[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2022-32308/ublock-origin

Thu Jul 14 21:42:42 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4cb271bb by Salvatore Bonaccorso at 2022-07-14T22:41:42+02:00
Add CVE-2022-32308/ublock-origin

- - - - -
2919eab9 by Salvatore Bonaccorso at 2022-07-14T22:42:04+02:00
Track proposed ublock-origin update via buster-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8811,7 +8811,12 @@ CVE-2022-32310 (An access control issue in Ingredient Stock Management System v1
 CVE-2022-32309
 	RESERVED
 CVE-2022-32308 (Cross Site Scripting (XSS) vulnerability in uBlock Origin extension be ...)
-	TODO: check
+	- ublock-origin 1.42.0+dfsg-1
+	[bullseye] - ublock-origin 1.42.0+dfsg-1~deb11u1
+	[buster] - ublock-origin <no-dsa> (Minor issue; pending via buster-pu)
+	NOTE: https://github.com/uBlockOrigin/uBlock-issues/issues/1992
+	NOTE: https://github.com/gorhill/uBlock/commit/e1e2ba3d5d00112f74464ddcc9f561f065dd3623 (1.41.5b2)
+	NOTE: https://github.com/gorhill/uBlock/commit/60072e7996e58cd7cca5186fde742d83cc6a612c (1.41.7b0)
 CVE-2022-32307
 	RESERVED
 CVE-2022-32306


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -208,3 +208,5 @@ CVE-2022-31813
 	[buster] - apache2 2.4.38-3+deb10u8
 CVE-2021-3657
 	[buster] - isync 1.3.0-2.2~deb10u2
+CVE-2022-32308
+	[buster] - ublock-origin 1.42.0+dfsg-1~deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eeedfff678b0b82ae028a5cddf25b1632117c1d5...2919eab983c190a60e1deb528064397dc5a18d51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eeedfff678b0b82ae028a5cddf25b1632117c1d5...2919eab983c190a60e1deb528064397dc5a18d51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220714/8b1a837d/attachment.htm>
