[Git][security-tracker-team/security-tracker][master] Add CVE-2022-36227/libarchive
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 22 10:14:57 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e12857e6 by Salvatore Bonaccorso at 2022-11-22T11:14:23+01:00
Add CVE-2022-36227/libarchive
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28055,7 +28055,10 @@ CVE-2022-36229
CVE-2022-36228
RESERVED
CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error after ca ...)
- TODO: check
+ - libarchive <unfixed>
+ NOTE: https://github.com/libarchive/libarchive/issues/1754
+ NOTE: https://github.com/libarchive/libarchive/pull/1759
+ NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5
CVE-2022-36226 (SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /Si ...)
NOT-FOR-US: SiteServerCMS
CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (C ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12857e62bcc6ff50df3e1cc80cf2c0bd75dcb99
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12857e62bcc6ff50df3e1cc80cf2c0bd75dcb99
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221122/9f35cb89/attachment.htm>
More information about the debian-security-tracker-commits
mailing list