[Git][security-tracker-team/security-tracker][master] bugs for zlib/pluxml

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
928f1a7c by Moritz Mühlenhoff at 2022-03-25T17:35:07+01:00
bugs for zlib/pluxml

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,7 +67,7 @@ CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareo
 	NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
 	NOTE: https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
 CVE-2018-25032 [zlib memory corruption on deflate]
-	- zlib <unfixed>
+	- zlib <unfixed> (bug #1008265)
 	NOTE: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
 	NOTE: https://www.openwall.com/lists/oss-security/2022/03/24/1
 CVE-2022-27843
@@ -7482,15 +7482,13 @@ CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allow
 CVE-2022-25021
 	RESERVED
 CVE-2022-25020 (A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows att ...)
-	- pluxml <undetermined>
+	- pluxml <unfixed> (bug #1008264)
 	NOTE: https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf
-	TODO: check if reported upstream
 CVE-2022-25019
 	REJECTED
 CVE-2022-25018 (Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary c ...)
-	- pluxml <undetermined>
+	- pluxml <unfixed> (bug #1008264)
 	NOTE: https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf
-	TODO: check if reported upstream
 CVE-2022-25017
 	RESERVED
 CVE-2022-25016 (Home Owners Collection Management System v1.0 was discovered to contai ...)
@@ -8753,17 +8751,14 @@ CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site script
 CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...)
 	NOT-FOR-US: Flatpress
 CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...)
-	- pluxml <undetermined>
+	- pluxml <unfixed> (bug #1008264)
 	NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf
-	TODO: check if reported upstream
 CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
-	- pluxml <undetermined>
+	- pluxml <unfixed> (bug #1008264)
 	NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf
-	TODO: check if reported upstream
 CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
-	- pluxml <undetermined>
+	- pluxml <unfixed> (bug #1008264)
 	NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf
-	TODO: check if reported upstream
 CVE-2022-24584
 	RESERVED
 CVE-2022-24583
@@ -40851,11 +40846,11 @@ CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
 CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...)
-	- pluxml <unfixed>
+	- pluxml <unfixed> (bug #1008264)
 	[buster] - pluxml <ignored> (Minor issue)
 	[stretch] - pluxml <no-dsa> (Minor issue)
 CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...)
-	- pluxml <unfixed>
+	- pluxml <unfixed> (bug #1008264)
 	[buster] - pluxml <ignored> (Minor issue)
 	[stretch] - pluxml <no-dsa> (Minor issue)
 CVE-2021-38601



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/928f1a7c7e4c260eaad7af9cb0fcf4971455e02d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/928f1a7c7e4c260eaad7af9cb0fcf4971455e02d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220325/e3718d2a/attachment.htm>