[Git][security-tracker-team/security-tracker][master] Claim pcs in dla-needed.txt
Valentin Vidic (@vvidic)
vvidic at debian.org
Thu Sep 8 21:42:25 BST 2022
Valentin Vidic pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e1a55cd by Valentin Vidic at 2022-09-08T22:39:58+02:00
Claim pcs in dla-needed.txt
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -90,12 +90,14 @@ openexr
NOTE: 20220904: Programming language: C++.
NOTE: 20220904: Should be synced with Stretch. (apo)
--
-pcs
+pcs (Valentin Vidic)
NOTE: 20220905: Programming language: Python.
NOTE: 20220905: Local access needed to get exploit the vulnerability.
NOTE: 20220905: One could argue that the vulnerability is in Thin::Backends::UnixServer:connect
NOTE: 20220905: since the solution is to override that function with a new umask.
NOTE: 20220905: https://lists.debian.org/debian-lts/2022/09/msg00007.html
+ NOTE: 20220908: CVE-2022-2735 not-affected: Vulnerable code not present, see #1018930.
+ NOTE: 20220908: CVE-2022-1049 vulnerable
--
poppler (Markus Koschany)
NOTE: 20220904: Programming language: C.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e1a55cd98e336ca90986b0ad0981d7da37b80db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e1a55cd98e336ca90986b0ad0981d7da37b80db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220908/14d2f7f7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list