[Git][security-tracker-team/security-tracker][master] Add libusrsctp for CVE-2022-46871

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe981b1a by Salvatore Bonaccorso at 2023-05-13T11:37:11+02:00
Add libusrsctp for CVE-2022-46871

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33290,12 +33290,15 @@ CVE-2022-46872 (An attacker who compromised a content process could have partial
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872
 CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities that cou ...)
 	{DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1}
+	- libusrsctp 0.9.3.0+20201007-1
 	- firefox 108.0-1
 	- firefox-esr 102.7.0esr-1
 	- thunderbird 1:102.7.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46871
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46871
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46871
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/libusrsctp/+bug/2015448
+	NOTE: https://github.com/sctplab/usrsctp/commit/939d48f9632d69bf170c7a84514b312b6b42257d (0.9.4.0)
 CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
 	NOT-FOR-US: Apache Zeppelin
 CVE-2022-46869



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe981b1a5f8c0e39532b17cf3a366658559c3a5d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe981b1a5f8c0e39532b17cf3a366658559c3a5d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230513/3d309d0f/attachment.htm>