[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2022-26635 as no-dsa

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Apr 10 23:28:54 BST 2022 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
580acc50 by Thorsten Alteholz at 2022-04-11T00:28:39+02:00
mark CVE-2022-26635 as no-dsa

- - - - -
c40f2ec6 by Thorsten Alteholz at 2022-04-11T00:28:40+02:00
mark CVE-2022-24795 as no-dsa for Stretch

- - - - -
f16f10f4 by Thorsten Alteholz at 2022-04-11T00:28:40+02:00
add twisted

- - - - -
e106af23 by Thorsten Alteholz at 2022-04-11T00:28:40+02:00
update notes

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6047,6 +6047,7 @@ CVE-2022-26636
 	RESERVED
 CVE-2022-26635 (PHP-Memcached v2.2.0 and below contains an improper NULL termination w ...)
 	- php-memcached <unfixed>
+	[stretch] - php-memcached <no-dsa> (Minor issue)
 	NOTE: https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/
 CVE-2022-26634
 	RESERVED
@@ -11058,6 +11059,7 @@ CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for ru
 	NOT-FOR-US: RaspberryMatic
 CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...)
 	- ruby-yajl <unfixed>
+	[stretch] - ruby-yajl <no-dsa> (Minor issue)
 	NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
 	NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6
 CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...)


=====================================
data/dla-needed.txt
=====================================
@@ -74,7 +74,7 @@ kvmtool
   NOTE: 20220402: CVE-2021-45464 looks critical, check with upstream for acknowledgments/fixes (Beuc)
 --
 libarchive (Thorsten Alteholz)
-  NOTE: 20220327: next round of testing
+  NOTE: 20220410: still testing
 --
 liblouis
   NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
@@ -83,6 +83,7 @@ liblouis
 libpgjava
 --
 libvirt (Thorsten Alteholz)
+  NOTE: 20220410: wait for upload in newer releases
 --
 libz-mingw-w64
   NOTE: 20220231: upcoming DSA (Beuc)
@@ -150,6 +151,8 @@ tiff (Utkarsh)
 twig
   NOTE: 20220402: cf. DSA-5107-1; similar code in lib/Twig/Extension/Core.php (Beuc)
 --
+twisted
+--
 unzip
   NOTE: 20220319: no patches yet but reproducible (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68604087422ab8691faad90c869bfbfc4434dda...e106af23a9f40c611f8902f84ff14ca8bc1db7b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68604087422ab8691faad90c869bfbfc4434dda...e106af23a9f40c611f8902f84ff14ca8bc1db7b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220410/c22deb60/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list