[Git][security-tracker-team/security-tracker][master] gsasl CVEfied and claim in dsa-needed
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jul 19 22:22:36 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c5d4ccad by Moritz Muehlenhoff at 2022-07-19T23:21:26+02:00
gsasl CVEfied and claim in dsa-needed
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,7 +27,10 @@ CVE-2022-2471
CVE-2022-2470
RESERVED
CVE-2022-2469 (GNU SASL libgsasl server-side read-out-of-bounds with malicious authen ...)
- TODO: check
+ - gsasl 2.0.1-1
+ NOTE: Advisory: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00001.html
+ NOTE: Reproducing issue: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00002.html
+ NOTE: Fixed by: https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30 (v2.0.1)
CVE-2022-2468 (A vulnerability was found in SourceCodester Garage Management System 1 ...)
TODO: check
CVE-2022-2467 (A vulnerability has been found in SourceCodester Garage Management Sys ...)
@@ -990,11 +993,6 @@ CVE-2022-2422
RESERVED
CVE-2022-2421
RESERVED
-CVE-2022-XXXX [gsasl: Server out-of-bounds read with authenticated GSS-API client]
- - gsasl 2.0.1-1
- NOTE: Advisory: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00001.html
- NOTE: Reproducing issue: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00002.html
- NOTE: Fixed by: https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30 (v2.0.1)
CVE-2022-2420 (A vulnerability was found in URVE Web Manager. It has been rated as cr ...)
NOT-FOR-US: URVE Web Manager
CVE-2022-2419 (A vulnerability was found in URVE Web Manager. It has been declared as ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -20,6 +20,8 @@ epiphany-browser
--
freecad (aron)
--
+gsasl (jmm)
+--
jetty
--
kicad (jmm)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d4ccad17ac07e4742c28da368cbe31602dfe22
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d4ccad17ac07e4742c28da368cbe31602dfe22
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220719/b5f7d63e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list