[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2022-38791/mariadb-10.3 as addressed in DLA-3114-1
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Tue Sep 27 13:59:09 BST 2022
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34bc0789 by Emilio Pozuelo Monfort at 2022-09-27T14:58:40+02:00
Mark CVE-2022-38791/mariadb-10.3 as addressed in DLA-3114-1
- - - - -
7c6fb17f by Emilio Pozuelo Monfort at 2022-09-27T14:58:41+02:00
Triage remaining mariadb-10.3 CVEs
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24618,7 +24618,7 @@ CVE-2022-32090
CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26410
CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...)
{DLA-3114-1}
@@ -24637,7 +24637,7 @@ CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation
CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26412
NOTE: Fixed in: 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...)
@@ -24663,12 +24663,12 @@ CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a segmentatio
CVE-2022-32082 (MariaDB v10.5 to v10.7 was discovered to contain an assertion failure ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.5 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26433
CVE-2022-32081 (MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison i ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26420
CVE-2022-32080
RESERVED
@@ -38300,8 +38300,8 @@ CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an us
CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
+ - mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28098
CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
{DLA-3114-1}
@@ -38313,8 +38313,8 @@ CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an us
CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
+ - mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28097
CVE-2022-27454
RESERVED
@@ -38330,8 +38330,8 @@ CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a segme
CVE-2022-27451 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
+ - mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28094
CVE-2022-27450
RESERVED
@@ -38359,8 +38359,8 @@ CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a use-a
CVE-2022-27446 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
+ - mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28082
CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
{DLA-3114-1}
@@ -38373,8 +38373,8 @@ CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segme
CVE-2022-27444 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
+ - mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28080
CVE-2022-27443
RESERVED
@@ -38536,8 +38536,8 @@ CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segme
CVE-2022-27385 (An issue in the component Used_tables_and_const_cache::used_tables_and ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.5 onwards)
+ - mariadb-10.1 <not-affected> (Only affects MariaDB 10.5 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26415
CVE-2022-27384 (An issue in the component Item_subselect::init_expr_cache_tracker of M ...)
{DLA-3114-1}
@@ -38556,8 +38556,8 @@ CVE-2022-27383 (MariaDB Server v10.6 and below was discovered to contain an use-
CVE-2022-27382 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- - mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
+ - mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26402
CVE-2022-27381 (An issue in the component Field::set_default of MariaDB Server v10.6 a ...)
{DLA-3114-1}
=====================================
data/DLA/list
=====================================
@@ -23,7 +23,7 @@
{CVE-2022-37706}
[buster] - e17 0.22.4-2+deb10u1
[16 Sep 2022] DLA-3114-1 mariadb-10.3 - security update
- {CVE-2021-46669 CVE-2022-21427 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27452 CVE-2022-27456 CVE-2022-27458 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32087 CVE-2022-32088 CVE-2022-32091}
+ {CVE-2021-46669 CVE-2022-21427 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27452 CVE-2022-27456 CVE-2022-27458 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32087 CVE-2022-32088 CVE-2022-32091 CVE-2022-38791}
[buster] - mariadb-10.3 1:10.3.36-0+deb10u1
[16 Sep 2022] DLA-3113-1 libraw - security update
{CVE-2020-35530 CVE-2020-35531 CVE-2020-35532 CVE-2020-35533}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/25dfd340d1e0e9597da9f9a3c267237e46007974...7c6fb17f53e28fecacc30694bae78e20451cbec5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/25dfd340d1e0e9597da9f9a3c267237e46007974...7c6fb17f53e28fecacc30694bae78e20451cbec5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220927/6e0bfb5b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list