[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39237/golang-github-sylabs-sif
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 7 21:49:41 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d340057e by Salvatore Bonaccorso at 2022-10-07T22:48:14+02:00
Add CVE-2022-39237/golang-github-sylabs-sif
Explicitly tracking as well singularity-container as it uses AFAIC the
vendored copy and is unfixed as well.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7588,7 +7588,11 @@ CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify using
CVE-2022-39238 (Arvados is an open source platform for managing and analyzing biomedic ...)
NOT-FOR-US: Arvados
CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference implementa ...)
- TODO: check
+ - golang-github-sylabs-sif <unfixed>
+ - singularity-container <unfixed>
+ NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8
+ NOTE: https://github.com/sylabs/sif/commit/21972852d8783bc93fbf080190de8e1978f1c254 (v2.8.1)
+ NOTE: https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52 (v2.8.1)
CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
- node-matrix-js-sdk <unfixed> (bug #1021136)
NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d340057e63ef412932665d40e89db4b78990feb5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d340057e63ef412932665d40e89db4b78990feb5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221007/47b96b55/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list