diff options
author | Chris Lamb <lamby@debian.org> | 2022-06-22 07:59:20 +0100 |
---|---|---|
committer | Chris Lamb <lamby@debian.org> | 2022-06-22 07:59:20 +0100 |
commit | 6cd67bf7587325dd6dc5d6b3061c6ce5d20097ca (patch) | |
tree | db55859451e3aa56804b43a0c0a8edbe9113b7fe | |
parent | 0bef15d44ae25ef31b6ae5183038351d5ef3da5e (diff) |
Triage CVE-2016-10006, CVE-2017-14735, CVE-2021-35043, CVE-2022-28366 & CVE-2022-28367 in libowasp-antisamy-java for stretch LTS.
-rw-r--r-- | data/CVE/list | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 89d8e347f9..d0a26a5d22 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -15691,6 +15691,7 @@ CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on - libowasp-antisamy-java <unfixed> (bug #1010154) [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue) [buster] - libowasp-antisamy-java <no-dsa> (Minor issue) + [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue) NOTE: https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae (v1.6.6) NOTE: Make sure to fix the issue completely and include the commit otherwise opening CVE-2022-29577 NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7) @@ -15698,6 +15699,7 @@ CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via - libowasp-antisamy-java <unfixed> (bug #1010154) [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue) [buster] - libowasp-antisamy-java <no-dsa> (Minor issue) + [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue) NOTE: https://github.com/nahsra/antisamy/releases/tag/v1.6.6 NOTE: https://github.com/nahsra/antisamy/issues/174 CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information Disclosure ...) @@ -68656,6 +68658,7 @@ CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when - libowasp-antisamy-java <unfixed> [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue) [buster] - libowasp-antisamy-java <no-dsa> (Minor issue) + [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue) NOTE: https://github.com/nahsra/antisamy/pull/87 CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...) - python-django <not-affected> (Vulnerable code introduced in 3.1) @@ -308144,6 +308147,7 @@ CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as de - libowasp-antisamy-java <unfixed> [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue) [buster] - libowasp-antisamy-java <no-dsa> (Minor issue) + [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue) NOTE: https://github.com/nahsra/antisamy/issues/10 CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote atta ...) NOT-FOR-US: libbpg @@ -341891,6 +341895,7 @@ CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafte - libowasp-antisamy-java <unfixed> [bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue) [buster] - libowasp-antisamy-java <no-dsa> (Minor issue) + [stretch] - libowasp-antisamy-java <no-dsa> (Minor issue) NOTE: https://github.com/nahsra/antisamy/issues/2 CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ob ...) NOT-FOR-US: SAP |