[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3219/gnupg2

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 23 21:26:09 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0cffc66d by Salvatore Bonaccorso at 2023-02-23T22:25:40+01:00
Add CVE-2022-3219/gnupg2

Mark it as unimprtant, as first the impact is low (slow processing) and
upstream does not consider to merge/apply the proposed change. Debian
should not diverge from upstream at this point.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37522,7 +37522,12 @@ CVE-2022-40708 (An Out-of-bounds read vulnerability in Trend Micro Deep Security
 CVE-2022-40707 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
 	NOT-FOR-US: Trend Micro
 CVE-2022-3219 (GnuPG can be made to spin on a relatively small input by (for example) ...)
-	TODO: check
+	- gnupg2 <unfixed> (unimportant)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127010
+	NOTE: https://dev.gnupg.org/D556
+	NOTE: https://dev.gnupg.org/T5993
+	NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/8
+	NOTE: GnuPG upstream is not implementing this change.
 CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...)
 	NOT-FOR-US: Necta LLC
 CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cffc66d4a6697e0ba52ba9eefbcf8cb0ba4e6b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cffc66d4a6697e0ba52ba9eefbcf8cb0ba4e6b1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230223/8bbf454c/attachment.htm>


More information about the debian-security-tracker-commits mailing list