[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2022-25869 and CVE-2022-25844 as no-dsa for Buster

Sun Sep 25 15:38:38 BST 2022


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06844544 by Thorsten Alteholz at 2022-09-25T16:23:47+02:00
mark CVE-2022-25869 and CVE-2022-25844 as no-dsa for Buster

- - - - -
835bdb50 by Thorsten Alteholz at 2022-09-25T16:31:04+02:00
follow sec team and mark three CVEs for batik as no-dsa

- - - - -
cdb9eaea by Thorsten Alteholz at 2022-09-25T16:37:15+02:00
add bind9

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2853,6 +2853,7 @@ CVE-2022-40147
 CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...)
 	- batik <unfixed> (bug #1020589)
 	[bullseye] - batik <no-dsa> (Minor issue)
+	[buster] - batik <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/3
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1335
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903910
@@ -6596,6 +6597,7 @@ CVE-2022-38649
 CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...)
 	- batik <unfixed> (bug #1020589)
 	[bullseye] - batik <no-dsa> (Minor issue)
+	[buster] - batik <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/4
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1333
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903625
@@ -7324,6 +7326,7 @@ CVE-2020-36592
 CVE-2022-38398 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...)
 	- batik <unfixed> (bug #1020589)
 	[bullseye] - batik <no-dsa> (Minor issue)
+	[buster] - batik <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/2
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1331
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903462
@@ -42150,6 +42153,7 @@ CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pol
 CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site Scripting ...)
 	- angular.js <unfixed>
 	[bullseye] - angular.js <no-dsa> (Minor issue)
+	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
 CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are vulnerable to  ...)
 	NOT-FOR-US: socket.io-client-java
@@ -42206,6 +42210,7 @@ CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to
 CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
 	- angular.js <unfixed> (bug #1014779)
 	[bullseye] - angular.js <no-dsa> (Minor issue)
+	[buster] - angular.js <no-dsa> (Minor issue, probably even not-affected)
 	[stretch] - angular.js <ignored> (Nodejs in stretch not covered by security support)
 	NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
 CVE-2022-25843


=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,9 @@ asterisk
   NOTE: 20220829: Ongoing triaging work. Maybe we should think about syncing
   NOTE: 20220829: bullseye and buster. (apo)
 --
+bind9:
+  NOTE: 20220925: Programming language: C.
+--
 bluez
   NOTE: 20220902: Programming language: C.
   NOTE: 20220902: Consider synchronizing with Stretch. (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7f8f3d0648ba55c543088f90ceb18610d11773d...cdb9eaead2faa2f01f1067200e0e08d6c682eaa0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7f8f3d0648ba55c543088f90ceb18610d11773d...cdb9eaead2faa2f01f1067200e0e08d6c682eaa0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220925/e459168b/attachment.htm>
