[Git][security-tracker-team/security-tracker][master] Add upstream fix commit for CVE-2022-40716, CVE-2022-29153

Abhijith PA (@abhijith) abhijith at debian.org
Mon May 1 14:04:54 BST 2023 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa087277 by Abhijith PA at 2023-05-01T18:33:01+05:30
Add upstream fix commit for CVE-2022-40716, CVE-2022-29153

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52649,6 +52649,7 @@ CVE-2022-40717 (This vulnerability allows network-adjacent attackers to execute
 CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...)
 	- consul <unfixed> (bug #1027161)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
+	NOTE: https://github.com/hashicorp/consul/commit/ae822d752ad36007e353249691a0ef318cf55d08 (1.11.9)
 CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Trave ...)
 	NOT-FOR-US: NOKIA
 CVE-2022-40714 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...)
@@ -84961,6 +84962,7 @@ CVE-2022-29154 (An issue was discovered in rsync before 3.2.5 that allows malici
 CVE-2022-29153 (HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11. ...)
 	- consul <unfixed> (bug #1017982)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
+	NOTE: https://github.com/hashicorp/consul/commit/72e1ce6317d6a4b28c73cd15f3976eb2c362be19 (1.9.17)
 CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...)
 	NOT-FOR-US: Ericom
 CVE-2022-29151 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa087277467cb3ed72e7de42802189c8bcafa364

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa087277467cb3ed72e7de42802189c8bcafa364
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230501/3f778a37/attachment.htm>

More information about the debian-security-tracker-commits mailing list