[Git][security-tracker-team/security-tracker][master] Add additional references for CVE-2022-40151 and CVE-2022-40152
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 2 20:00:40 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da7114af by Salvatore Bonaccorso at 2023-01-02T20:59:59+01:00
Add additional references for CVE-2022-40151 and CVE-2022-40152
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26948,11 +26948,13 @@ CVE-2022-40153
CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...)
- libwoodstox-java <unfixed>
NOTE: https://github.com/x-stream/xstream/issues/304
+ NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
- libxstream-java <unfixed> (unimportant)
NOTE: https://github.com/x-stream/xstream/issues/304
NOTE: https://github.com/x-stream/xstream/issues/314
NOTE: https://x-stream.github.io/CVE-2022-40151.html
+ NOTE: https://github.com/advisories/GHSA-f8cc-g7j8-xxpm
NOTE: Only solution for the issue is to catch the StackOverflowError in the client code
NOTE: calling XStream.
CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7114af89cb33acce55368a3ad6c6c735123bb4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7114af89cb33acce55368a3ad6c6c735123bb4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230102/bf3920fb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list