[Git][security-tracker-team/security-tracker][master] Add CVE-2022-29155/openldap

Wed May 4 21:36:20 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7579313 by Salvatore Bonaccorso at 2022-05-04T22:35:42+02:00
Add CVE-2022-29155/openldap

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3062,7 +3062,11 @@ CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel befor
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixedy by: https://git.kernel.org/linus/8700af2cc18c919b2a83e74e0479038fd113c15d (5.17-rc6)
 CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection  ...)
-	TODO: check
+	- openldap <unfixed>
+	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9815
+	NOTE: https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134 (master)
+	NOTE: https://git.openldap.org/openldap/openldap/-/commit/40f3ae4f5c9a8baf75b237220f62c436a571d66e (OPENLDAP_REL_ENG_2_5_12)
+	NOTE: back-sql backend to slapd is enabled but considered experimental upstream.
 CVE-2022-29154
 	RESERVED
 CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7579313a55d1db8ffc5d653c1f165612b740c50

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7579313a55d1db8ffc5d653c1f165612b740c50
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220504/4128155e/attachment-0001.htm>
