[Git][security-tracker-team/security-tracker][master] Mark apache2 issues as no-dsa

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 11 21:00:50 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f336bfa8 by Salvatore Bonaccorso at 2022-06-11T22:00:23+02:00
Mark apache2 issues as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2794,6 +2794,8 @@ CVE-2022-1946
 	RESERVED
 CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...)
 	- apache2 2.4.54-1 (bug #1012513)
+	[bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
+	[buster] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/8
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813
 CVE-2022-31812
@@ -6456,6 +6458,8 @@ CVE-2022-30594 (The Linux kernel before 5.17.2 mishandles seccomp permissions. T
 	NOTE: https://git.kernel.org/linus/ee1fee900537b5d9560e9f937402de5ddc8412f3 (5.18-rc1)
 CVE-2022-30556 (Apache HTTP Server 2.4.53 and earlier may return lengths to applicatio ...)
 	- apache2 2.4.54-1 (bug #1012513)
+	[bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
+	[buster] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/7
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556
 CVE-2022-30555
@@ -6635,6 +6639,8 @@ CVE-2022-30523 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and b
 	NOT-FOR-US: Trend Micro
 CVE-2022-30522 (If Apache HTTP Server 2.4.53 is configured to do transformations with  ...)
 	- apache2 2.4.54-1 (bug #1012513)
+	[bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
+	[buster] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/6
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522
 CVE-2022-1642
@@ -12136,10 +12142,14 @@ CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was di
 	NOT-FOR-US: HPE OneView
 CVE-2022-28615 (Apache HTTP Server 2.4.53 and earlier may crash or disclose informatio ...)
 	- apache2 2.4.54-1 (bug #1012513)
+	[bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
+	[buster] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/9
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615
 CVE-2022-28614 (The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may  ...)
 	- apache2 2.4.54-1 (bug #1012513)
+	[bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
+	[buster] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/4
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614
 CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU5 ...)
@@ -18620,6 +18630,8 @@ CVE-2022-26378
 	RESERVED
 CVE-2022-26377 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...)
 	- apache2 2.4.54-1 (bug #1012513)
+	[bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
+	[buster] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/2
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377
 CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so DemuxCmdIn ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f336bfa8dbe2cfd6178cbaf4df5ee6bdc1384b47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f336bfa8dbe2cfd6178cbaf4df5ee6bdc1384b47
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220611/0c2f6732/attachment.htm>

More information about the debian-security-tracker-commits mailing list