[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2022-0538/jenkins

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 11 13:52:19 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22b60392 by Salvatore Bonaccorso at 2022-02-11T14:51:54+01:00
Add CVE-2022-0538/jenkins

- - - - -
32127fcd by Salvatore Bonaccorso at 2022-02-11T14:51:56+01:00
Add CVE-2022-0534/htmldoc

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -642,7 +642,7 @@ CVE-2022-0540
 CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...)
 	TODO: check
 CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
-	TODO: check
+	- jenkins <removed>
 CVE-2022-0537
 	RESERVED
 CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...)
@@ -650,7 +650,10 @@ CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM
 CVE-2022-0535
 	RESERVED
 CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...)
-	TODO: check
+	- htmldoc 1.9.15-1
+	NOTE: https://github.com/michaelrsweet/htmldoc/issues/463
+	NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15)
+	NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15)
 CVE-2022-0533
 	RESERVED
 CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2551d479ba4017381a2ed7b5d098ce127ce2f5b3...32127fcde2e81ddd2acfdade4a07aaab4c963946

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2551d479ba4017381a2ed7b5d098ce127ce2f5b3...32127fcde2e81ddd2acfdade4a07aaab4c963946
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220211/eb5eb4e5/attachment.htm>

More information about the debian-security-tracker-commits mailing list