[Git][security-tracker-team/security-tracker][master] Triage some wabt CVE as fixed in unstable and earlier versions.
Markus Koschany (@apo)
apo at debian.org
Mon Sep 4 11:39:56 BST 2023
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
653297d6 by Markus Koschany at 2023-09-04T12:39:44+02:00
Triage some wabt CVE as fixed in unstable and earlier versions.
According to upstream CVE-2022-43280, CVE-2022-43281, CVE-2022-43282 and
CVE-2022-43283 have been fixed with pull request
https://github.com/WebAssembly/wabt/pull/1887
https://github.com/WebAssembly/wabt/pull/1931
First fixing version in Debian was 1.0.30-1
Pull request https://github.com/WebAssembly/wabt/pull/2218
fixed at least CVE-2023-31670.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13011,7 +13011,7 @@ CVE-2023-31740 (There is a command injection vulnerability in the Linksys E2000
CVE-2023-31708 (A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers ...)
NOT-FOR-US: EyouCMS
CVE-2023-31670 (An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and ...)
- - wabt <unfixed> (unimportant)
+ - wabt 1.0.33-1 (unimportant)
NOTE: https://github.com/WebAssembly/wabt/issues/2199
NOTE: Crash in CLI tool, no security impact
CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in /authenticatio ...)
@@ -61441,19 +61441,19 @@ CVE-2022-43285 (Nginx NJS v0.7.4 was discovered to contain a segmentation violat
CVE-2022-43284 (Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation vi ...)
NOT-FOR-US: njs
CVE-2022-43283 (wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.)
- - wabt <unfixed> (unimportant)
+ - wabt 1.0.30-1 (unimportant)
NOTE: https://github.com/WebAssembly/wabt/issues/1985
NOTE: Crash in CLI tool, no security impact
CVE-2022-43282 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...)
- - wabt <unfixed> (unimportant)
+ - wabt 1.0.30-1 (unimportant)
NOTE: https://github.com/WebAssembly/wabt/issues/1983
NOTE: Crash in CLI tool, no security impact
CVE-2022-43281 (wasm-interp v1.0.29 was discovered to contain a heap overflow via the ...)
- - wabt <unfixed> (unimportant)
+ - wabt 1.0.30-1 (unimportant)
NOTE: https://github.com/WebAssembly/wabt/issues/1981
NOTE: Crash in CLI tool, no security impact
CVE-2022-43280 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...)
- - wabt <unfixed> (unimportant)
+ - wabt 1.0.30-1 (unimportant)
NOTE: https://github.com/WebAssembly/wabt/issues/1982
NOTE: Crash in CLI tool, no security impact
CVE-2022-43279 (LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerabil ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653297d601c73f51176d8eac23734a5ed27a9630
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653297d601c73f51176d8eac23734a5ed27a9630
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230904/5a28549f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list