[Git][security-tracker-team/security-tracker][master] Revert "fixup protobuf-java triage: tag all fixed versions unimportant"

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 12 20:42:24 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aab9bd9c by Salvatore Bonaccorso at 2023-04-12T21:42:08+02:00
Revert "fixup protobuf-java triage: tag all fixed versions unimportant"

This reverts commit dfeb6abc4fb18a270d8f32e5ff3c4cf737abdcaf.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43762,12 +43762,12 @@ CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to dis
 CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure that ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ...)
-	[experimental] - protobuf 3.21.7-1 (unimportant)
+	[experimental] - protobuf 3.21.7-1
 	- protobuf 3.21.9-3 (unimportant)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
 	NOTE: CPU DoS in protobuf-java, requires significant refactoring via CVE-2022-3171
 CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat in proto ...)
-	[experimental] - protobuf 3.21.7-1 (unimportant)
+	[experimental] - protobuf 3.21.7-1
 	- protobuf 3.21.9-3 (unimportant)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9 (v21.7, v3.21.7)
 	NOTE: CPU DoS in protobuf-java, requires significant refactoring via CVE-2022-3171
@@ -50691,7 +50691,7 @@ CVE-2022-3172
 	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
 	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
 CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite versio ...)
-	[experimental] - protobuf 3.21.7-1 (unimportant)
+	[experimental] - protobuf 3.21.7-1
 	- protobuf 3.21.9-3 (unimportant)
 	NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
 	NOTE: https://github.com/protocolbuffers/protobuf/pull/10664



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab9bd9c564d9d49aac8bddabda198904bd56d8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab9bd9c564d9d49aac8bddabda198904bd56d8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/94a9fc0c/attachment.htm>

More information about the debian-security-tracker-commits mailing list