[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2021-46877 in jackson-databind for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Tue Mar 28 12:35:16 BST 2023
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
37c4fa8f by Chris Lamb at 2023-03-28T12:32:11+01:00
Triage CVE-2021-46877 in jackson-databind for buster LTS.
- - - - -
add974a5 by Chris Lamb at 2023-03-28T12:32:39+01:00
Triage CVE-2023-28154 in node-webpack for buster LTS.
- - - - -
ab91aca2 by Chris Lamb at 2023-03-28T12:33:33+01:00
Triage CVE-2023-28617 in org-mode for buster LTS.
- - - - -
ebe1f48c by Chris Lamb at 2023-03-28T12:33:55+01:00
Triage CVE-2023-26249 in knot-resolver for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1059,6 +1059,7 @@ CVE-2023-1496 (Cross-site Scripting (XSS) - Reflected in GitHub repository imgpr
CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...)
- org-mode <unfixed> (bug #1033341)
[bullseye] - org-mode <no-dsa> (Minor issue)
+ [buster] - org-mode <no-dsa> (Minor issue)
- emacs <unfixed> (bug #1033342)
[bullseye] - emacs <no-dsa> (Minor issue)
NOTE: https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e
@@ -1109,6 +1110,7 @@ CVE-2022-48422 (ONLYOFFICE Docs through 7.3 on certain Linux distributions allow
CVE-2021-46877 (jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before ...)
- jackson-databind 2.13.2.2-1
[bullseye] - jackson-databind <no-dsa> (Minor issue)
+ [buster] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw
NOTE: https://github.com/FasterXML/jackson-databind/issues/3328
NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-2.12.6)
@@ -2554,6 +2556,7 @@ CVE-2023-28155 (** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88
CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object access. Impo ...)
- node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904)
[bullseye] - node-webpack <no-dsa> (Minor issue)
+ [buster] - node-webpack <no-dsa> (Minor issue)
NOTE: https://github.com/webpack/webpack/pull/16500
NOTE: Merge commit: https://github.com/webpack/webpack/commit/4b4ca3bb53f36a5b8fc6bc1bd976ed7af161bd80 (v5.76.0)
CVE-2023-1363 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -7779,6 +7782,7 @@ CVE-2023-26250
CVE-2023-26249 (Knot Resolver before 5.6.0 enables attackers to consume its resources, ...)
- knot-resolver 5.6.0-1
[bullseye] - knot-resolver <no-dsa> (Minor issue)
+ [buster] - knot-resolver <no-dsa> (Minor issue)
NOTE: https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html
CVE-2023-26248
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b40139fb5583dfc9e120612c5f39c3d4774fbef1...ebe1f48c8a56c0d9c2e62fe542ac48aa6eaee93f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b40139fb5583dfc9e120612c5f39c3d4774fbef1...ebe1f48c8a56c0d9c2e62fe542ac48aa6eaee93f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230328/73a11a36/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list