[Git][security-tracker-team/security-tracker][master] unzip issues clarified
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Feb 17 15:38:06 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95aaa7c1 by Moritz Muehlenhoff at 2022-02-17T16:37:34+01:00
unzip issues clarified
mruby n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -262,7 +262,9 @@ CVE-2022-22985
CVE-2022-21146
RESERVED
CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
- TODO: check
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
+ NOTE: https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580
CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in Packag ...)
NOT-FOR-US: snipe-it
CVE-2022-0621
@@ -298,9 +300,11 @@ CVE-2022-0616
CVE-2022-0615
RESERVED
CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...)
- TODO: check
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879
+ NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...)
- TODO: check
+ NOT-FOR-US: Node urijs
CVE-2021-4220
REJECTED
CVE-2021-4219
@@ -844,15 +848,15 @@ CVE-2022-24987
CVE-2022-24986
RESERVED
CVE-2022-24985 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...)
- TODO: check
+ NOT-FOR-US: JQueryForm.com
CVE-2022-24984 (Forms generated by JQueryForm.com before 2022-02-05 (if file-upload ca ...)
- TODO: check
+ NOT-FOR-US: JQueryForm.com
CVE-2022-24983 (Forms generated by JQueryForm.com before 2022-02-05 allow remote attac ...)
- TODO: check
+ NOT-FOR-US: JQueryForm.com
CVE-2022-24982 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...)
- TODO: check
+ NOT-FOR-US: JQueryForm.com
CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms generate ...)
- TODO: check
+ NOT-FOR-US: JQueryForm.com
CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...)
- wireshark <unfixed>
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -1675,13 +1679,12 @@ CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O
CVE-2022-0531
RESERVED
CVE-2022-0530 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
- - unzip <undetermined>
+ - unzip <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395
- TODO: clarify details
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-0529 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
- - unzip <undetermined>
+ - unzip <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402
- TODO: clarify details
CVE-2021-46681
RESERVED
CVE-2021-46680
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95aaa7c119d14baecbb30b6afe12069ee0391ab0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95aaa7c119d14baecbb30b6afe12069ee0391ab0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220217/9f8af004/attachment.htm>
More information about the debian-security-tracker-commits
mailing list