[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-26520,libpgjava: Mark as no-dsa for all distributions.

Markus Koschany (@apo) apo at debian.org
Fri May 20 21:37:24 BST 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05096d60 by Markus Koschany at 2022-05-20T22:36:30+02:00
CVE-2022-26520,libpgjava: Mark as no-dsa for all distributions.

This issue requires access to connection properties only authenticated users
should have. Upstream does not consider this to be a security vulnerability
with the driver, instead application developers must take care of validating
the contents of any JDBC URLs.

Just removing the loggerFile and loggerLevel connection properties may break
existing applications. This should be tested in unstable and testing first.

- - - - -
04975803 by Markus Koschany at 2022-05-20T22:37:18+02:00
Reserve DLA-3018-1 for libpgjava

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 May 2022] DLA-3018-1 libpgjava - security update
+	{CVE-2022-21724}
+	[stretch] - libpgjava 9.4.1212-1+deb9u1
 [20 May 2022] DLA-3017-1 openldap - security update
 	{CVE-2022-29155}
 	[stretch] - openldap 2.4.44+dfsg-5+deb9u9


=====================================
data/dla-needed.txt
=====================================
@@ -88,9 +88,6 @@ liblouis
   NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo,
   NOTE: 20220503: Patch not applied upstream yet.
 --
-libpgjava (Markus Koschany)
-  NOTE: 20220520: Still running a few tests with r-deps. (apo)
---
 libvirt (Thorsten Alteholz)
   NOTE: 20220508: testing package
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/015e54390e4402a9b4a9516f65ff48dce35edb2c...04975803dd8671923663f7866f3ed8cfa1c0b9b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/015e54390e4402a9b4a9516f65ff48dce35edb2c...04975803dd8671923663f7866f3ed8cfa1c0b9b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220520/87592691/attachment.htm>

More information about the debian-security-tracker-commits mailing list