[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3171/protobuf
László Böszörményi (@gcs)
gcs at debian.org
Thu Oct 6 20:36:49 BST 2022
László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker
Commits:
22cdd6b0 by Laszlo Boszormenyi (GCS) at 2022-10-06T21:35:49+02:00
Add CVE-2022-3171/protobuf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5018,8 +5018,11 @@ CVE-2022-3172
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
-CVE-2022-3171
+CVE-2022-3171 [potential denial of service issue in the Java Protobuf runtime]
RESERVED
+ [experimental] - protobuf 3.27.1-1
+ - protobuf <unfixed>
+ NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125879
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22cdd6b06d5918b4e315469217ac8f8d05beb9da
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22cdd6b06d5918b4e315469217ac8f8d05beb9da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221006/5b0571ac/attachment.htm>
More information about the debian-security-tracker-commits
mailing list