From 6cd67bf7587325dd6dc5d6b3061c6ce5d20097ca Mon Sep 17 00:00:00 2001
From: Chris Lamb <lamby@debian.org>
Date: Wed, 22 Jun 2022 07:59:20 +0100
Subject: Triage CVE-2016-10006, CVE-2017-14735, CVE-2021-35043, CVE-2022-28366
 & CVE-2022-28367 in libowasp-antisamy-java for stretch LTS.

---
 data/CVE/list | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/data/CVE/list b/data/CVE/list
index 89d8e347f9..d0a26a5d22 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15691,6 +15691,7 @@ CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on
 	- libowasp-antisamy-java <unfixed> (bug #1010154)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae (v1.6.6)
 	NOTE: Make sure to fix the issue completely and include the commit otherwise opening CVE-2022-29577
 	NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
@@ -15698,6 +15699,7 @@ CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via
 	- libowasp-antisamy-java <unfixed> (bug #1010154)
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/nahsra/antisamy/releases/tag/v1.6.6
 	NOTE: https://github.com/nahsra/antisamy/issues/174
 CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information Disclosure  ...)
@@ -68656,6 +68658,7 @@ CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when
 	- libowasp-antisamy-java <unfixed>
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/nahsra/antisamy/pull/87
 CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...)
 	- python-django <not-affected> (Vulnerable code introduced in 3.1)
@@ -308144,6 +308147,7 @@ CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as de
 	- libowasp-antisamy-java <unfixed>
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/nahsra/antisamy/issues/10
 CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote atta ...)
 	NOT-FOR-US: libbpg
@@ -341891,6 +341895,7 @@ CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafte
 	- libowasp-antisamy-java <unfixed>
 	[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
+	[stretch] - libowasp-antisamy-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/nahsra/antisamy/issues/2
 CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ob ...)
 	NOT-FOR-US: SAP
-- 
cgit v1.2.3