[Git][security-tracker-team/security-tracker][master] Add Matrix SDK related CVEs

Thu Sep 29 10:11:57 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ee8d0e6 by Salvatore Bonaccorso at 2022-09-29T11:11:29+02:00
Add Matrix SDK related CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5858,11 +5858,11 @@ CVE-2022-39259
 CVE-2022-39258 (mailcow is a mailserver suite. A vulnerability innversions prior to 20 ...)
 	NOT-FOR-US: mailcow
 CVE-2022-39257 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...)
-	TODO: check
+	NOT-FOR-US: Matrix iOS SDK
 CVE-2022-39256 (Orckestra C1 CMS is a .NET based Web Content Management System. A vuln ...)
 	NOT-FOR-US: Orckestra C1 CMS
 CVE-2022-39255 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...)
-	TODO: check
+	NOT-FOR-US: Matrix iOS SDK
 CVE-2022-39254
 	RESERVED
 CVE-2022-39253
@@ -5870,17 +5870,26 @@ CVE-2022-39253
 CVE-2022-39252
 	RESERVED
 CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
-	TODO: check
+	- node-matrix-js-sdk <undetermined>
+	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
+	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
+	NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
+	TODO: check if affecting the nodejs version of matrix-js-sdk
 CVE-2022-39250
 	RESERVED
 CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
-	TODO: check
+	- node-matrix-js-sdk <undetermined>
+	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
+	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
+	NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3061
+	NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
+	TODO: check if affecting the nodejs version of matrix-js-sdk
 CVE-2022-39248 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...)
-	TODO: check
+	NOT-FOR-US: Matrix SDK for Android
 CVE-2022-39247
 	RESERVED
 CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...)
-	TODO: check
+	NOT-FOR-US: Matrix SDK for Android
 CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
 	TODO: check
 CVE-2022-39244
@@ -5900,7 +5909,11 @@ CVE-2022-39238 (Arvados is an open source platform for managing and analyzing bi
 CVE-2022-39237
 	RESERVED
 CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
-	TODO: check
+	- node-matrix-js-sdk <undetermined>
+	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
+	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
+	NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3488
+	TODO: check if affects nodejs version of matrix-js-sdk
 CVE-2022-39235
 	RESERVED
 CVE-2022-39234



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ee8d0e6d607d3470a359af5fff8fc271f34c526

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ee8d0e6d607d3470a359af5fff8fc271f34c526
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220929/66d38d56/attachment.htm>
