[Git][security-tracker-team/security-tracker][master] Map two more CVEs to libmina-sshd-java

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 26 09:18:06 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7bf81e48 by Salvatore Bonaccorso at 2024-12-26T10:17:35+01:00
Map two more CVEs to libmina-sshd-java

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -126638,7 +126638,8 @@ CVE-2023-32183 (Incorrect Default Permissions vulnerability in the openSUSE Tumb
 CVE-2023-34442 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	NOT-FOR-US: Apache Camel JIRA
 CVE-2023-35887 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	NOT-FOR-US: Apache Mina SSHD
+	- libmina-sshd-java <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
 CVE-2023-33008 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...)
 	NOT-FOR-US: Apache Johnzon
 CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...)
@@ -172741,7 +172742,7 @@ CVE-2022-45049 (A reflected XSS vulnerability has been found in Axiell Iguana CM
 CVE-2022-45048 (Authenticated users with appropriate privileges can create policies ha ...)
 	NOT-FOR-US: Apache Ranger
 CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvide ...)
-	NOT-FOR-US: Apache Mina SSHD
+	- libmina-sshd-java <not-affected> (Fixed before initial upload to Debian)
 CVE-2022-45046
 	REJECTED
 CVE-2022-3899 (The 3dprint WordPress plugin before 3.5.6.9 does not protect against C ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bf81e48b5082f915fb5aecbd4d6dd9e19f7d7e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bf81e48b5082f915fb5aecbd4d6dd9e19f7d7e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241226/9ccb5708/attachment.htm>

More information about the debian-security-tracker-commits mailing list