -14560,8 +14562,8 @@ CVE-2022-21654
CVE-2022-21653 (Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...)
- jawn <not-affected> (Vulnerable code not uploaded)
NOTE: https://github.com/typelevel/jawn/pull/390
- NOTE: https://github.com/typelevel/jawn/pull/390/commits/e5ddb114ed5d45ee0a605da06a280207bf9f9f58 (1.3.2)
- NOTE: https://github.com/typelevel/jawn/pull/390/commits/0707e2569f43ff6195f90cc0dfc2d0ca79b51dd1 (1.3.2)
+ NOTE: https://github.com/typelevel/jawn/commit/e5ddb114ed5d45ee0a605da06a280207bf9f9f58 (1.3.2)
+ NOTE: https://github.com/typelevel/jawn/commit/0707e2569f43ff6195f90cc0dfc2d0ca79b51dd1 (1.3.2)
CVE-2022-21652 (Shopware is an open source e-commerce software platform. In affected v ...)
NOT-FOR-US: Shopware
CVE-2022-21651 (Shopware is an open source e-commerce software platform. An open redir ...)
@@ -14828,7 +14830,9 @@ CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and
NOT-FOR-US: cordova-plugin-fingerprint-aio
CVE-2021-43848 (h2o is an open source http server. In code prior to the `8c0eca3` comm ...)
- h2o <not-affected> (Vulnerable code not yet uploaded)
- NOTE: https://github.com/h2o/h2o/commit/8c0eca3
+ NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4
+ NOTE: Introduced by: https://github.com/h2o/h2o/commit/93af1383b248e9284ba5f63211b4fbb4c828d060
+ NOTE: Fixed by: https://github.com/h2o/h2o/commit/8c0eca3d9bc1f08e7c6bdf57645f3d54aed7d844
CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...)
NOT-FOR-US: HumHub Social Network Kit Enterprise
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d42858fd04bcdb2de945798d31b5f6615c920653...4cc62952553a48b2bac91e1915a837e5d2057857
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d42858fd04bcdb2de945798d31b5f6615c920653...4cc62952553a48b2bac91e1915a837e5d2057857
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220203/b7c63148/attachment.htm>
More information about the debian-security-tracker-commits
mailing list