Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c8b7cd73 by security tracker role at 2023-01-29T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,37 @@
-CVE-2023-0562
+CVE-2023-24607
RESERVED
+CVE-2023-24606
+ RESERVED
+CVE-2023-24605
+ RESERVED
+CVE-2023-24604
+ RESERVED
+CVE-2023-24603
+ RESERVED
+CVE-2023-24602
+ RESERVED
+CVE-2023-24601
+ RESERVED
+CVE-2023-24600
+ RESERVED
+CVE-2023-24599
+ RESERVED
+CVE-2023-24598
+ RESERVED
+CVE-2023-24597
+ RESERVED
+CVE-2023-0566
+ RESERVED
+CVE-2023-0565
+ RESERVED
+CVE-2023-0564 (Weak Password Requirements in GitHub repository froxlor/froxlor
prior ...)
+ TODO: check
+CVE-2023-0563 (A vulnerability classified as problematic has been found in
PHPGurukul ...)
+ TODO: check
+CVE-2022-48285 (loadAsync in JSZip before 3.8.0 allows Directory Traversal via
a craft ...)
+ TODO: check
+CVE-2023-0562 (A vulnerability was found in PHPGurukul Bank Locker Management
System ...)
+ TODO: check
CVE-2023-0561 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0560 (A vulnerability, which was classified as critical, has been
found in S ...)
@@ -32,8 +64,8 @@ CVE-2022-48284
RESERVED
CVE-2022-48283
RESERVED
-CVE-2021-4315
- RESERVED
+CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0
and class ...)
+ TODO: check
CVE-2023-24595
RESERVED
CVE-2023-24583
@@ -1386,6 +1418,7 @@ CVE-2023-0435 (Excessive Attack Surface in GitHub
repository pyload/pyload prior
CVE-2022-4895
RESERVED
CVE-2022-48281 (processCropSelections in tools/tiffcrop.c in LibTIFF through
4.5.0 has ...)
+ {DSA-5333-1}
- tiff 4.5.0-4 (bug #1029653)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/488
@@ -5055,6 +5088,7 @@ CVE-2023-22850 (Tiki before 24.1, when the Spreadsheets
feature is enabled, allo
CVE-2021-4307 (A vulnerability was found in Yomguithereal Baobab up to 2.6.0.
It has ...)
NOT-FOR-US: Yomguithereal Baobab
CVE-2020-36646 (A vulnerability classified as problematic has been found in
MediaArea ...)
+ {DLA-3290-1}
- libzen 0.4.39-1
[bullseye] - libzen <no-dsa> (Minor issue)
NOTE: https://github.com/MediaArea/ZenLib/pull/119
@@ -24277,7 +24311,7 @@ CVE-2022-43553 (A remote code execution vulnerability
in EdgeRouters (Version 2.
NOT-FOR-US: EdgeRouters
CVE-2022-43552 [HTTP Proxy deny use-after-free]
RESERVED
- {DSA-5330-1}
+ {DSA-5330-1 DLA-3288-1}
- curl 7.86.0-3 (bug #1026830)
NOTE: https://curl.se/docs/CVE-2022-43552.html
NOTE: Introduced by (telnet):
https://github.com/curl/curl/commit/b7eeb6e67fca686f840eacd6b8394edb58b07482
(curl-7_16_0)
@@ -24563,6 +24597,7 @@ CVE-2022-3637 (A vulnerability has been found in Linux
Kernel and classified as
NOTE: Fixed by:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f
(5.65)
NOTE: Introduced by:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6f02010ce0043ec2e17eb15f2a1dd42f6c64e223
(5.65)
CVE-2022-3636 (A vulnerability, which was classified as critical, was found in
Linux ...)
+ {DSA-5333-1}
- linux <not-affected> (No vulnerable code in any upstream or Debian
released version)
NOTE:
https://git.kernel.org/linus/17a5f6a78dc7b8db385de346092d7d9f9dc24df6
CVE-2022-3635 (A vulnerability, which was classified as critical, has been
found in L ...)
@@ -24600,7 +24635,7 @@ CVE-2022-3628 (A buffer overflow flaw was found in the
Linux kernel Broadcom Ful
[bullseye] - linux 5.10.158-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/29/1
CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in
libtiff/tif ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411
@@ -24691,7 +24726,7 @@ CVE-2022-3601 (The Image Hover Effects Css3 WordPress
plugin through 4.5 does no
CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does
not va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection
in tools ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398
@@ -24701,7 +24736,7 @@ CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write
in extractContigSamplesS
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff
(v4.5.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435
CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in
libtiff/tif ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413
@@ -24903,7 +24938,7 @@ CVE-2022-3572 (A cross-site scripting issue has been
discovered in GitLab CE/EE
CVE-2022-3571
RESERVED
CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff
librar ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff
(v4.5.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/381
@@ -28876,7 +28911,7 @@ CVE-2022-41905 (WsgiDAV is a generic and extendable
WebDAV server based on WSGI.
