[Git][security-tracker-team/security-tracker][master] Reserve DSA-5196-1
Markus Koschany (@apo)
apo at debian.org
Sun Jul 31 12:16:46 BST 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c1697a1a by Markus Koschany at 2022-07-31T13:16:26+02:00
Reserve DSA-5196-1
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -32208,8 +32208,6 @@ CVE-2022-0656 (The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does
NOT-FOR-US: WordPress plugin
CVE-2022-26520 (** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the ...)
- libpgjava 42.3.3-1
- [bullseye] - libpgjava <no-dsa> (Requires control over connection properties)
- [buster] - libpgjava <no-dsa> (Requires control over connection properties)
[stretch] - libpgjava <no-dsa> (Requires control over connection properties)
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1)
@@ -159977,7 +159975,6 @@ CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPr
NOT-FOR-US: bbPress plugin for WordPress
CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. ...)
- libpgjava 42.2.12-2 (low; bug #962828)
- [buster] - libpgjava <no-dsa> (Minor issue)
[stretch] - libpgjava <no-dsa> (Minor issue)
[jessie] - libpgjava <no-dsa> (Minor issue)
NOTE: https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[31 Jul 2022] DSA-5196-1 libpgjava - security update
+ {CVE-2020-13692 CVE-2022-21724 CVE-2022-26520}
+ [buster] - libpgjava 42.2.5-2+deb10u1
+ [bullseye] - libpgjava 42.2.15-1+deb11u1
[30 Jul 2022] DSA-5195-1 thunderbird - security update
{CVE-2022-36318 CVE-2022-36319}
[buster] - thunderbird 1:91.12.0-1~deb10u1
=====================================
data/dsa-needed.txt
=====================================
@@ -32,10 +32,6 @@ librecad
--
libtirpc
--
-libpgjava (apo)
- NOTE: 20220711: libscram-java is missing in bullseye-security. I am currently
- NOTE: 20220711: waiting for #1014409 being resolved.
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y and v5.10.y versions
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1697a1ab1775747eaf5efa4e260bfcfa02efec9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1697a1ab1775747eaf5efa4e260bfcfa02efec9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220731/36eaca48/attachment.htm>
More information about the debian-security-tracker-commits
mailing list