[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Feb 27 19:53:14 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ae3324c by Moritz Muehlenhoff at 2023-02-27T20:52:48+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9554,7 +9554,7 @@ CVE-2011-10001 (A vulnerability was found in iamdroppy phoenixcf. It has been de
 CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesam ...)
 	NOT-FOR-US: simplesamlphp-module-openidprovider
 CVE-2023-XXXX [RUSTSEC-2022-0078]
-	- rust-bumpalo <unfixed>
+	- rust-bumpalo <unfixed> (bug #1032088)
 	[bullseye] - rust-bumpalo <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0078.html
 	NOTE: https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111
@@ -17631,8 +17631,8 @@ CVE-2022-4494 (A vulnerability, which was classified as critical, has been found
 CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affected b ...)
 	NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output)
 CVE-2022-4492 (The undertow client is not checking the server identity presented by t ...)
-	- undertow <unfixed>
-	TODO: check details, https://bugzilla.redhat.com/show_bug.cgi?id=2153260 has missing public details
+	- undertow <unfixed> (bug #1032087)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2153260 has missing public details
 CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4490
@@ -25277,7 +25277,7 @@ CVE-2022-44902
 CVE-2022-44901
 	RESERVED
 CVE-2022-44900 (A directory traversal vulnerability in the SevenZipFile.extractall() f ...)
-	- py7zr <unfixed>
+	- py7zr <unfixed> (bug #1032091)
 	NOTE: https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406 (v0.20.1)
 	NOTE: https://lessonsec.com/cve/cve-2022-44900/
 CVE-2022-44899
@@ -40711,7 +40711,7 @@ CVE-2022-40154
 CVE-2022-40153
 	REJECTED
 CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of  ...)
-	- libwoodstox-java <unfixed>
+	- libwoodstox-java <unfixed> (bug #1032089)
 	[bullseye] - libwoodstox-java <no-dsa> (Minor issue)
 	[buster] - libwoodstox-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/x-stream/xstream/issues/304
@@ -42831,7 +42831,7 @@ CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table o
 	NOT-FOR-US: DiscoTOC Discourse theme
 CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DSA-5358-1 DLA-3335-1}
-	- asterisk <unfixed>
+	- asterisk <unfixed> (bug #1032092)
 	- pjproject <removed>
 	- ring 20230206.0~ds1-1
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg
@@ -88826,14 +88826,14 @@ CVE-2022-23548 (Discourse is an option source discussion platform. Prior to vers
 	NOT-FOR-US: Discourse
 CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DSA-5358-1 DLA-3335-1}
-	- asterisk <unfixed>
+	- asterisk <unfixed> (bug #1032092)
 	- ring 20230206.0~ds1-1
 	- pjproject <removed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
 	NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
 CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DSA-5358-1 DLA-3335-1}
-	- asterisk <unfixed>
+	- asterisk <unfixed> (bug #1032092)
 	- ring 20230206.0~ds1-1
 	- pjproject <removed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ae3324ced9499920d98bec6ebccbd9d1a4b6246

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ae3324ced9499920d98bec6ebccbd9d1a4b6246
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230227/70d0d380/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list