[Git][security-tracker-team/security-tracker][master] Add CVE-2022-0525/mruby

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8f32bea by Salvatore Bonaccorso at 2022-02-09T21:38:48+01:00
Add CVE-2022-0525/mruby

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -148,7 +148,9 @@ CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot
 CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
 	TODO: check
 CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
-	TODO: check
+	- mruby <not-affected> (Vulnerable code introduced later)
+	NOTE: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9
+	NOTE: https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7
 CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...)
 	TODO: check
 CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8f32beac56622cb08497b0e563c3c594f3b143d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8f32beac56622cb08497b0e563c3c594f3b143d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220209/8bd2bf44/attachment.htm>