[Git][security-tracker-team/security-tracker][master] dla-needed.txt: No, CVE-2022-28346 is fixed in stretch like the others.

Chris Lamb (@lamby) lamby at debian.org
Thu Oct 27 18:37:15 BST 2022 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eea9c40b by Chris Lamb at 2022-10-27T10:36:55-07:00
dla-needed.txt: No, CVE-2022-28346 is fixed in stretch like the others.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -155,7 +155,7 @@ python-django (Chris Lamb)
   NOTE: 20220911: Some issue was fixed in stretch so it should also be fixed for buster.
   NOTE: 20221018: There are 4 CVEs on the debian/buster branch that are seemingly unreleased: CVE-2020-24583, CVE-2020-24584, CVE-2021-3281 and CVE-2021-23336. (lamby)
   NOTE: 20221018: This leaves 8 CVEs that need fixing, either simply because the code is vulnerable or the issue has already been fixed in stretch: CVE-2022-34265, CVE-2022-28346, CVE-2022-23833, CVE-2022-22818, CVE-2021-33571, CVE-2021-33203, CVE-2021-31542 & CVE-2021-28658 (lamby)
-  NOTE: 20221027: To clarify, the first two CVEs mentioned in the previous comment (CVE-2022-34265 & CVE-2022-28346) are vulnerable and not fixed in stretch, and the next six have already been fixed in stretch. I plan to fix these remaining 2 CVEs and release (with 6 total CVEs), instead of trying to co-ordinate a release with 12 (!) new patches. I can address them later. (lamby)
+  NOTE: 20221027: To clarify, only the first CVE mentioned in the previous comment (CVE-2022-34265) is vulnerable and not fixed in stretch, and the other seven have already been fixed in stretch. I plan to fix these remaining 1 CVE and release (with 5 total CVEs) instead of trying to co-ordinate a release with 12 (!) new patches. I can address them later. (lamby)
 --
 python-scciclient
   NOTE: 20221009: Programming language: Python.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eea9c40b76b2fbd02c5242fef5b3ba0b6fc6dc92

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eea9c40b76b2fbd02c5242fef5b3ba0b6fc6dc92
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221027/0256446d/attachment.htm>

More information about the debian-security-tracker-commits mailing list