[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2022-3715 as no-dsa for Buster
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Sun Nov 20 23:21:02 GMT 2022
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4eb2e58e by Thorsten Alteholz at 2022-11-20T23:54:54+01:00
mark CVE-2022-3715 as no-dsa for Buster
- - - - -
62a0cddc by Thorsten Alteholz at 2022-11-21T00:04:10+01:00
add net-snmp
- - - - -
0600dd09 by Thorsten Alteholz at 2022-11-21T00:06:21+01:00
update note
- - - - -
a18c884a by Thorsten Alteholz at 2022-11-21T00:10:46+01:00
add xdg-utils
- - - - -
06d262e2 by Thorsten Alteholz at 2022-11-21T00:13:20+01:00
add xfce4-settings
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7159,6 +7159,7 @@ CVE-2022-3716 (A vulnerability classified as problematic was found in SourceCode
CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform]
RESERVED
- bash <unfixed>
+ [buster] - bash <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126720
NOTE: https://lists.gnu.org/archive/html/bug-bash/2022-08/msg00147.html
CVE-2022-3714 (A vulnerability classified as critical has been found in SourceCodeste ...)
=====================================
data/dla-needed.txt
=====================================
@@ -168,6 +168,9 @@ multipath-tools
NOTE: 20221029: Programming language: C.
NOTE: 20221029: Special attention: root privilege escalation.
--
+net-snmp
+ NOTE: 20221120: Programming language: C.
+--
netatalk
NOTE: 20220816: Programming language: C.
NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor)
@@ -246,6 +249,7 @@ nodejs
ntfs-3g (Thorsten Alteholz)
NOTE: 20221031: Programming language: C.
NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/ntfs-3g.git
+ NOTE: 20221120: testing package
--
openexr
NOTE: 20220904: Programming language: C++.
@@ -353,6 +357,13 @@ vim (Helmut)
virglrenderer (Thorsten Alteholz)
NOTE: 20221009: Programming language: C.
--
+xdg-utils
+ NOTE: 20221120: Programming language: C.
+ NOTE: 20221120: no real fix yet
+--
+xfce4-settings
+ NOTE: 20221120: Programming language: C.
+--
zabbix
NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too.
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0e7a85bc471363bc7f98d615d2ddf1f69fc2308...06d262e2f5a86c85bcd4d2c292a9c38addf682d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0e7a85bc471363bc7f98d615d2ddf1f69fc2308...06d262e2f5a86c85bcd4d2c292a9c38addf682d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221120/a9e796b4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list