[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jan 29 08:10:27 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c8b7cd73 by security tracker role at 2023-01-29T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,37 @@
-CVE-2023-0562
+CVE-2023-24607
RESERVED
+CVE-2023-24606
+ RESERVED
+CVE-2023-24605
+ RESERVED
+CVE-2023-24604
+ RESERVED
+CVE-2023-24603
+ RESERVED
+CVE-2023-24602
+ RESERVED
+CVE-2023-24601
+ RESERVED
+CVE-2023-24600
+ RESERVED
+CVE-2023-24599
+ RESERVED
+CVE-2023-24598
+ RESERVED
+CVE-2023-24597
+ RESERVED
+CVE-2023-0566
+ RESERVED
+CVE-2023-0565
+ RESERVED
+CVE-2023-0564 (Weak Password Requirements in GitHub repository froxlor/froxlor prior ...)
+ TODO: check
+CVE-2023-0563 (A vulnerability classified as problematic has been found in PHPGurukul ...)
+ TODO: check
+CVE-2022-48285 (loadAsync in JSZip before 3.8.0 allows Directory Traversal via a craft ...)
+ TODO: check
+CVE-2023-0562 (A vulnerability was found in PHPGurukul Bank Locker Management System ...)
+ TODO: check
CVE-2023-0561 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0560 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -32,8 +64,8 @@ CVE-2022-48284
RESERVED
CVE-2022-48283
RESERVED
-CVE-2021-4315
- RESERVED
+CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and class ...)
+ TODO: check
CVE-2023-24595
RESERVED
CVE-2023-24583
@@ -1386,6 +1418,7 @@ CVE-2023-0435 (Excessive Attack Surface in GitHub repository pyload/pyload prior
CVE-2022-4895
RESERVED
CVE-2022-48281 (processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has ...)
+ {DSA-5333-1}
- tiff 4.5.0-4 (bug #1029653)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/488
@@ -5055,6 +5088,7 @@ CVE-2023-22850 (Tiki before 24.1, when the Spreadsheets feature is enabled, allo
CVE-2021-4307 (A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has ...)
NOT-FOR-US: Yomguithereal Baobab
CVE-2020-36646 (A vulnerability classified as problematic has been found in MediaArea ...)
+ {DLA-3290-1}
- libzen 0.4.39-1
[bullseye] - libzen <no-dsa> (Minor issue)
NOTE: https://github.com/MediaArea/ZenLib/pull/119
@@ -24277,7 +24311,7 @@ CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 2.
NOT-FOR-US: EdgeRouters
CVE-2022-43552 [HTTP Proxy deny use-after-free]
RESERVED
- {DSA-5330-1}
+ {DSA-5330-1 DLA-3288-1}
- curl 7.86.0-3 (bug #1026830)
NOTE: https://curl.se/docs/CVE-2022-43552.html
NOTE: Introduced by (telnet): https://github.com/curl/curl/commit/b7eeb6e67fca686f840eacd6b8394edb58b07482 (curl-7_16_0)
@@ -24563,6 +24597,7 @@ CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified as
NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f (5.65)
NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6f02010ce0043ec2e17eb15f2a1dd42f6c64e223 (5.65)
CVE-2022-3636 (A vulnerability, which was classified as critical, was found in Linux ...)
+ {DSA-5333-1}
- linux <not-affected> (No vulnerable code in any upstream or Debian released version)
NOTE: https://git.kernel.org/linus/17a5f6a78dc7b8db385de346092d7d9f9dc24df6
CVE-2022-3635 (A vulnerability, which was classified as critical, has been found in L ...)
