[Git][security-tracker-team/security-tracker][master] triage/fix lighttpd CVEs in buster

Mon Oct 3 07:12:01 BST 2022


Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f81458e3 by Helmut Grohne at 2022-10-03T08:11:06+02:00
triage/fix lighttpd CVEs in buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1088,6 +1088,7 @@ CVE-2022-41556 [handle RDHUP when collecting chunked body]
 	RESERVED
 	{DSA-5243-1}
 	- lighttpd 1.4.67-1
+	[buster] - lighttpd <not-affected> (vulnerable code inserted in lighttpd-1.4.55-211-gbcddbe18)
 	NOTE: https://github.com/lighttpd/lighttpd1.4/pull/115
 	NOTE: https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 (lighttpd-1.4.67)
 CVE-2022-40690
@@ -10692,7 +10693,7 @@ CVE-2022-37798 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack over
 CVE-2022-37797 (In lighttpd 1.4.65, mod_wstunnel does not initialize a handler functio ...)
 	{DSA-5243-1}
 	- lighttpd 1.4.66-1
-	[buster] - lighttpd <no-dsa> (Minor issue)
+	[buster] - lighttpd 1.4.53-1+deb10u3
 	NOTE: https://redmine.lighttpd.net/issues/3165
 	NOTE: https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/971773f1fae600074b46ef64f3ca1f76c227985f (lighttpd-1.4.66)
 CVE-2022-37796 (In Simple Online Book Store System 1.0 in /admin_book.php the Title, A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f81458e34fc0ca1d6adb86b268f55a58c270c95e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f81458e34fc0ca1d6adb86b268f55a58c270c95e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221003/f464e0f5/attachment.htm>