CVE-2022-41904 (Element iOS is an iOS Matrix client provided by Element. It is
based o ...)
NOT-FOR-US: Element iOS
CVE-2022-41903 (Git is distributed revision control system. `git log` can
display comm ...)
- {DLA-3282-1}
+ {DSA-5332-1 DLA-3282-1}
- git 1:2.39.1-0.1 (bug #1029114)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
NOTE:
https://github.com/git/git/commit/a244dc5b0a629290881641467c7a545de7508ab2
@@ -35490,7 +35525,7 @@ CVE-2022-39261 (Twig is a template language for PHP.
Versions 1.x prior to 1.44.
NOTE:
https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
NOTE:
https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
(v1.44.7, v2.15.3, v3.4.3)
CVE-2022-39260 (Git is an open source, scalable, distributed revision control
system. ...)
- {DLA-3239-1}
+ {DSA-5332-1 DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/[email protected]/T/#u
@@ -35513,7 +35548,7 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client
library, designed according
NOTE:
https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh
NOTE:
https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0
(0.20.0)
CVE-2022-39253 (Git is an open source, scalable, distributed revision control
system. ...)
- {DLA-3239-1}
+ {DSA-5332-1 DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/[email protected]/T/#u
@@ -37335,6 +37370,7 @@ CVE-2022-38668 (HTTP applications (servers) based on
Crow through 1.0+4 may reve
CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may
allow a Us ...)
NOT-FOR-US: CrowCpp
CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection
in tool ...)
+ {DSA-5333-1}
- tiff 4.4.0-6 (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/414
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
@@ -38245,18 +38281,18 @@ CVE-2022-38105 (An information disclosure
vulnerability exists in the cm_process
CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as
problematic ...)
NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to
out of ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c
(v4.4.0rc1)
CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw
that c ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c
(v4.4.0rc1)
CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can
lead to o ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351
@@ -43457,6 +43493,7 @@ CVE-2022-2522 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE:
https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089
(v9.0.0061)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid
pointer free ...)
+ {DSA-5333-1}
- tiff 4.4.0-6 (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/422
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
@@ -43464,6 +43501,7 @@ CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that
there is an invalid pointer
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc
assertion f ...)
+ {DSA-5333-1}
- tiff 4.4.0-6 (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/424
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
@@ -43471,6 +43509,7 @@ CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1.
There is a sysmalloc assert
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
CVE-2022-2519 (There is a double free or corruption in rotateImage() at
tiffcrop.c:88 ...)
+ {DSA-5333-1}
- tiff 4.4.0-6 (unimportant; bug #1024670)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/423
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378
@@ -46577,6 +46616,7 @@ CVE-2022-35254 (An unauthenticated attacker can cause a
denial-of-service to the
CVE-2022-35253
REJECTED
CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S)
server, ...)
+ {DLA-3288-1}
- curl 7.85.0-1 (bug #1018831)
[bullseye] - curl 7.74.0-1.3+deb11u3
NOTE: https://curl.se/docs/CVE-2022-35252.html
@@ -48826,7 +48866,7 @@ CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was
discovered to contain a stac
CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a
command in ...)
NOT-FOR-US: D-Link
CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function
of Tiff ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-4
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990
@@ -52795,19 +52835,19 @@ CVE-2017-20053 (A vulnerability was found in
XYZScripts Contact Form Manager Plu
CVE-2017-20052 (A vulnerability classified as problematic was found in Python
2.7.13. ...)
NOT-FOR-US: pgadmin on Windows
CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows
attackers to ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows
attackers to ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows
attackers to ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
@@ -54828,7 +54868,7 @@ CVE-2022-32222 (A cryptographic vulnerability exists on
Node.js on linux in vers
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222
NOTE:
https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001
CVE-2022-32221 (When doing HTTP(S) transfers, libcurl might erroneously use
the read c ...)
- {DSA-5330-1}
+ {DSA-5330-1 DLA-3288-1}
- curl 7.86.0-1
NOTE: https://curl.se/docs/CVE-2022-32221.html
NOTE: https://github.com/curl/curl/issues/9507
@@ -60511,12 +60551,14 @@ CVE-2022-30335 (Bonanza Wealth Management System
(BWM) 7.3.2 allows SQL injectio
CVE-2022-26041 (Directory traversal vulnerability in RCCMD 4.26 and earlier
allows a r ...)
