[Git][security-tracker-team/security-tracker][master] 2 commits: libspring-java no longer supported for stretch. Marking CVE-2022-22970 and...

Ola Lundqvist (@opal) opal at debian.org
Sun May 22 22:07:53 BST 2022 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e00cb9f6 by Ola Lundqvist at 2022-05-22T23:07:38+02:00
libspring-java no longer supported for stretch. Marking CVE-2022-22970 and CVE-2022-22971 accordingly.

- - - - -
a282c886 by Ola Lundqvist at 2022-05-22T23:07:39+02:00
The package node-formidable is no longer supported for stretch, so marking CVE-2022-21698 accordingly.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4541,6 +4541,7 @@ CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module
 	NOT-FOR-US: expressjs/connect-multiparty
 CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...)
 	- node-formidable <unfixed> (bug #1011341)
+	[stretch] - node-formidable <end-of-life> (No longer supported in LTS)
 	NOTE: https://www.youtube.com/watch?v=C6QPKooxhAo
 	NOTE: https://github.com/vyas0189/CougarCS-Backend/issues/57
 	NOTE: unclear if reported upstream
@@ -24782,9 +24783,11 @@ CVE-2022-22972 (VMware Workspace ONE Access, Identity Manager and vRealize Autom
 	NOT-FOR-US: VMware
 CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...)
 	- libspring-java <unfixed>
+	[stretch] - libspring-java <end-of-life> (No longer supported in LTS)
 	NOTE: https://tanzu.vmware.com/security/cve-2022-22971
 CVE-2022-22970 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...)
 	- libspring-java <unfixed>
+	[stretch] - libspring-java <end-of-life> (No longer supported in LTS)
 	NOTE: https://tanzu.vmware.com/security/cve-2022-22970
 CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x prior t ...)
 	NOT-FOR-US: spring-security-oauth



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01520eb3d083a70a73425bd3eedc3422e571d9d1...a282c886eff03fb846e55b839da5a8655ce383a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/01520eb3d083a70a73425bd3eedc3422e571d9d1...a282c886eff03fb846e55b839da5a8655ce383a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220522/7e1b6c6c/attachment.htm>

More information about the debian-security-tracker-commits mailing list