[Git][security-tracker-team/security-tracker][master] Add CVE-2022-35410/mat2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 8 21:14:06 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
43564ace by Salvatore Bonaccorso at 2022-07-08T22:13:28+02:00
Add CVE-2022-35410/mat2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,10 @@
CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an unpickle ...)
TODO: check
CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ dir ...)
- TODO: check
+ - mat2 0.13.0-1
+ NOTE: https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385
+ NOTE: https://0xacab.org/jvoisin/mat2/-/issues/174
+ NOTE: https://dustri.org/b/mat2-0130.html
CVE-2022-35409
RESERVED
CVE-2022-35408
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43564acee37411cd29da4ff32612fa974bde0a21
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43564acee37411cd29da4ff32612fa974bde0a21
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220708/b07b49d7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list