@@ -24600,7 +24635,7 @@ CVE-2022-3628 (A buffer overflow flaw was found in the Linux kernel Broadcom Ful
[bullseye] - linux 5.10.158-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/29/1
CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411
@@ -24691,7 +24726,7 @@ CVE-2022-3601 (The Image Hover Effects Css3 WordPress plugin through 4.5 does no
CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398
@@ -24701,7 +24736,7 @@ CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesS
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435
CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413
@@ -24903,7 +24938,7 @@ CVE-2022-3572 (A cross-site scripting issue has been discovered in GitLab CE/EE
CVE-2022-3571
RESERVED
CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff librar ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/381
@@ -28876,7 +28911,7 @@ CVE-2022-41905 (WsgiDAV is a generic and extendable WebDAV server based on WSGI.
CVE-2022-41904 (Element iOS is an iOS Matrix client provided by Element. It is based o ...)
NOT-FOR-US: Element iOS
CVE-2022-41903 (Git is distributed revision control system. `git log` can display comm ...)
- {DLA-3282-1}
+ {DSA-5332-1 DLA-3282-1}
- git 1:2.39.1-0.1 (bug #1029114)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
NOTE: https://github.com/git/git/commit/a244dc5b0a629290881641467c7a545de7508ab2
@@ -35490,7 +35525,7 @@ CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.
NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
NOTE: https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b (v1.44.7, v2.15.3, v3.4.3)
CVE-2022-39260 (Git is an open source, scalable, distributed revision control system. ...)
- {DLA-3239-1}
+ {DSA-5332-1 DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
@@ -35513,7 +35548,7 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according
NOTE: https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh
NOTE: https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0 (0.20.0)
CVE-2022-39253 (Git is an open source, scalable, distributed revision control system. ...)
- {DLA-3239-1}
+ {DSA-5332-1 DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
@@ -37335,6 +37370,7 @@ CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may reve
CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may allow a Us ...)
NOT-FOR-US: CrowCpp
CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tool ...)
+ {DSA-5333-1}
- tiff 4.4.0-6 (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/414
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
@@ -38245,18 +38281,18 @@ CVE-2022-38105 (An information disclosure vulnerability exists in the cm_process
CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...)
NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw that c ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351
@@ -43457,6 +43493,7 @@ CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089 (v9.0.0061)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid pointer free ...)
+ {DSA-5333-1}
- tiff 4.4.0-6 (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/422
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
@@ -43464,6 +43501,7 @@ CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid pointer
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion f ...)
+ {DSA-5333-1}
- tiff 4.4.0-6 (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/424
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
@@ -43471,6 +43509,7 @@ CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assert
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
CVE-2022-2519 (There is a double free or corruption in rotateImage() at tiffcrop.c:88 ...)
+ {DSA-5333-1}
- tiff 4.4.0-6 (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/423
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
@@ -46577,6 +46616,7 @@ CVE-2022-35254 (An unauthenticated attacker can cause a denial-of-service to the
CVE-2022-35253
REJECTED
CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S) server, ...)
+ {DLA-3288-1}
- curl 7.85.0-1 (bug #1018831)
[bullseye] - curl 7.74.0-1.3+deb11u3
NOTE: https://curl.se/docs/CVE-2022-35252.html
@@ -48826,7 +48866,7 @@ CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was discovered to contain a stac
CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a command in ...)
NOT-FOR-US: D-Link
CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function of Tiff ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-4
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990
@@ -52795,19 +52835,19 @@ CVE-2017-20053 (A vulnerability was found in XYZScripts Contact Form Manager Plu
CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2.7.13. ...)
NOT-FOR-US: pgadmin on Windows
CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
@@ -54828,7 +54868,7 @@ CVE-2022-32222 (A cryptographic vulnerability exists on Node.js on linux in vers
NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222
NOTE: https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001
CVE-2022-32221 (When doing HTTP(S) transfers, libcurl might erroneously use the read c ...)
- {DSA-5330-1}
+ {DSA-5330-1 DLA-3288-1}
- curl 7.86.0-1
NOTE: https://curl.se/docs/CVE-2022-32221.html
NOTE: https://github.com/curl/curl/issues/9507
@@ -60511,12 +60551,14 @@ CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injectio
CVE-2022-26041 (Directory traversal vulnerability in RCCMD 4.26 and earlier allows a r ...)
