diff options
author | Tobias Frost <tobi@debian.org> | 2023-07-02 19:20:51 +0200 |
---|---|---|
committer | Tobias Frost <tobi@debian.org> | 2023-07-02 19:20:51 +0200 |
commit | 0b62bb6d33a363aa944bd57340ce342914ef3088 (patch) | |
tree | 1fdf282ed2271e8ecbc9b0251c50bac0506030e2 | |
parent | 4ca70a328445d5dbfe035198a3e3a680c3660f9d (diff) |
xqilla also embeds yajl, is vulnerable to CVE-2017-16516 and CVE-2022-24795.
-rw-r--r-- | data/CVE/list | 2 | ||||
-rw-r--r-- | data/embedded-code-copies | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index cb59212df1..fcc28338c8 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -104258,6 +104258,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation - lnav <unfixed> (bug #1040160) - r-cran-jsonlite <unfixed> (bug #1040161) - whitedb 0.7.3+git211004+dfsg-1 + - xqilla <unfixed> (bug #1040164) NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6 NOTE: https://github.com/brianmario/yajl-ruby/commit/e8de283a6d64f0902740fd09e858fc3d7d803161 @@ -381992,6 +381993,7 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is - lnav <unfixed> (bug #1040160) - r-cran-jsonlite <unfixed> (bug #1040161) - whitedb 0.7.3+git211004+dfsg-1 + - xqilla <unfixed> (bug #1040164) NOTE: https://github.com/brianmario/yajl-ruby/issues/176 NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce NOTE: yail: https://github.com/lloyd/yajl/issues/248 diff --git a/data/embedded-code-copies b/data/embedded-code-copies index a7bf098663..68601c9dd8 100644 --- a/data/embedded-code-copies +++ b/data/embedded-code-copies @@ -1271,6 +1271,7 @@ yajl - r-cran-jsonlite <unfixed> (embed; bug #1039082) - ruby-yajl <unfixed> (embed; bug #881142) - whitedb 0.7.3+git211004+dfsg-1 (embed; bugĀ #1039088) + - xqilla <unfixed> (embed; bug #1040163) nusoap - gforge 4.8.2-1 (embed) |