NOT-FOR-US: RCCMD
CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in
libtif ...)
+ {DSA-5333-1}
- tiff 4.4.0~rc1-1
[buster] - tiff <not-affected> (Vulnerable code introduced later, PoCs
don't trigger)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
(v4.4.0rc1)
NOTE: Introduced by:
https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b
(v4.4.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in
libtif ...)
+ {DSA-5333-1}
- tiff 4.4.0~rc1-1
[buster] - tiff <not-affected> (Vulnerable code introduced later, PoCs
don't trigger)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
(v4.4.0rc1)
@@ -63749,13 +63791,13 @@ CVE-2022-1357 (The affected On-Premise cnMaestro
allows an unauthenticated attac
CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By
default, a ...)
NOT-FOR-US: Cambium Networks cnMaestro
CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in
main() ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.3.0-8 (bug #1011160)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/400
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/323
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2
CVE-2022-1354 (A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c
in TIFFR ...)
- {DLA-3278-1}
+ {DSA-5333-1 DLA-3278-1}
- tiff 4.3.0-7
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
@@ -63993,7 +64035,7 @@ CVE-2022-29189 (Pion DTLS is a Go implementation of
Datagram Transport Layer Sec
CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for
Smokescreen is ...)
NOT-FOR-US: Smokescreen
CVE-2022-29187 (Git is a distributed revision control system. Git prior to
versions 2. ...)
- {DLA-3239-1}
+ {DSA-5332-1 DLA-3239-1}
- git 1:2.37.2-1 (bug #1014848)
NOTE:
https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html
NOTE:
https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688
(v2.30.5)
@@ -68266,7 +68308,7 @@ CVE-2022-27775 (An information disclosure vulnerability
exists in curl 7.65.0 to
NOTE: Introduced by:
https://github.com/curl/curl/commit/2d0e9b40d3237b1450cbbfbcb996da244d964898
(curl-7_65_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705
(curl-7_83_0)
CVE-2022-27774 (An insufficiently protected credentials vulnerability exists
in curl 4 ...)
- {DSA-5197-1}
+ {DSA-5197-1 DLA-3288-1}
- curl 7.83.0-1 (bug #1010254)
NOTE: https://curl.se/docs/CVE-2022-27774.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79
(curl-7_83_0)
@@ -76883,7 +76925,7 @@ CVE-2022-24766 (mitmproxy is an interactive,
SSL/TLS-capable intercepting proxy.
NOTE:
https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3
NOTE:
https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b
(v8.0.0)
CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific
patches. ...)
- {DLA-3239-1}
+ {DSA-5332-1 DLA-3239-1}
- git 1:2.35.2-1
[stretch] - git <no-dsa> (Minor issue)
NOTE:
https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064
(v2.30.3)
@@ -81412,7 +81454,7 @@ CVE-2022-23523 (In versions prior to 0.8.1, the
linux-loader crate uses the offs
CVE-2022-23522
RESERVED
CVE-2022-23521 (Git is distributed revision control system. gitattributes are
a mechan ...)
- {DLA-3282-1}
+ {DSA-5332-1 DLA-3282-1}
- git 1:2.39.1-0.1 (bug #1029114)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4
NOTE:
https://github.com/git/git/commit/eb22e7dfa23da6bd9aed9bd1dad69e1e8e167d24
@@ -149192,6 +149234,7 @@ CVE-2021-23452 (This affects all versions of package
x-assign. The global proto
CVE-2021-23451 (The package otp-generator before 3.0.0 are vulnerable to
Insecure Rand ...)
NOT-FOR-US: Node otp-generator
CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype
Pollution via ...)
+ {DLA-3289-1}
- dojo 1.17.2+dfsg1-1 (bug #1014785)
[bullseye] - dojo 1.15.4+dfsg1-1+deb11u1
NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
@@ -229616,6 +229659,7 @@ CVE-2020-4053 (In Helm greater than or equal to 3.0.0
and less than 3.2.4, a pat
CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site
scripting thro ...)
NOT-FOR-US: Wiki.js
CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to
1.12.0 ...)
+ {DLA-3289-1}
- dojo 1.15.4+dfsg1-1 (bug #970000)
NOTE:
https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
NOTE:
https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8b7cd73ff7669a54890d0c11acda6373084e6c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8b7cd73ff7669a54890d0c11acda6373084e6c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
