[Git][security-tracker-team/security-tracker][master] CVE-2022-37026: Add followup commit references correcting guard check
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 21 19:54:00 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9104af55 by Salvatore Bonaccorso at 2022-11-21T20:50:56+01:00
CVE-2022-37026: Add followup commit references correcting guard check
Markus did already pinpoint the fixing commit needed for the OTP-23.3
branch. Apparently later on there was a followup commit to correct the
guard check. Add those as well for any potential stable and older
release to make sure we do not hit a regression.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25314,7 +25314,10 @@ CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x b
[bullseye] - erlang <no-dsa> (Minor issue)
[buster] - erlang <no-dsa> (Minor issue)
NOTE: https://erlangforums.com/t/otp-25-1-released/1854
- NOTE: Possible fix according to Red Hat: https://github.com/erlang/otp/commit/cd5024867e
+ NOTE: Fixed by: https://github.com/erlang/otp/commit/cd5024867e7b7d3a6e94194af9e01e1fb77e36c9 (OTP-23.3.4.15)
+ NOTE: Followup: https://github.com/erlang/otp/commit/6a1baa36e4e6c1b682e8b48e0c141602e0b8e6e5 (OTP-23.3.4.17)
+ NOTE: Fixed by: https://github.com/erlang/otp/commit/254f2728902bc7e80a67726ebbc1a0b3ab7742eb (OTP-24.3.4.2)
+ NOTE: Followup: https://github.com/erlang/otp/commit/33e7570e075e0b84efef91b2f307fcf938517b1c (OTP-24.3.4.3)
CVE-2022-37025 (An improper privilege management vulnerability in McAfee Security Scan ...)
NOT-FOR-US: McAfee
CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9104af55346686c0dbb7f5c4c17eb13ca12c2ca6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9104af55346686c0dbb7f5c4c17eb13ca12c2ca6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221121/29421145/attachment.htm>
More information about the debian-security-tracker-commits
mailing list