[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-24737,CVE-2022-0430,httpie: Stretch/no-dsa

Sun Mar 20 13:23:17 GMT 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22f90386 by Markus Koschany at 2022-03-20T14:22:47+01:00
CVE-2022-24737,CVE-2022-0430,httpie: Stretch/no-dsa

Minor issue

- - - - -
3c89cb9f by Markus Koschany at 2022-03-20T14:22:47+01:00
Add liblouis to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6802,6 +6802,7 @@ CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical c
 	- httpie <unfixed>
 	[bullseye] - httpie <no-dsa> (Minor issue)
 	[buster] - httpie <no-dsa> (Minor issue)
+	[stretch] - httpie <no-dsa> (Minor issue)
 	NOTE: https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq
 	NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0)
 CVE-2022-24736
@@ -8394,6 +8395,7 @@ CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in Git
 	- httpie <unfixed>
 	[bullseye] - httpie <no-dsa> (Minor issue)
 	[buster] - httpie <no-dsa> (Minor issue)
+	[stretch] - httpie <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f
 	NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0)
 CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -52,6 +52,10 @@ libarchive (Thorsten Alteholz)
 --
 libdatetime-timezone-perl (Emilio)
 --
+liblouis
+  NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
+  NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too.
+--
 libreoffice (Anton)
 --
 libxml2 (Anton)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fdd40a33dfb5821909d7c18fc0066927d57ed31d...3c89cb9fff03dbd8d6e46a4926aad361c92138ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fdd40a33dfb5821909d7c18fc0066927d57ed31d...3c89cb9fff03dbd8d6e46a4926aad361c92138ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220320/851655db/attachment.htm>
