[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2022-1586 & CVE-2022-1587 in pcre2 for stretch LTS.

Chris Lamb (@lamby) lamby at debian.org
Thu Jun 23 07:53:10 BST 2022 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbbc1254 by Chris Lamb at 2022-06-23T07:51:30+01:00
Triage CVE-2022-1586 & CVE-2022-1587 in pcre2 for stretch LTS.

- - - - -
8455b6ad by Chris Lamb at 2022-06-23T07:52:35+01:00
data/dla-needed.txt: Triage ntfs-3g for stretch LTS (CVE-2021-46790)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -10704,11 +10704,13 @@ CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 l
 	- pcre2 10.40-1 (bug #1011954)
 	[bullseye] - pcre2 <no-dsa> (Minor issue)
 	[buster] - pcre2 <no-dsa> (Minor issue)
+	[stretch] - pcre2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 (pcre2-10.40)
 CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
 	- pcre2 10.40-1 (bug #1011954)
 	[bullseye] - pcre2 <no-dsa> (Minor issue)
 	[buster] - pcre2 <no-dsa> (Minor issue)
+	[stretch] - pcre2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40)
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c (pcre2-10.40)
 CVE-2022-1585


=====================================
data/dla-needed.txt
=====================================
@@ -191,6 +191,10 @@ ncurses (Thorsten Alteholz)
 netatalk
   NOTE: 20220616: Programming language: C.
 --
+ntfs-3g
+  NOTE: 20220623: Check whether this was included in DLA-3055-1 (released 2022-06-21)
+  NOTE: 20220623: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9da6b34ff94123c04dd9dedfba3702d0ddef7fcb#note_314091
+--
 nvidia-cuda-toolkit
   NOTE: 20220529: Programming language: C.
   NOTE: 20220331: package is in non-free but also in packages-to-support (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a7ef5eba39f93bd3915f34b3f006e6ee10df4cc8...8455b6ad878b5a062571be831a9766de63b6ed0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a7ef5eba39f93bd3915f34b3f006e6ee10df4cc8...8455b6ad878b5a062571be831a9766de63b6ed0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220623/1cf15dbd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list