diff options
| author | Tobias Frost <tobi@debian.org> | 2023-07-02 18:54:45 +0200 |
|---|---|---|
| committer | Tobias Frost <tobi@debian.org> | 2023-07-02 18:54:45 +0200 |
| commit | 4ca70a328445d5dbfe035198a3e3a680c3660f9d (patch) | |
| tree | 7245e8efa3a6abbce0287c4893538ad922e0a73b | |
| parent | 787f91d43baff9798ed5c3f6cab8e1e00212d451 (diff) | |
Triage packages with embedded code copies of yajl for CVE-2022-24795, CVE-2017-16516 and CVE-2023-33460
| -rw-r--r-- | data/CVE/list | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 18a135a320..cb59212df1 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2815,6 +2815,10 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse - ruby-yajl <unfixed> [bookworm] - ruby-yajl <no-dsa> (Minor issue) [bullseye] - ruby-yajl <no-dsa> (Minor issue) + - argyll <unfixed> (bug #1040151) + - collada2gltf <unfixed> (bug #1040153) + - lnav <unfixed> + - r-cran-jsonlite <unfixed> CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...) NOT-FOR-US: Sogou Workflow CVE-2023-33381 (A command injection vulnerability was found in the ping functionality ...) @@ -104246,6 +104250,14 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation [buster] - ruby-yajl <no-dsa> (Minor issue) [stretch] - ruby-yajl <no-dsa> (Minor issue) - yajl <unfixed> (bug #1040036) + - burp <unfixed> (bug #1040146) + - crun <unfixed> (bug #1040147) + - argyll <unfixed> (bug #1040150) + - collada2gltf <unfixed> (bug #1040153) + - epics-base <unfixed> (bug #1040159) + - lnav <unfixed> (bug #1040160) + - r-cran-jsonlite <unfixed> (bug #1040161) + - whitedb 0.7.3+git211004+dfsg-1 NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6 NOTE: https://github.com/brianmario/yajl-ruby/commit/e8de283a6d64f0902740fd09e858fc3d7d803161 @@ -381972,6 +381984,14 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is [stretch] - ruby-yajl <no-dsa> (Minor issue) [jessie] - ruby-yajl <no-dsa> (Minor issue) - yajl <unfixed> (bug #1040036) + - burp <unfixed> (bug #1040146) + - crun <unfixed> (bug #1040147) + - argyll <unfixed> (bug #1040150) + - collada2gltf <unfixed> (bug #1040153) + - epics-base <unfixed> (bug #1040159) + - lnav <unfixed> (bug #1040160) + - r-cran-jsonlite <unfixed> (bug #1040161) + - whitedb 0.7.3+git211004+dfsg-1 NOTE: https://github.com/brianmario/yajl-ruby/issues/176 NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce NOTE: yail: https://github.com/lloyd/yajl/issues/248 |