[Git][security-tracker-team/security-tracker][master] new cookiecutter issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c868706 by Moritz Muehlenhoff at 2022-06-20T16:55:24+02:00
new cookiecutter issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22788,7 +22788,11 @@ CVE-2022-24068
 CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command Injectio ...)
 	NOT-FOR-US: simple-git
 CVE-2022-24065 (The package cookiecutter before 2.1.1 are vulnerable to Command Inject ...)
-	TODO: check
+	- cookiecutter <unfixed>
+	[buster] - cookiecutter <no-dsa> (Minor issue)
+	NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-COOKIECUTTER-2414281
+	NOTE: https://github.com/cookiecutter/cookiecutter/releases/tag/2.1.1
+	NOTE: https://github.com/cookiecutter/cookiecutter/commit/fdffddb31fd2b46344dfa317531ff155e7999f77
 CVE-2022-23923 (All versions of package jailed are vulnerable to Sandbox Bypass via an ...)
 	NOT-FOR-US: Node jailed
 CVE-2022-23920
@@ -34830,9 +34834,8 @@ CVE-2022-0085
 	RESERVED
 CVE-2022-0084
 	RESERVED
-	- jboss-xnio <undetermined>
+	- jboss-xnio <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064226
-	TODO: check for details
 CVE-2021-46129
 	RESERVED
 CVE-2021-46128



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c868706817ce3d34bf9ff056655c3b7542632cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c868706817ce3d34bf9ff056655c3b7542632cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/49e6a782/attachment.htm>