[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-22570/protobuf: stretch postponed

Sylvain Beucler (@beuc) beuc at debian.org
Sat Feb 5 21:26:57 GMT 2022 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c7a6723 by Sylvain Beucler at 2022-02-05T22:00:32+01:00
CVE-2021-22570/protobuf: stretch postponed

- - - - -
0fdbc15a by Sylvain Beucler at 2022-02-05T22:23:07+01:00
dla: add libphp-adodb

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -70998,6 +70998,7 @@ CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbo
 	- protobuf <unfixed>
 	[bullseye] - protobuf <no-dsa> (Minor issue)
 	[buster] - protobuf <no-dsa> (Minor issue)
+	[stretch] - protobuf <postponed> (Minor issue; clean crash / Dos; patch needs to be isolated)
 	NOTE: Fixed upstream in v3.15.0: https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
 CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...)
 	[experimental] - protobuf 3.19.3-1


=====================================
data/dla-needed.txt
=====================================
@@ -70,6 +70,9 @@ openjdk-8 (Emilio)
 pgbouncer
   NOTE: 20220104: maintainer might want to upload fixed version
 --
+libphp-adodb
+  NOTE: 20220205: cf. huntr.dev link at mitre for impact on e.g. phppgadmin (Beuc)
+--
 pjproject (Abhijith PA)
   NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fc7e18604cc802f13e4ba9e459c07a69a67584aa...0fdbc15acc4aac4ce33e993d332b53bae4bc1ae5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fc7e18604cc802f13e4ba9e459c07a69a67584aa...0fdbc15acc4aac4ce33e993d332b53bae4bc1ae5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220205/926d53eb/attachment.htm>

More information about the debian-security-tracker-commits mailing list