[Git][security-tracker-team/security-tracker][master] Add CVE-2022-48522/perl

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2e0d5dc by Salvatore Bonaccorso at 2023-08-23T21:56:22+02:00
Add CVE-2022-48522/perl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -182,7 +182,12 @@ CVE-2022-48538 (In Cacti 1.2.19, there is an authentication bypass in the web lo
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/9b53889c340031be67b62006a516e847b3793dcb (release/1.2.23)
 	NOTE: Only an issue when running with PHP8.2.
 CVE-2022-48522 (In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based c ...)
-	TODO: check
+	- perl 5.36.0-4 (unimportant)
+	NOTE: Might be related to https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667
+	NOTE: which is just a infinite recursion exhausting the stack, with negligible security
+	NOTE: impact.
+	NOTE: https://github.com/Perl/perl5/issues/19147
+	NOTE: Fixed by: https://github.com/Perl/perl5/commit/23cca2d1f4544cb47f1124d98c308ce1f31f09a6 (v5.35.5)
 CVE-2023-XXXX [RUSTSEC-2023-0053: rustls-webpki: CPU denial of service in certificate path building]
 	- rust-rustls-webpki <unfixed> (bug #1050298)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0053.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2e0d5dc207c0e881cc0e9f7ae399cd981810d23

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2e0d5dc207c0e881cc0e9f7ae399cd981810d23
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230823/efe53317/attachment.htm>