[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3064/golang-yaml.v2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 24 08:18:43 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f6bad258 by Salvatore Bonaccorso at 2023-01-24T09:18:13+01:00
Add CVE-2022-3064/golang-yaml.v2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35534,7 +35534,9 @@ CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions sta
CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amount ...)
- TODO: check
+ - golang-yaml.v2 2.2.8-1
+ NOTE: https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5 (v2.2.4)
+ TODO: check if affect other versions of "go-yaml"
CVE-2022-3063
REJECTED
CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6bad258e6b384885cd94ac90e023d45cbe7a781
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6bad258e6b384885cd94ac90e023d45cbe7a781
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230124/b0389ee6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list