NOT-FOR-US: RCCMD
CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...)
+ {DSA-5333-1}
- tiff 4.4.0~rc1-1
[buster] - tiff <not-affected> (Vulnerable code introduced later, PoCs don't trigger)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a (v4.4.0rc1)
NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...)
+ {DSA-5333-1}
- tiff 4.4.0~rc1-1
[buster] - tiff <not-affected> (Vulnerable code introduced later, PoCs don't trigger)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a (v4.4.0rc1)
@@ -63749,13 +63791,13 @@ CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated attac
CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By default, a ...)
NOT-FOR-US: Cambium Networks cnMaestro
CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.3.0-8 (bug #1011160)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/400
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/323
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2
CVE-2022-1354 (A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFR ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.3.0-7
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
@@ -63993,7 +64035,7 @@ CVE-2022-29189 (Pion DTLS is a Go implementation of Datagram Transport Layer Sec
CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for Smokescreen is ...)
NOT-FOR-US: Smokescreen
CVE-2022-29187 (Git is a distributed revision control system. Git prior to versions 2. ...)
- {DLA-3239-1}
+ {DSA-5332-1 DLA-3239-1}
- git 1:2.37.2-1 (bug #1014848)
NOTE: https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html
NOTE: https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688 (v2.30.5)
@@ -68266,7 +68308,7 @@ CVE-2022-27775 (An information disclosure vulnerability exists in curl 7.65.0 to
NOTE: Introduced by: https://github.com/curl/curl/commit/2d0e9b40d3237b1450cbbfbcb996da244d964898 (curl-7_65_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705 (curl-7_83_0)
CVE-2022-27774 (An insufficiently protected credentials vulnerability exists in curl 4 ...)
- {DSA-5197-1}
+ {DSA-5197-1 DLA-3288-1}
- curl 7.83.0-1 (bug #1010254)
NOTE: https://curl.se/docs/CVE-2022-27774.html
NOTE: Fixed by: https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79 (curl-7_83_0)
@@ -76883,7 +76925,7 @@ CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy.
NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3
NOTE: https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b (v8.0.0)
CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific patches. ...)
- {DLA-3239-1}
+ {DSA-5332-1 DLA-3239-1}
- git 1:2.35.2-1
[stretch] - git <no-dsa> (Minor issue)
NOTE: https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064 (v2.30.3)
@@ -81412,7 +81454,7 @@ CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the offs
CVE-2022-23522
RESERVED
CVE-2022-23521 (Git is distributed revision control system. gitattributes are a mechan ...)
- {DLA-3282-1}
+ {DSA-5332-1 DLA-3282-1}
- git 1:2.39.1-0.1 (bug #1029114)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
NOTE: https://github.com/git/git/commit/eb22e7dfa23da6bd9aed9bd1dad69e1e8e167d24
@@ -149192,6 +149234,7 @@ CVE-2021-23452 (This affects all versions of package x-assign. The global proto
CVE-2021-23451 (The package otp-generator before 3.0.0 are vulnerable to Insecure Rand ...)
NOT-FOR-US: Node otp-generator
CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
+ {DLA-3289-1}
- dojo 1.17.2+dfsg1-1 (bug #1014785)
[bullseye] - dojo 1.15.4+dfsg1-1+deb11u1
NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
@@ -229616,6 +229659,7 @@ CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a pat
CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...)
NOT-FOR-US: Wiki.js
CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 ...)
+ {DLA-3289-1}
- dojo 1.15.4+dfsg1-1 (bug #970000)
NOTE: https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
NOTE: https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8b7cd73ff7669a54890d0c11acda6373084e6c5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8b7cd73ff7669a54890d0c11acda6373084e6c5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230129/49e233e1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list