[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed version for chromium issues via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 27 21:03:29 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
906d6aaa by Salvatore Bonaccorso at 2022-09-27T22:01:00+02:00
Track fixed version for chromium issues via unstable

- - - - -
611098a8 by Salvatore Bonaccorso at 2022-09-27T22:01:20+02:00
Update unstable version for CVE-2022-3201/chromium

The CVE is listed again in the [1] announce. It is unclear if this is a
mistake or if the previous fix was possibly just incomplete and its now
only completely fixed in the 106.0.5249.61 upstream version.

Play on safe side for now until clarified, and mark the 106.0.5249.61-1
version as the one fixing (completely) CVE-2022-3201. That means that
the next DSA for chromium will update the version as well.

 [1]: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,63 +71,63 @@ CVE-2022-3319
 	RESERVED
 CVE-2022-3318
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3317
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3316
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3315
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3314
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3313
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3312
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3311
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3310
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3309
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3308
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3307
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3306
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3305
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3304
 	RESERVED
-	- chromium <unfixed>
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3303
 	RESERVED
@@ -2312,7 +2312,7 @@ CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Jo
 	NOTE: https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1)
 CVE-2022-3201 (Insufficient validation of untrusted input in DevTools in Google Chrom ...)
 	{DSA-5230-1}
-	- chromium 105.0.5195.125-1
+	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3200 (Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195 ...)
 	{DSA-5230-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61433596b7d6bcf81941b1e9a47c0ed727819c44...611098a8e858f9cf85f9e599478ad476e528f949

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61433596b7d6bcf81941b1e9a47c0ed727819c44...611098a8e858f9cf85f9e599478ad476e528f949
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220927/e0693f38/attachment.htm>

More information about the debian-security-tracker-commits mailing list