[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2022-3715 as no-dsa for Buster

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Nov 20 23:21:02 GMT 2022



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4eb2e58e by Thorsten Alteholz at 2022-11-20T23:54:54+01:00
mark CVE-2022-3715 as no-dsa for Buster

- - - - -
62a0cddc by Thorsten Alteholz at 2022-11-21T00:04:10+01:00
add net-snmp

- - - - -
0600dd09 by Thorsten Alteholz at 2022-11-21T00:06:21+01:00
update note

- - - - -
a18c884a by Thorsten Alteholz at 2022-11-21T00:10:46+01:00
add xdg-utils

- - - - -
06d262e2 by Thorsten Alteholz at 2022-11-21T00:13:20+01:00
add xfce4-settings

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7159,6 +7159,7 @@ CVE-2022-3716 (A vulnerability classified as problematic was found in SourceCode
 CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform]
 	RESERVED
 	- bash <unfixed>
+	[buster] - bash <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126720
 	NOTE: https://lists.gnu.org/archive/html/bug-bash/2022-08/msg00147.html
 CVE-2022-3714 (A vulnerability classified as critical has been found in SourceCodeste ...)


=====================================
data/dla-needed.txt
=====================================
@@ -168,6 +168,9 @@ multipath-tools
   NOTE: 20221029: Programming language: C.
   NOTE: 20221029: Special attention: root privilege escalation.
 --
+net-snmp
+  NOTE: 20221120: Programming language: C.
+--
 netatalk
   NOTE: 20220816: Programming language: C.
   NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor)
@@ -246,6 +249,7 @@ nodejs
 ntfs-3g (Thorsten Alteholz)
   NOTE: 20221031: Programming language: C.
   NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/ntfs-3g.git
+  NOTE: 20221120: testing package
 --
 openexr
   NOTE: 20220904: Programming language: C++.
@@ -353,6 +357,13 @@ vim (Helmut)
 virglrenderer (Thorsten Alteholz)
   NOTE: 20221009: Programming language: C.
 --
+xdg-utils
+  NOTE: 20221120: Programming language: C.
+  NOTE: 20221120: no real fix yet
+--
+xfce4-settings
+  NOTE: 20221120: Programming language: C.
+--
 zabbix
   NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0e7a85bc471363bc7f98d615d2ddf1f69fc2308...06d262e2f5a86c85bcd4d2c292a9c38addf682d5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0e7a85bc471363bc7f98d615d2ddf1f69fc2308...06d262e2f5a86c85bcd4d2c292a9c38addf682d5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221120/a9e796b4/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list