[Git][security-tracker-team/security-tracker][master] Add CVE-2021-44122/spip
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 27 23:04:04 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2487b866 by Salvatore Bonaccorso at 2022-01-28T00:03:25+01:00
Add CVE-2021-44122/spip
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12600,7 +12600,9 @@ CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerabili
NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (master)
NOTE: https://git.spip.net/spip/spip/commit/97e2888e9c92ad4bd68e8f80079583249714fbfa (v4.0.1)
CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...)
- TODO: check
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db
+ NOTE: https://git.spip.net/spip/spip/commit/fea5b5b4507cc9c0b9e91bbfbf34fe40b0bea805 (v3.2.12)
CVE-2021-44121
REJECTED
CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...)
=====================================
data/DLA/list
=====================================
@@ -110,6 +110,7 @@
[29 Dec 2021] DLA-2857-2 postgis - regression update
[stretch] - postgis 2.3.1+dfsg-2+deb9u2
[29 Dec 2021] DLA-2867-1 spip - security update
+ {CVE-2021-44122}
[stretch] - spip 3.1.4-4~deb9u4+deb9u2
[29 Dec 2021] DLA-2866-1 uw-imap - security update
{CVE-2018-19518}
=====================================
data/DSA/list
=====================================
@@ -128,6 +128,7 @@
[buster] - sogo 4.0.7-1+deb10u2
[bullseye] - sogo 5.0.1-4+deb11u1
[22 Dec 2021] DSA-5028-1 spip - security update
+ {CVE-2021-44122}
[buster] - spip 3.2.4-1+deb10u5
[bullseye] - spip 3.2.11-3+deb11u1
[21 Dec 2021] DSA-5027-1 xorg-server - security update
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2487b8663d5d3c6cbaf2ad768ff00d6e1071753b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2487b8663d5d3c6cbaf2ad768ff00d6e1071753b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220127/c8fbd483/attachment.htm>
More information about the debian-security-tracker-commits
mailing list