[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1726/zoneminder

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 26 08:48:41 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed7aeadb by Salvatore Bonaccorso at 2022-05-26T09:46:38+02:00
Add CVE-2022-1726/zoneminder

Technically it's an issue in Bootstrap Tables, which though zoneminder
includes in debian/missing-sources further.

Tracking is slightly borderline, as zoneminder would be unimportant
anyway and only supported behind trusted zones.

For now add it as such, if a reviewer disagrees let's re-evaluate.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1972,7 +1972,11 @@ CVE-2022-1728 (Allowing long password leads to denial of service in polonel/trud
 CVE-2022-1727 (Improper Input Validation in GitHub repository jgraph/drawio prior to  ...)
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-1726 (Bootstrap Tables XSS vulnerability with Table Export plug-in when expo ...)
-	TODO: check
+	- zoneminder <unfixed> (unimportant)
+	NOTE: https://huntr.dev/bounties/9b85cc33-0395-4c31-8a42-3a94beb2efea
+	NOTE: src:zoneminder embedds bootstrap-table-export.js in debian/missing-sources/
+	NOTE: https://github.com/wenzhixin/bootstrap-table/commit/66ef886d5d325777c8727274c9e018f9c17bc0b9 (1.20.2)
+	NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 ...)
 	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed7aeadbf782e9e8f117d9f1537e7df74c2b0ff1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed7aeadbf782e9e8f117d9f1537e7df74c2b0ff1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220526/dbc8796a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list