[Git][security-tracker-team/security-tracker][master] 5 commits: add fixed versions for CVE-2022-26305/CVE-2022-26306/CVE-2022-26307

Tue Jul 26 12:55:46 BST 2022


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
143c266d by Rene Engelhard at 2022-07-26T12:54:47+02:00
add fixed versions for CVE-2022-26305/CVE-2022-26306/CVE-2022-26307

- - - - -
065d5d7e by Rene Engelhard at 2022-07-26T12:55:15+02:00
fix NOTEs of CVE-2022-26305 and CVE-2022-26306

- - - - -
5cff40d3 by Rene Engelhard at 2022-07-26T13:08:54+02:00
mark CVE-2022-26305/CVE-2022-26306/CVE-2022-26307 as no-DSA

... after taking with Moritz on IRC

- - - - -
3bdd8a76 by Rene Engelhard at 2022-07-26T13:52:15+02:00
use libreoffice 1:7.3.3~rc1-2; -1 was just uploaded to experimental

- - - - -
9ad760be by Emilio Pozuelo Monfort at 2022-07-26T11:55:22+00:00
Merge branch 'master' into 'master'

update libreoffice information

See merge request security-tracker-team/security-tracker!113
- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28756,14 +28756,20 @@ CVE-2022-26309
 CVE-2022-26308
 	RESERVED
 CVE-2022-26307 (LibreOffice supports the storage of passwords for web connections in t ...)
-	- libreoffice <unfixed>
+	- libreoffice 1:7.3.3~rc1-2
+        [bullseye] - libreoffice <no-dsa> (Minor issue)
+        [buster] - libreoffice <no-dsa> (Minor issue)
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
 CVE-2022-26306 (LibreOffice supports the storage of passwords for web connections in t ...)
-	- libreoffice <unfixed>
-	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
+	- libreoffice 1:7.3.3~rc1-2
+        [bullseye] - libreoffice <no-dsa> (Minor issue)
+        [buster] - libreoffice <no-dsa> (Minor issue)
+	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306
 CVE-2022-26305 (An Improper Certificate Validation vulnerability in LibreOffice existe ...)
-	- libreoffice <unfixed>
-	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
+	- libreoffice 1:7.3.2~rc2-1
+        [bullseye] - libreoffice <no-dsa> (Minor issue)
+        [buster] - libreoffice <no-dsa> (Minor issue)
+	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305
 CVE-2022-26301 (TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability ...)
 	NOT-FOR-US: TuziCMS
 CVE-2022-26300 (EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the fu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3cd7231dbfc4ff0be47fcf059d7b83164e472de2...9ad760bea321a6b18bceb5d578b6725f8872a702

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3cd7231dbfc4ff0be47fcf059d7b83164e472de2...9ad760bea321a6b18bceb5d578b6725f8872a702
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220726/202177e6/attachment.htm>
