[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-3559,exim4: Buster is no-dsa

Markus Koschany (@apo) apo at debian.org
Thu Oct 27 00:45:27 BST 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55992668 by Markus Koschany at 2022-10-27T01:45:13+02:00
CVE-2022-3559,exim4: Buster is no-dsa

Minor issue

- - - - -
d4bff1a2 by Markus Koschany at 2022-10-27T01:45:13+02:00
Claim batik in dla-needed.txt

- - - - -
a7294d3b by Markus Koschany at 2022-10-27T01:45:14+02:00
CVE-2021-46848,libtasn1-6: Buster is no-dsa

Minor issue

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -653,6 +653,7 @@ CVE-2021-46849 (pikepdf before 2.10.0 allows an XXE attack against PDF XMP metad
 	TODO: check
 CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...)
 	- libtasn1-6 4.19.0-2
+	[buster] - libtasn1-6 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 (v4.19.0)
 	NOTE: https://gitlab.com/gnutls/libtasn1/-/issues/32
 CVE-2021-46847
@@ -2346,6 +2347,7 @@ CVE-2022-3560
 CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic. This  ...)
 	- exim4 4.96-4
 	[bullseye] - exim4 <no-dsa> (Minor issue)
+	[buster] - exim4 <no-dsa> (Minor issue)
 	NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
 CVE-2022-3558
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -20,6 +20,9 @@ asterisk (Markus Koschany)
   NOTE: 20221002: Done. Will ask for a public review tomorrow though. (apo)
   NOTE: 20221018: https://lists.debian.org/debian-lts/2022/10/msg00037.html
 --
+batik (Markus Koschany)
+  NOTE: 20221027: Programming language: Java.
+--
 clickhouse
   NOTE: 20221003: Programming language: C++.
   NOTE: 20221003: One pull request closes several CVEs.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a596ee78bae46b3627e2dc41b4d1d3988e59d511...a7294d3bde8dd8ac07839ca17b9963876f674b5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a596ee78bae46b3627e2dc41b4d1d3988e59d511...a7294d3bde8dd8ac07839ca17b9963876f674b5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221026/23853250/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list