ALT-BU-2022-6451-1
Branch sisyphus_e2k update bulletin.
Package tesseract updated to version 5.2.0-alt1 for branch sisyphus_e2k.
Closed bugs
Обновить до версии 5.1
Package python3-module-ruamel-yaml updated to version 0.17.21-alt2 for branch sisyphus_e2k.
Closed bugs
Устаревшая ссылка на домашнюю страницу
Package python3-module-zope.contenttype updated to version 4.5.0-alt3 for branch sisyphus_e2k.
Closed bugs
Изменения в релизе 4.5.0-alt2 ломают сборку (тесты) zope.server
Package python3-module-django updated to version 3.2.15-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2022-04199
Уязвимость функции Trunc/Extract фреймворка для веб-разработки Django, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://groups.google.com/forum/#%21forum/django-announce
- FEDORA-2023-8fed428c5e
- FEDORA-2023-8fed428c5e
- FEDORA-2023-a53ab7c969
- FEDORA-2023-a53ab7c969
- https://security.netapp.com/advisory/ntap-20220818-0006/
- https://security.netapp.com/advisory/ntap-20220818-0006/
- DSA-5254
- DSA-5254
- https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
- https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
Modified: 2024-11-21
CVE-2022-36359
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.
- [oss-security] 20220803 Django: CVE-2022-36359: Potential reflected file download vulnerability in FileResponse.
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://groups.google.com/g/django-announce/c/8cz--gvaJr4
- FEDORA-2023-8fed428c5e
- FEDORA-2023-a53ab7c969
- https://security.netapp.com/advisory/ntap-20220915-0008/
- DSA-5254
- https://www.djangoproject.com/weblog/2022/aug/03/security-releases/
- [oss-security] 20220803 Django: CVE-2022-36359: Potential reflected file download vulnerability in FileResponse.
- https://www.djangoproject.com/weblog/2022/aug/03/security-releases/
- DSA-5254
- https://security.netapp.com/advisory/ntap-20220915-0008/
- FEDORA-2023-a53ab7c969
- FEDORA-2023-8fed428c5e
- https://groups.google.com/g/django-announce/c/8cz--gvaJr4
- https://docs.djangoproject.com/en/4.0/releases/security/
Package gimagereader updated to version 3.4.0-alt3 for branch sisyphus_e2k.
Closed bugs
Некорректная работа со сканером МФУ Inc. f+ imaging M60ade
Package wireshark updated to version 3.6.8-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-3190
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json
- https://gitlab.com/wireshark/wireshark/-/issues/18307
- https://gitlab.com/wireshark/wireshark/-/issues/18307
- FEDORA-2022-9d4aa8a486
- FEDORA-2022-9d4aa8a486
- FEDORA-2022-1f2fbb087e
- FEDORA-2022-1f2fbb087e
- https://www.wireshark.org/security/wnpa-sec-2022-06.html
- https://www.wireshark.org/security/wnpa-sec-2022-06.html