[Git][security-tracker-team/security-tracker][master] pspp no longer installs vulnerable tool

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Feb 13 09:14:16 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7618c15d by Moritz Muehlenhoff at 2023-02-13T09:57:11+01:00
pspp no longer installs vulnerable tool

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37341,15 +37341,17 @@ CVE-2022-39834 (A stored XSS vulnerability was discovered in adminweb/ra/viewend
 CVE-2022-39833 (FileCloud Versions 20.2 and later allows remote attackers to potential ...)
 	NOT-FOR-US: FileCloud
 CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
-	- pspp <unfixed> (bug #1019598)
+	- pspp 1.6.2-2 (bug #1019598)
 	[bullseye] - pspp <no-dsa> (Minor issue)
 	[buster] - pspp <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/index.php?63000
+	NOTE: Starting with 1.6.2-2, pspp-dump-sav is no longer installed, using that as the fixed version
 CVE-2022-39831 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
-	- pspp <unfixed> (bug #1019597)
+	- pspp 1.6.2-2 (bug #1019597)
 	[bullseye] - pspp <no-dsa> (Minor issue)
 	[buster] - pspp <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?62977
+	NOTE: Starting with 1.6.2-2, pspp-dump-sav is no longer installed, using that as the fixed version
 CVE-2022-39830 (sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on th ...)
 	NOT-FOR-US: Samsung mTower
 CVE-2022-39829 (There is a NULL pointer dereference in aes256_encrypt in Samsung mTowe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7618c15dbbebf71d1f995c1cb519ff2cd4626ff3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7618c15dbbebf71d1f995c1cb519ff2cd4626ff3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230213/3eac3485/attachment.htm>

More information about the debian-security-tracker-commits mailing list