[Git][security-tracker-team/security-tracker][master] new apache-log4j1.2 issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 19 15:42:27 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dde7e90f by Moritz Muehlenhoff at 2022-01-19T16:42:03+01:00
new apache-log4j1.2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -467,11 +467,13 @@ CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist rem
 CVE-2022-0265
 	RESERVED
 CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
-	TODO: check
+	- apache-log4j1.2 <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
 CVE-2022-23306
 	RESERVED
 CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
-	TODO: check
+	- apache-log4j1.2 <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
 CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
 	NOT-FOR-US: pimcore
 CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
@@ -530,7 +532,8 @@ CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versio
 CVE-2022-0243
 	RESERVED
 CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization  ...)
-	TODO: check
+	- apache-log4j1.2 <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
 CVE-2022-22142
 	RESERVED
 CVE-2022-21805



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dde7e90f3c21c362b78880af91bb769754b57717

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dde7e90f3c21c362b78880af91bb769754b57717
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220119/78f0a786/attachment.htm>

More information about the debian-security-tracker-commits mailing list