[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-32149/golang-golang-x-text: buster postponed

Sylvain Beucler (@beuc) beuc at debian.org
Fri Nov 11 09:43:58 GMT 2022 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27948f86 by Sylvain Beucler at 2022-11-11T10:43:38+01:00
CVE-2022-32149/golang-golang-x-text: buster postponed

- - - - -
aa2075b8 by Sylvain Beucler at 2022-11-11T10:43:39+01:00
CVE-2022-3275/puppet-module-puppetlabs-apt: buster postponed

- - - - -
f8ef1b71 by Sylvain Beucler at 2022-11-11T10:43:39+01:00
dla: add libstb

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12657,6 +12657,7 @@ CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module prio
 CVE-2022-3275 (Command injection is possible in the puppetlabs-apt module prior to ve ...)
 	- puppet-module-puppetlabs-apt <unfixed> (bug #1023625)
 	[bullseye] - puppet-module-puppetlabs-apt <no-dsa> (Minor issue)
+	[buster] - puppet-module-puppetlabs-apt <postponed> (Minor issue, rare condition, follow buster status)
 	NOTE: https://puppet.com/security/cve/CVE-2022-3275
 	NOTE: https://github.com/puppetlabs/puppetlabs-apt/commit/c26ad2a54f318b4d6fbe55f837b00cd6afd9f1eb (v9.0.0)
 CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
@@ -36863,6 +36864,7 @@ CVE-2022-32150
 	RESERVED
 CVE-2022-32149 (An attacker may cause a denial of service by crafting an Accept-Langua ...)
 	- golang-golang-x-text 0.3.8-1 (bug #1021785)
+	[buster] - golang-golang-x-text <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases (renamed package))
 	- golang-x-text <removed>
 	NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU
 	NOTE: https://go.dev/issue/56152


=====================================
data/dla-needed.txt
=====================================
@@ -135,6 +135,9 @@ libde265
 libreoffice
   NOTE: 20221012: Programming language: C++.
 --
+libstb
+  NOTE: 20221111: Programming language: C.
+--
 linux (Ben Hutchings)
 --
 man2html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1a7adcf093a16eb24c9e808d034cf0fcef7418e8...f8ef1b71af7c159c5a39d9672fcbbcc79ed8fc93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1a7adcf093a16eb24c9e808d034cf0fcef7418e8...f8ef1b71af7c159c5a39d9672fcbbcc79ed8fc93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221111/67008444/attachment.htm>

More information about the debian-security-tracker-commits mailing list