[Git][security-tracker-team/security-tracker][master] updates for CVE-2022-0155

Tue Jan 11 11:23:35 GMT 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1db743c by Moritz Muehlenhoff at 2022-01-11T12:23:07+01:00
updates for CVE-2022-0155

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -891,7 +891,8 @@ CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initial
 CVE-2022-22814
 	RESERVED
 CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal Informa ...)
-	- node-follow-redirects <unfixed>
+	- node-follow-redirects 1.14.7+~1.13.1-1
+	[buster] - node-follow-redirects <ignored> (Minor issue, too intrusive to backport)
 	NOTE: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
 	NOTE: https://github.com/follow-redirects/follow-redirects/issues/183
 	NOTE: https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7)


=====================================
data/next-point-update.txt
=====================================
@@ -26,3 +26,5 @@ CVE-2021-32719
 	[bullseye] - rabbitmq-server 3.8.9-3+deb11u1
 CVE-2021-36980
 	[bullseye] - openvswitch 2.15.0+ds1-2+deb11u1
+CVE-2022-0155
+	[bullseye] - node-follow-redirects 1.13.1-1+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1db743c155392e6cbe8817df3dbe1e250b441e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1db743c155392e6cbe8817df3dbe1e250b441e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220111/363f1a1f/attachment-0001.htm>
