[Git][security-tracker-team/security-tracker][master] 2 commits: Added openvswitch to dla-needed. There is no known fix for the problem. The...
Ola Lundqvist (@opal)
opal at debian.org
Sun Sep 11 21:50:59 BST 2022
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ee918a8d by Ola Lundqvist at 2022-09-11T22:50:24+02:00
Added openvswitch to dla-needed. There is no known fix for the problem. The paper suggest a short term workaround to be implemented and long term to change to an alternative algorithm. Both seems complicated.
- - - - -
6f515f11 by Ola Lundqvist at 2022-09-11T22:50:24+02:00
Added wordpress to dla-needed with a note that further work is needed to figure out what parts of 6.0.2 release applies to buster.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -187,6 +187,9 @@ CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x throu
- openvswitch <unfixed>
NOTE: https://arxiv.org/abs/2011.09107
NOTE: https://sites.google.com/view/tuple-space-explosion
+ NOTE: https://dl.acm.org/doi/10.1145/3359989.3365431
+ NOTE: https://www.youtube.com/watch?v=5cHpzVK0D28
+ NOTE: https://www.youtube.com/watch?v=DSC3m-Bww64
CVE-2022-40237
RESERVED
CVE-2022-40236
=====================================
data/dla-needed.txt
=====================================
@@ -85,6 +85,9 @@ openexr
NOTE: 20220904: Programming language: C++.
NOTE: 20220904: Should be synced with Stretch. (apo)
--
+openvswitch
+ NOTE: 20220911: No known patch for this problem.
+--
paramiko (Chris Lamb)
NOTE: 20220909: Programming language: Python.
--
@@ -162,6 +165,10 @@ vim
wkhtmltopdf
NOTE: 20220904: Programming language: C++.
--
+wordpress
+ NOTE: 20220911: Programming language: PHP
+ NOTE: 20220911: Further investigation needed to see what parts of 6.0.2 update that applies to buster.
+--
zlib (Emilio)
NOTE: 20220813: Programming language: C.
NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57351ceab2760a3f77d826a4fb4213292299052d...6f515f119791a74b12a113e20fed8cbe50079758
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57351ceab2760a3f77d826a4fb4213292299052d...6f515f119791a74b12a113e20fed8cbe50079758
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220911/44743f95/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list