[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3064/golang-yaml.v2

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 24 08:18:43 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6bad258 by Salvatore Bonaccorso at 2023-01-24T09:18:13+01:00
Add CVE-2022-3064/golang-yaml.v2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35534,7 +35534,9 @@ CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions sta
 CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amount ...)
-	TODO: check
+	- golang-yaml.v2 2.2.8-1
+	NOTE: https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5 (v2.2.4)
+	TODO: check if affect other versions of "go-yaml"
 CVE-2022-3063
 	REJECTED
 CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6bad258e6b384885cd94ac90e023d45cbe7a781

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6bad258e6b384885cd94ac90e023d45cbe7a781
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230124/b0389ee6/attachment.htm>


More information about the debian-security-tracker-commits mailing list