[Git][security-tracker-team/security-tracker][master] last batch of wasmtime fixes

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 2 15:19:18 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22fec125 by Moritz Mühlenhoff at 2025-05-02T16:16:48+02:00
last batch of wasmtime fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -257833,7 +257833,8 @@ CVE-2022-31171
 CVE-2022-31170 (OpenZeppelin Contracts is a library for smart contract development. Ve ...)
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2022-31169 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wa ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7f6x-jwh5-m9r4
 CVE-2022-31168 (Zulip is an open source team chat tool. Due to an incorrect authorizat ...)
 	- zulip-server <itp> (bug #800052)
 CVE-2022-31167 (XWiki Platform Security Parent POM contains the security APIs for XWik ...)
@@ -309785,13 +309786,16 @@ CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform.
 CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...)
 	NOT-FOR-US: Nextcloud Mail
 CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime be ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx
 CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49
 CVE-2021-39217 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and  ...)
 	NOT-FOR-US: OpenMage
 CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf
 CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...)
 	- jitsi-meet <itp> (bug #760485)
 CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22fec125a0d4a7edb08036f2d103b8bcdd0b6461

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22fec125a0d4a7edb08036f2d103b8bcdd0b6461
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250502/b7bdb17f/attachment.htm>

More information about the debian-security-tracker-commits mailing list