[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-4132,jss: Buster is not affected

Sun Sep 24 22:52:43 BST 2023


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4576e32 by Markus Koschany at 2023-09-24T23:48:03+02:00
CVE-2022-4132,jss: Buster is not affected

The vulnerable code was introduced later in 5.x.

- - - - -
670c7491 by Markus Koschany at 2023-09-24T23:52:12+02:00
Link to hoteldruid bug report

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -238,17 +238,17 @@ CVE-2023-43478 (fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH100
 CVE-2023-43477 (The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra  ...)
 	NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware
 CVE-2023-43377 (A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_c ...)
-	- hoteldruid <unfixed>
+	- hoteldruid <unfixed> (bug #1052572)
 CVE-2023-43376 (A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php  ...)
-	- hoteldruid <unfixed>
+	- hoteldruid <unfixed> (bug #1052572)
 CVE-2023-43375 (Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vul ...)
-	- hoteldruid <unfixed>
+	- hoteldruid <unfixed> (bug #1052572)
 CVE-2023-43374 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...)
-	- hoteldruid <unfixed>
+	- hoteldruid <unfixed> (bug #1052572)
 CVE-2023-43373 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...)
-	- hoteldruid <unfixed>
+	- hoteldruid <unfixed> (bug #1052572)
 CVE-2023-43371 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...)
-	- hoteldruid <unfixed>
+	- hoteldruid <unfixed> (bug #1052572)
 CVE-2023-43207 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command  ...)
 	NOT-FOR-US: D-Link
 CVE-2023-43206 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command  ...)
@@ -53764,6 +53764,7 @@ CVE-2022-4133
 CVE-2022-4132 [Tomcat: Memory leak in JSS]
 	RESERVED
 	- jss <unfixed>
+	[buster] - jss <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147372
 	NOTE: Triggered by: https://github.com/dogtagpki/jss/pull/928
 	NOTE: Upstream PR: https://github.com/dogtagpki/jss/pull/970



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ea70a64a6a25a3cd1abe61b6894f25c018f10d9...670c7491ac5b41d8e232a71bf289dd5d0b3e1775

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ea70a64a6a25a3cd1abe61b6894f25c018f10d9...670c7491ac5b41d8e232a71bf289dd5d0b3e1775
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230924/fc5fe2f6/attachment.htm>
