[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-21949/ruby-xmlhash unfixed 1010667

Neil Williams (@codehelp) codehelp at debian.org
Fri May 6 14:16:24 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
907be172 by Neil Williams at 2022-05-06T14:10:13+01:00
CVE-2022-21949/ruby-xmlhash unfixed 1010667

- - - - -
29c55ad1 by Neil Williams at 2022-05-06T14:15:54+01:00
Process an NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12209,7 +12209,7 @@ CVE-2022-25647 (The package com.google.code.gson:gson before 2.8.9 are vulnerabl
 CVE-2022-25646
 	RESERVED
 CVE-2022-25645 (All versions of package dset are vulnerable to Prototype Pollution via ...)
-	TODO: check
+	NOT-FOR-US: Node dset
 CVE-2022-25644
 	RESERVED
 CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype Pollution  ...)
@@ -27844,7 +27844,9 @@ CVE-2022-21951
 CVE-2022-21950
 	RESERVED
 CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerability  ...)
-	TODO: check
+	- ruby-xmlhash <unfixed> (bug #1010667)
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197928
+	NOTE: https://github.com/coolo/xmlhash/commit/544e614e2674ad26b97a234baa013723c829b751 (1.3.8)
 CVE-2022-21948
 	RESERVED
 CVE-2022-21947 (A Improper Access Control vulnerability in Rancher Desktop of SUSE all ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a12d4ad2505f97c9562a242ae5553cedbe5ffb5a...29c55ad1ad3ea8541bc4a49e9e6f1dff2670f25c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a12d4ad2505f97c9562a242ae5553cedbe5ffb5a...29c55ad1ad3ea8541bc4a49e9e6f1dff2670f25c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220506/c7bf9868/attachment.htm>

More information about the debian-security-tracker-commits mailing list