[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2014-10402: Update note to directly reference the upstream commit

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 30 19:59:20 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
480756ed by Salvatore Bonaccorso at 2022-05-30T20:41:38+02:00
CVE-2014-10402: Update note to directly reference the upstream commit

- - - - -
a6bcdc6c by Salvatore Bonaccorso at 2022-05-30T20:57:41+02:00
Add temporary tracking for spip issues fixed upstream with 4.1.2, 4.0.7 and 3.2.15

And as backported for the DSA 5152-1.

There are no CVEs assigned for the issues, so apply a temporary entry
just covering the whole update.

Link: https://lists.debian.org/debian-security-announce/2022/msg00120.html

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,30 @@
+CVE-2022-XXXX [Sanitizing and other XSS protections]
+	- spip 4.1.2+dfsg-1
+	[bullseye] - spip 3.2.11-3+deb11u4
+	[buster] - spip 3.2.4-1+deb10u8
+	NOTE: https://git.spip.net/spip/spip/commit/3b99287c9e1f7b9aee4c7e22b2a233fde5becd86
+	NOTE: https://git.spip.net/spip/spip/commit/edb6a01c6dd2420ed5e125385252d37b86f93d68
+	NOTE: https://git.spip.net/spip-team/securite/issues/3597 (not public)
+	NOTE: https://git.spip.net/spip/spip/commit/b28e1f9a39dd54e0f0bbfe3b211160e71d2562b7
+	NOTE: https://git.spip.net/spip-team/securite/issues/3602 (not public)
+	NOTE: https://git.spip.net/spip/spip/commit/772a4baeda4eed24cbe8953fa60e7c7dcd6859a2
+	NOTE: https://git.spip.net/spip-team/securite/issues/3698 (not public)
+	NOTE: https://git.spip.net/spip/spip/commit/e9a03a38d5ee606b79d795f8e28c29d4eb74838e
+	NOTE: https://git.spip.net/spip-team/securite/issues/3702 (not public)
+	NOTE: https://git.spip.net/spip/spip/commit/d99890f66906ab52aa18f9df6109e694192bc54e
+	NOTE: https://git.spip.net/spip-team/securite/issues/3703 (not public)
+	NOTE: https://git.spip.net/spip/spip/commit/97845aa30aa8d845d88b86715eab53b1de5e9c6d
+	NOTE: https://git.spip.net/spip-team/securite/issues/3728 (not public)
+	NOTE: https://git.spip.net/spip/spip/commit/754677579b34a1705a83b8d2674baaba17472b4d
+	NOTE: https://git.spip.net/spip/spip/commit/871777b0f56ce92c26fde3a3a53c625eb68dcff6
+	NOTE: https://git.spip.net/spip-team/securite/issues/4494 (not public)
+	NOTE: https://git.spip.net/spip/spip/commit/901f583021938d4b1b1632cc8ec51950a1f3e988
+	NOTE: https://git.spip.net/spip/spip/commit/ac67fc5be53e2e085c0599144a217b440dd72fa1
+	NOTE: https://git.spip.net/spip/spip/commit/2ce34e62ebe457d06339d5b3cb92852d1d80635c
+	NOTE: https://git.spip.net/spip/spip/commit/8283532c94dac9f08c1fd250b433491d3fe22c84
+	NOTE: https://git.spip.net/spip-team/securite/issues/3733 (not public)
+	NOTE: https://git.spip.net/spip/svp/commit/bf0ff95ac535f1aa53e6a946ea739fd71106f182
+	NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-1-2-SPIP-4-0-7-SPIP-3-2.html?lang=fr
 CVE-2022-31798
 	RESERVED
 CVE-2022-31797
@@ -118287,7 +118314,8 @@ CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl
 	[buster] - libdbi-perl 1.642-1+deb10u2
 	[stretch] - libdbi-perl <postponed> (Revisit when fixed upstream)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
-	NOTE: https://github.com/perl5-dbi/dbi/commit/12e3b14f54524ca81498f40cfa3678604429b2d6 (master)
+	NOTE: Test case: https://github.com/perl5-dbi/dbi/commit/27b10b5c3aacabc091046beaba478e671bb6111c
+	NOTE: Fixed by: https://github.com/perl5-dbi/dbi/commit/19d0fb169eed475e1c053e99036b8668625cfa94 (master)
 CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...)
 	{DLA-2392-1 DLA-2391-1}
 	- ruby2.7 2.7.1-4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d279cbd3a50ed02f6ee784b4a4b1cb85dc995b87...a6bcdc6c07d0cafce905b70e50332620965fe201

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d279cbd3a50ed02f6ee784b4a4b1cb85dc995b87...a6bcdc6c07d0cafce905b70e50332620965fe201
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220530/0b11b100/attachment.htm>

More information about the debian-security-tracker-commits mailing list