[Git][security-tracker-team/security-tracker][master] Add CVE-2022-35929/cosign
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 10 08:49:58 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
adff0131 by Salvatore Bonaccorso at 2026-01-10T09:49:07+01:00
Add CVE-2022-35929/cosign
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -332311,7 +332311,9 @@ CVE-2022-35931 (Nextcloud Password Policy is an app that enables a Nextcloud ser
CVE-2022-35930 (PolicyController is a utility used to enforce supply chain policy in K ...)
NOT-FOR-US: sigstore/policy-controller
CVE-2022-35929 (cosign is a container signing and verification utility. In versions pr ...)
- NOT-FOR-US: Cosign
+ - cosign <not-affected> (Fixed before initial upload to archive)
+ NOTE: https://github.com/sigstore/cosign/security/advisories/GHSA-vjxv-45g9-9296
+ NOTE: Fixed by: https://github.com/sigstore/cosign/commit/c5fda01a8ff33ca981f45a9f13e7fb6bd2080b94 (v1.10.1)
CVE-2022-35928 (AES Crypt is a file encryption software for multiple platforms. AES Cr ...)
NOT-FOR-US: AES Crypt
CVE-2022-35927 (Contiki-NG is an open-source, cross-platform operating system for IoT ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adff01318d67b4e52bdf4aa1f1d9771d507ea766
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adff01318d67b4e52bdf4aa1f1d9771d507ea766
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260110/d0de70c0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list