[Git][security-tracker-team/security-tracker][master] Add CVE-2022-30780/lighttpd
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 11 21:27:36 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18f272f4 by Salvatore Bonaccorso at 2022-06-11T22:26:13+02:00
Add CVE-2022-30780/lighttpd
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5946,7 +5946,11 @@ CVE-2022-30782 (Openmoney API through 2020-06-29 uses the JavaScript Math.random
CVE-2022-30781 (Gitea before 1.16.7 does not escape git fetch remote. ...)
- gitea <removed>
CVE-2022-30780 (Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a den ...)
- TODO: check
+ - lighttpd 1.4.59-1
+ NOTE: https://podalirius.net/en/cves/2022-30780/
+ NOTE: https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service
+ NOTE: https://redmine.lighttpd.net/issues/3059
+ NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/b03b86f47b0d5a553137f081fadc482b4af1372d (lighttpd-1.4.59)
CVE-2022-30779 (Laravel 9.1.8, when processing attacker-controlled data for deserializ ...)
TODO: check, issue seems to be in src:guzzle, check details
CVE-2022-30778 (Laravel 9.1.8, when processing attacker-controlled data for deserializ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18f272f4b4a12fe8eab6149f4e5cc7d257c8b411
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18f272f4b4a12fe8eab6149f4e5cc7d257c8b411
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220611/880ff72e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list