[Git][security-tracker-team/security-tracker][master] Update Hazelcast <itp> CVEs CVE-2022-0265 CVE-2020-26168

Neil Williams (@codehelp) codehelp at debian.org
Fri Mar 4 09:43:26 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c268dc7 by Neil Williams at 2022-03-04T09:42:34+00:00
Update Hazelcast <itp> CVEs CVE-2022-0265 CVE-2020-26168

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9333,7 +9333,9 @@ CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a use-after-free of ID and
 CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...)
 	NOT-FOR-US: livehelperchat
 CVE-2022-0265 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
-	TODO: check
+	- hazelcast <itp> (bug #745640)
+	NOTE: https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748 (v5.1)
+	NOTE: https://huntr.dev/bounties/d63972a2-b910-480a-a86b-d1f75d24d563/
 CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
 	{DLA-2905-1}
 	- apache-log4j1.2 1.2.17-11 (bug #1004482)
@@ -99585,7 +99587,8 @@ CVE-2020-26170
 CVE-2020-26169
 	RESERVED
 CVE-2020-26168 (The LDAP authentication method in LdapLoginModule in Hazelcast IMDG En ...)
-	NOT-FOR-US: Hazelcast
+	- hazelcast <itp> (bug #745640)
+	NOTE: https://docs.hazelcast.org/docs/ern/index.html#4-2-2 (v4.2.2)
 CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows an ano ...)
 	NOT-FOR-US: FUEL CMS
 CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c268dc76663e07b3186da9fcb073f81ab04d2b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c268dc76663e07b3186da9fcb073f81ab04d2b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220304/ecb6fbdf/attachment.htm>

More information about the debian-security-tracker-commits mailing list