[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 12 12:54:40 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15420455 by Moritz Muehlenhoff at 2022-07-12T13:54:17+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7795,7 +7795,7 @@ CVE-2022-32513
 CVE-2022-32512
 	RESERVED
 CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a s ...)
-	- ruby-jmespath <unfixed>
+	- ruby-jmespath <unfixed> (bug #1014807)
 	NOTE: https://github.com/jmespath/jmespath.rb/pull/55
 	NOTE: https://github.com/jmespath/jmespath.rb/commit/e8841280053a9d9a0c90f36223f926c8b9e4ec49 (v1.6.1)
 CVE-2022-32510
@@ -11833,7 +11833,7 @@ CVE-2022-31082 (GLPI is a Free Asset and IT Management Software package, Data ce
 	- glpi <removed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2022-31081 (HTTP::Daemon is a simple http server class written in perl. Versions p ...)
-	- libhttp-daemon-perl <unfixed>
+	- libhttp-daemon-perl <unfixed> (bug #1014808)
 	[bullseye] - libhttp-daemon-perl <no-dsa> (Minor issue)
 	[buster] - libhttp-daemon-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf
@@ -11952,7 +11952,7 @@ CVE-2022-31035 (Argo CD is a declarative, GitOps continuous delivery tool for Ku
 CVE-2022-31034 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...)
-	- ruby-mechanize <unfixed>
+	- ruby-mechanize <unfixed> (bug #1014809)
 	NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
 	NOTE: Prerequisite to clear credential headers when redirecting to cross site
 	NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0)
@@ -30172,7 +30172,7 @@ CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed servi
 CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for running  ...)
 	NOT-FOR-US: RaspberryMatic
 CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...)
-	- ruby-yajl <unfixed>
+	- ruby-yajl <unfixed> (bug #1014803)
 	[bullseye] - ruby-yajl <no-dsa> (Minor issue)
 	[buster] - ruby-yajl <no-dsa> (Minor issue)
 	[stretch] - ruby-yajl <no-dsa> (Minor issue)
@@ -44960,7 +44960,7 @@ CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7
 	NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4)
 	NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8)
 CVE-2021-44537 (ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ...)
-	- owncloud-client <unfixed>
+	- owncloud-client <unfixed> (bug #1014810)
 	[buster] - owncloud-client <no-dsa> (Minor issue)
 	[stretch] - owncloud-client <not-affected> (OAuth support introduced in 2.4)
 	NOTE: https://owncloud.com/security-advisories/cve-2021-44537/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15420455c879a557e88e504ca27fa2bfc4c2e7b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15420455c879a557e88e504ca27fa2bfc4c2e7b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220712/a6c715cd/attachment.htm>

More information about the debian-security-tracker-commits mailing list