[Git][security-tracker-team/security-tracker][master] CVE-2022-39369

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
804061b6 by Bastien Roucariès at 2024-07-23T16:25:01+00:00
CVE-2022-39369

oscinventory-server embded (vendor) a vulnerable version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -150685,9 +150685,11 @@ CVE-2022-39370 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is
 CVE-2022-39369 (phpCAS is an authentication library that allows PHP applications to ea ...)
 	{DLA-3485-1}
 	- php-cas 1.6.0-1 (bug #1023571)
+	- ocsinventory-server 2.8.1+dfsg1+~2.11.1-1
 	[bullseye] - php-cas <no-dsa> (Will be fixed via a point release)
 	NOTE: https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64
 	NOTE: Fixed by: https://github.com/apereo/phpCAS/commit/b759361d904a2cb2a3bcee9411fc348cfde5d163 (1.6.0)
+	NOTE: oscinventory-server under bullseye include vendored copy
 CVE-2022-39368 (Eclipse Californium is a Java implementation of RFC7252 - Constrained  ...)
 	NOT-FOR-US: Eclipse Californium
 CVE-2022-39367 (QTIWorks is a software suite for standards-based assessment delivery.  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/804061b6e2de37d3fe6b54dbae31ab8dbcd71b23

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/804061b6e2de37d3fe6b54dbae31ab8dbcd71b23
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240723/62299fab/attachment.htm>