[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-1471,snakeyaml: unimportant
Markus Koschany (@apo)
apo at debian.org
Sun Feb 19 16:40:28 GMT 2023
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8b5ce926 by Markus Koschany at 2023-02-19T17:30:56+01:00
CVE-2022-1471,snakeyaml: unimportant
Snakeyaml is not designed to process untrusted YAML input. This has been
clarified for users in version 1.33-2 with a README.Debian.security file.
See also Debian bug #1030046
- - - - -
823329f4 by Markus Koschany at 2023-02-19T17:33:20+01:00
CVE-2022-41854,snakeyaml: fixed in 1.33-1
According to the Google fuzzer this issue was fixed between 20220911 and
20220912. Version 1.32 was released back then. The first version in Debian was
1.33-1 and I assume this is fixed now. According to the CVE description the
parser would crash by stack overflow. A limit to the nesting depth of YAML
files has been already introduced with other CVE fixes, so that shouldn't be a
problem anymore.
- - - - -
8cada0ea by Markus Koschany at 2023-02-19T17:38:31+01:00
CVE-2022-41854,snakeyaml: Buster is not affected
because this issue was addressed in version 1.23-1+deb10u1. Bullseye will be
fixed with a point update in the near future.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33392,7 +33392,8 @@ CVE-2022-41856
CVE-2022-41855
REJECTED
CVE-2022-41854 (Those using Snakeyaml to parse untrusted YAML files may be vulnerable ...)
- - snakeyaml <unfixed>
+ - snakeyaml 1.33-1
+ [buster] - snakeyaml 1.23-1+deb10u1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
TODO: check details
CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb ...)
@@ -66712,7 +66713,7 @@ CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table, cont
CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does not pro ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1471 (SnakeYaml's Constructor() class does not restrict types which can be i ...)
- - snakeyaml <unfixed>
+ - snakeyaml <unfixed> (unimportant)
NOTE: https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
CVE-2022-1470 (The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 doe ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7810985b3197b87328b0961c533dab1911a47e9d...8cada0ea4fb8132e0d35bae7b26fd955f3a1fc5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7810985b3197b87328b0961c533dab1911a47e9d...8cada0ea4fb8132e0d35bae7b26fd955f3a1fc5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230219/8bc2a9de/attachment.htm>
More information about the debian-security-tracker-commits
mailing list