[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-32149: fix buster package name

Fri Nov 11 11:58:37 GMT 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ebeb330 by Sylvain Beucler at 2022-11-11T12:55:46+01:00
CVE-2022-32149: fix buster package name

- - - - -
c196c055 by Sylvain Beucler at 2022-11-11T12:56:36+01:00
CVE-2022-3821/systemd: buster postponed

- - - - -
6c119973 by Sylvain Beucler at 2022-11-11T12:57:38+01:00
CVE-2022-45063/xterm: buster postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -216,6 +216,7 @@ CVE-2022-3909
 CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g., because an  ...)
 	- xterm 375-1
 	[bullseye] - xterm <no-dsa> (Minor issue; mitigated by default in Debian)
+	[buster] - xterm <postponed> (Minor issue; mitigated by default in Debian)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/11/10/1
 	NOTE: Debian sets defaults for allowWindowOps and allowFontOps resources to false since
 	NOTE: 238-1, mitigating the issue.
@@ -2408,6 +2409,7 @@ CVE-2022-3822
 CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...)
 	- systemd 251.3-1
 	[bullseye] - systemd <no-dsa> (Minor issue)
+	[buster] - systemd <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139327
 	NOTE: https://github.com/systemd/systemd/issues/23928
 	NOTE: https://github.com/systemd/systemd/pull/23933
@@ -36864,8 +36866,8 @@ CVE-2022-32150
 	RESERVED
 CVE-2022-32149 (An attacker may cause a denial of service by crafting an Accept-Langua ...)
 	- golang-golang-x-text 0.3.8-1 (bug #1021785)
-	[buster] - golang-golang-x-text <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases (renamed package))
 	- golang-x-text <removed>
+	[buster] - golang-x-text <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases (renamed package))
 	NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU
 	NOTE: https://go.dev/issue/56152
 	NOTE: https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fea4d7f9f38f203364dfb0401cef272a94a55a86...6c119973e728f65bbc93e3ae24b35dc693d0f5e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fea4d7f9f38f203364dfb0401cef272a94a55a86...6c119973e728f65bbc93e3ae24b35dc693d0f5e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221111/c8d8bbfb/attachment.htm>
