[Git][security-tracker-team/security-tracker][master] Track fixed version for libowasp-antisamy-java via unstable

Sun Dec 3 12:01:47 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a908fbb by Salvatore Bonaccorso at 2023-12-03T13:01:07+01:00
Track fixed version for libowasp-antisamy-java via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9173,7 +9173,7 @@ CVE-2023-43697 (Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK
 CVE-2023-43696 (Improper Access Control in SICK APU allows an unprivileged remote atta ...)
 	NOT-FOR-US: SICK
 CVE-2023-43643 (AntiSamy is a library for performing fast, configurable cleansing of H ...)
-	- libowasp-antisamy-java <unfixed> (bug #1054164)
+	- libowasp-antisamy-java 1.7.4-1 (bug #1054164)
 	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -117743,7 +117743,7 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the
 	NOTE: Vulnerability introduced by:
 	NOTE: https://github.com/dompdf/dompdf/commit/0e0261b7bce372b3a05b712a023f6f742a22d57e (v0.8.0)
 CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE ...)
-	- libowasp-antisamy-java <unfixed> (bug #1010154)
+	- libowasp-antisamy-java 1.7.4-1 (bug #1010154)
 	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -117752,7 +117752,7 @@ CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on
 	NOTE: Make sure to fix the issue completely and include the commit otherwise opening CVE-2022-29577
 	NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
 CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via crafte ...)
-	- libowasp-antisamy-java <unfixed> (bug #1010154)
+	- libowasp-antisamy-java 1.7.4-1 (bug #1010154)
 	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -171790,7 +171790,7 @@ CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, a
 CVE-2021-35044
 	RESERVED
 CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using  ...)
-	- libowasp-antisamy-java <unfixed> (bug #1014981)
+	- libowasp-antisamy-java 1.7.4-1 (bug #1014981)
 	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -411996,7 +411996,7 @@ CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementati
 CVE-2017-14736
 	RESERVED
 CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstr ...)
-	- libowasp-antisamy-java <unfixed> (bug #1014981)
+	- libowasp-antisamy-java 1.7.4-1 (bug #1014981)
 	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -445733,7 +445733,7 @@ CVE-2016-10008 (SQL injection vulnerability in the "Content Types > Content Type
 CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen in dotCM ...)
 	NOT-FOR-US: dotCMS
 CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted inpu ...)
-	- libowasp-antisamy-java <unfixed> (bug #1014981)
+	- libowasp-antisamy-java 1.7.4-1 (bug #1014981)
 	[bookworm] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a908fbb4deeaa34bd1966e03e1daff12e47c987

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a908fbb4deeaa34bd1966e03e1daff12e47c987
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231203/c0460ef3/attachment.htm>
