[Git][security-tracker-team/security-tracker][master] 2 commits: Added hsqldb to dla-needed for further investigation. It is possibly a...

Ola Lundqvist (@opal) opal at debian.org
Mon Oct 31 13:35:55 GMT 2022



Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a38a497a by Ola Lundqvist at 2022-10-31T14:35:45+01:00
Added hsqldb to dla-needed for further investigation. It is possibly a breaking change. A possible outcome is to ignore the issue.

- - - - -
3fbc4c14 by Ola Lundqvist at 2022-10-31T14:35:45+01:00
Adding jhead to dla-needed. One can argue that you have to trick someone to use some specific command option but arbitrary command execution should be fixed.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -78,6 +78,11 @@ golang-websocket
 graphicsmagick
   NOTE: 20221027: Programming language: C.
 --
+hsqldb
+  NOTE: 20221031: Programming language: Java.
+  NOTE: 20221031: To be investigated further. A possible outcome is to ignore it.
+  NOTE: 20221031: https://lists.debian.org/debian-lts/2022/10/msg00060.html.
+--
 imagemagick (gladk)
   NOTE: 20220904: Programming language: C.
   NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git
@@ -90,6 +95,11 @@ ini4j
 jackson-databind
   NOTE: 20221030: Programming language: Java.
 --
+jhead
+  NOTE: 20221031: Programming language: C.
+  NOTE: 20221031: Note that multiple options are vulnerable. The attacker have to trick someone to execute the command but arbitrary code exectuion is not good..
+  NOTE: 20221031: It should be stated in the DLA that multiple options are affected..
+--
 joblib (Utkarsh)
   NOTE: 20221006: Programming language: Python.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/38f016b32cb272c7d81309d8a49e449b05af4867...3fbc4c148d62c33824b00b11e1b9b3c35f40e179

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/38f016b32cb272c7d81309d8a49e449b05af4867...3fbc4c148d62c33824b00b11e1b9b3c35f40e179
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221031/d305a8c3/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list