diff options
author | Tobias Frost <tobi@debian.org> | 2023-07-02 14:19:35 +0200 |
---|---|---|
committer | Tobias Frost <tobi@debian.org> | 2023-07-02 14:19:51 +0200 |
commit | 7ec6a44396fc0dd7b55c6aba203671e30b313638 (patch) | |
tree | 8a8ed2be5341e7816d50bd62f59c2bd49b38b789 | |
parent | 792006c2c0cd9d37ec27396921f28b90417eff7f (diff) |
CVE-2022-24795 and CVE-2017-16516 also affects yajl.
-rw-r--r-- | data/CVE/list | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index f28e6517a7..8b94cd8259 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -104245,9 +104245,11 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation [bullseye] - ruby-yajl <no-dsa> (Minor issue) [buster] - ruby-yajl <no-dsa> (Minor issue) [stretch] - ruby-yajl <no-dsa> (Minor issue) + - yajl 1.0.5.dfsg-1 (bug #1040036) NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6 NOTE: https://github.com/brianmario/yajl-ruby/commit/e8de283a6d64f0902740fd09e858fc3d7d803161 + NOTE: https://github.com/lloyd/yajl/issues/239 CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...) NOT-FOR-US: Express OpenID Connect CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...) @@ -381969,8 +381971,10 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is - ruby-yajl 1.2.0-3.1 (low; bug #880691) [stretch] - ruby-yajl <no-dsa> (Minor issue) [jessie] - ruby-yajl <no-dsa> (Minor issue) + - yajl 1.0.5.dfsg-1 (bug #1040036) NOTE: https://github.com/brianmario/yajl-ruby/issues/176 NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce + NOTE: yail: https://github.com/lloyd/yajl/issues/248 CVE-2017-16515 RESERVED CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities ...) |