[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-3276,puppet-module-puppetlabs-mysql: Link to possible fix

Sun Oct 30 23:15:19 GMT 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
333a7c35 by Markus Koschany at 2022-10-30T23:44:38+01:00
CVE-2022-3276,puppet-module-puppetlabs-mysql: Link to possible fix

- - - - -
7eeec719 by Markus Koschany at 2022-10-31T00:12:53+01:00
Triage gpac for buster as EOL

- - - - -
b526dc08 by Markus Koschany at 2022-10-31T00:14:40+01:00
Add pysha3 to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5026,21 +5026,25 @@ CVE-2022-43046
 CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <end-of-life>
 	NOTE: https://github.com/gpac/gpac/issues/2277
 	NOTE: https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb
 CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <end-of-life>
 	NOTE: https://github.com/gpac/gpac/issues/2282
 	NOTE: https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35
 CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <end-of-life>
 	NOTE: https://github.com/gpac/gpac/issues/2276
 	NOTE: https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd
 CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <end-of-life>
 	NOTE: https://github.com/gpac/gpac/issues/2278
 	NOTE: https://github.com/gpac/gpac/commit/3661da280b3eba75490e75ff20ad440c66e24de9
 CVE-2022-43041
@@ -9459,6 +9463,7 @@ CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisonin
 CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module prior to  ...)
 	- puppet-module-puppetlabs-mysql <unfixed>
 	NOTE: https://puppet.com/security/cve/CVE-2022-3276
+	NOTE: Possible fix https://github.com/puppetlabs/puppetlabs-mysql/pull/1484
 CVE-2022-3275 (Command injection is possible in the puppetlabs-apt module prior to ve ...)
 	- puppet-module-puppetlabs-apt <unfixed>
 	NOTE: https://puppet.com/security/cve/CVE-2022-3275


=====================================
data/dla-needed.txt
=====================================
@@ -144,6 +144,10 @@ pluxml
   NOTE: 20220913: Programming language: PHP.
   NOTE: 20220913: Special attention: orphaned package.
 --
+pysha3
+  NOTE: 20221031: Programming language: Python.
+  NOTE: 20221031: Special attention: urgent.
+--
 python-scciclient (Dominik George)
   NOTE: 20221009: Programming language: Python.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6bc1b69f6f68f604338fd71d20faf5445493a64...b526dc08b7cdd8bbdf01a127d6f683b57ea6ddb1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6bc1b69f6f68f604338fd71d20faf5445493a64...b526dc08b7cdd8bbdf01a127d6f683b57ea6ddb1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221030/9b367b56/attachment-0001.htm>
