[Git][security-tracker-team/security-tracker][master] CVE-2022-26520,libpgjava: Mark as no-dsa for all distributions.

Markus Koschany (@apo) apo at debian.org
Fri May 20 21:40:03 BST 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16648b3a by Markus Koschany at 2022-05-20T22:39:23+02:00
CVE-2022-26520,libpgjava: Mark as no-dsa for all distributions.

This issue requires access to connection properties only authenticated users
should have. Upstream does not consider this to be a security vulnerability
with the driver, instead application developers must take care of validating
the contents of any JDBC URLs.

Just removing the loggerFile and loggerLevel connection properties may
break existing applications. This should be tested in unstable and testing
first.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16642,6 +16642,9 @@ CVE-2022-0656 (The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does
 	NOT-FOR-US: WordPress plugin
 CVE-2022-26520 (** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the  ...)
 	- libpgjava 42.3.3-1
+	[bullseye] - libpgjava <no-dsa> (Requires control over connection properties)
+	[buster] - libpgjava <no-dsa> (Requires control over connection properties)
+	[stretch] - libpgjava <no-dsa> (Requires control over connection properties)
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
 	NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1)
 CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16648b3afe726f68b648eb6dc2fdb63458f19343

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16648b3afe726f68b648eb6dc2fdb63458f19343
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220520/ceda72e3/attachment.htm>

More information about the debian-security-tracker-commits mailing list