[Git][security-tracker-team/security-tracker][master] 2 commits: Added openvswitch to dla-needed. There is no known fix for the problem. The...

Ola Lundqvist (@opal) opal at debian.org
Sun Sep 11 21:50:59 BST 2022 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee918a8d by Ola Lundqvist at 2022-09-11T22:50:24+02:00
Added openvswitch to dla-needed. There is no known fix for the problem. The paper suggest a short term workaround to be implemented and long term to change to an alternative algorithm. Both seems complicated.

- - - - -
6f515f11 by Ola Lundqvist at 2022-09-11T22:50:24+02:00
Added wordpress to dla-needed with a note that further work is needed to figure out what parts of 6.0.2 release applies to buster.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -187,6 +187,9 @@ CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x throu
 	- openvswitch <unfixed>
 	NOTE: https://arxiv.org/abs/2011.09107
 	NOTE: https://sites.google.com/view/tuple-space-explosion
+	NOTE: https://dl.acm.org/doi/10.1145/3359989.3365431
+	NOTE: https://www.youtube.com/watch?v=5cHpzVK0D28
+	NOTE: https://www.youtube.com/watch?v=DSC3m-Bww64
 CVE-2022-40237
 	RESERVED
 CVE-2022-40236


=====================================
data/dla-needed.txt
=====================================
@@ -85,6 +85,9 @@ openexr
   NOTE: 20220904: Programming language: C++.
   NOTE: 20220904: Should be synced with Stretch. (apo)
 --
+openvswitch
+  NOTE: 20220911: No known patch for this problem.
+--
 paramiko (Chris Lamb)
   NOTE: 20220909: Programming language: Python.
 --
@@ -162,6 +165,10 @@ vim
 wkhtmltopdf
   NOTE: 20220904: Programming language: C++.
 --
+wordpress
+  NOTE: 20220911: Programming language: PHP
+  NOTE: 20220911: Further investigation needed to see what parts of 6.0.2 update that applies to buster.
+--
 zlib (Emilio)
   NOTE: 20220813: Programming language: C.
   NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57351ceab2760a3f77d826a4fb4213292299052d...6f515f119791a74b12a113e20fed8cbe50079758

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57351ceab2760a3f77d826a4fb4213292299052d...6f515f119791a74b12a113e20fed8cbe50079758
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220911/44743f95/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list