summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Lamb <lamby@debian.org>2022-06-22 07:59:20 +0100
committerChris Lamb <lamby@debian.org>2022-06-22 07:59:20 +0100
commit6cd67bf7587325dd6dc5d6b3061c6ce5d20097ca (patch)
treedb55859451e3aa56804b43a0c0a8edbe9113b7fe
parent0bef15d44ae25ef31b6ae5183038351d5ef3da5e (diff)
Triage CVE-2016-10006, CVE-2017-14735, CVE-2021-35043, CVE-2022-28366 & CVE-2022-28367 in libowasp-antisamy-java for stretch LTS.
-rw-r--r--data/CVE/list5
1 files changed, 5 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 89d8e347f9..d0a26a5d22 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15691,6 +15691,7 @@ CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on
- libowasp-antisamy-java <unfixed> (bug #1010154)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae (v1.6.6)
NOTE: Make sure to fix the issue completely and include the commit otherwise opening CVE-2022-29577
NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
@@ -15698,6 +15699,7 @@ CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via
- libowasp-antisamy-java <unfixed> (bug #1010154)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/releases/tag/v1.6.6
NOTE: https://github.com/nahsra/antisamy/issues/174
CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information Disclosure ...)
@@ -68656,6 +68658,7 @@ CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when
- libowasp-antisamy-java <unfixed>
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/pull/87
CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...)
- python-django <not-affected> (Vulnerable code introduced in 3.1)
@@ -308144,6 +308147,7 @@ CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as de
- libowasp-antisamy-java <unfixed>
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/issues/10
CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote atta ...)
NOT-FOR-US: libbpg
@@ -341891,6 +341895,7 @@ CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafte
- libowasp-antisamy-java <unfixed>
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+ [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
NOTE: https://github.com/nahsra/antisamy/issues/2
CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ob ...)
NOT-FOR-US: SAP

© 2014-2024 Faster IT GmbH | imprint | privacy policy