[Git][security-tracker-team/security-tracker][master] Update information on CVE-2022-2309
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 29 22:03:53 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23c831d3 by Salvatore Bonaccorso at 2023-06-29T23:03:33+02:00
Update information on CVE-2022-2309
libxml2 project itself considers to be affected by the CVE-2022-2309 as
covered by the same CVE id. So add libxml2 as well to the entry and
track the respective upstream references.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -73764,8 +73764,14 @@ CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of se
- lxml 4.9.1-1 (bug #1014766)
[bullseye] - lxml <no-dsa> (Minor issue)
[buster] - lxml <no-dsa> (Minor issue)
+ - libxml2 <unfixed>
+ [bookworm] - libxml2 <no-dsa> (Minor issue)
+ [bullseye] - libxml2 <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba/
NOTE: https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f (lxml-4.9.1)
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5930fe01963136ab92125feec0c6204d9c9225dc (v2.10.0)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/a82ea25fc83f563c574ddb863d6c17d9c5abdbd2 (v2.10.0)
CVE-2022-2308 (A flaw was found in vDPA with VDUSE backend. There are currently no ch ...)
- linux 6.0.2-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23c831d3637c69ee54c765942b8517315222db75
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23c831d3637c69ee54c765942b8517315222db75
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230629/19828052/attachment.htm>
More information about the debian-security-tracker-commits
mailing list