[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 12 16:34:13 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce6ea077 by Moritz Muehlenhoff at 2022-07-12T17:33:46+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7741,7 +7741,7 @@ CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.
 CVE-2022-32533 (** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficientl ...)
 	NOT-FOR-US: Apache Portals Jetspeed
 CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured  ...)
-	- shiro <unfixed>
+	- shiro <unfixed> (bug #1014820)
 	[bullseye] - shiro <no-dsa> (Minor issue)
 	[buster] - shiro <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/28/2
@@ -57211,7 +57211,7 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o
 	NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
 	NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
 CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...)
-	- shiro <unfixed>
+	- shiro <unfixed> (bug #1014819)
 	[bullseye] - shiro <no-dsa> (Minor issue)
 	[buster] - shiro <no-dsa> (Minor issue)
 	[stretch] - shiro <no-dsa> (Minor issue)
@@ -80252,7 +80252,7 @@ CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #1014818)
 	[buster] - jruby <no-dsa> (Minor issue)
 	[stretch] - jruby <no-dsa> (Minor issue)
 	NOTE: https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
@@ -81181,7 +81181,7 @@ CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #1014818)
 	[buster] - jruby <no-dsa> (Minor issue)
 	[stretch] - jruby <no-dsa> (Minor issue)
 	NOTE: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce6ea07741df5482d6b22736dcf13e1d2ecad4c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce6ea07741df5482d6b22736dcf13e1d2ecad4c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220712/872d2081/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list