[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-2330{2,5,7}, #1004482
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 28 19:39:57 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb649ba5 by Salvatore Bonaccorso at 2022-01-28T20:39:22+01:00
Add Debian bug reference for CVE-2022-2330{2,5,7}, #1004482
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2810,12 +2810,12 @@ CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist rem
CVE-2022-0265
RESERVED
CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
- - apache-log4j1.2 <unfixed>
+ - apache-log4j1.2 <unfixed> (bug #1004482)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
CVE-2022-23306
RESERVED
CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
- - apache-log4j1.2 <unfixed>
+ - apache-log4j1.2 <unfixed> (bug #1004482)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
NOT-FOR-US: pimcore
@@ -2878,7 +2878,7 @@ CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
NOT-FOR-US: Orchard CMS
CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...)
- - apache-log4j1.2 <unfixed>
+ - apache-log4j1.2 <unfixed> (bug #1004482)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
CVE-2022-22142
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb649ba5f82755330ad27d50eda6da715b63b53d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb649ba5f82755330ad27d50eda6da715b63b53d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220128/1e790c8c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list