[Git][security-tracker-team/security-tracker][master] commons-configuration2 fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jul 17 11:34:57 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e3658150 by Moritz Muehlenhoff at 2022-07-17T12:34:03+02:00
commons-configuration2 fixed in sid
puppetdb fixed in experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5415,7 +5415,7 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vuln
NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1
NOTE: https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5)
CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, allowing ...)
- - commons-configuration2 <unfixed> (bug #1014960)
+ - commons-configuration2 2.8.0-1 (bug #1014960)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
@@ -94643,6 +94643,7 @@ CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a tas
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: https://puppet.com/security/cve/CVE-2021-27022/
CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...)
+ [experimental] - puppetdb 7.10.1-1
- puppetdb <unfixed> (bug #990419)
[buster] - puppetdb <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2021-27021/
@@ -94653,6 +94654,7 @@ CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an esca
CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing user inp ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2021-27019 (PuppetDB logging included potentially sensitive system information. ...)
+ [experimental] - puppetdb 7.10.1-1
- puppetdb <unfixed>
[buster] - puppetdb <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/CVE-2021-27019/
@@ -173861,6 +173863,7 @@ CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0
NOT-FOR-US: Puppet Enterprise
CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...)
- puppet <not-affected> (Doesn't affect Puppet masters (passenger-based) in Debian)
+ [experimental] - puppetdb 7.10.1-1
- puppetdb <unfixed> (low)
[buster] - puppetdb <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/CVE-2020-7943/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3658150f2a0191961e5e3ffdb0463a11a2c4561
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3658150f2a0191961e5e3ffdb0463a11a2c4561
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220717/7ff42e7c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list