[Git][security-tracker-team/security-tracker][master] CVE-2022-41862/postgresql-11: fix triage: buster not-affected

Sylvain Beucler (@beuc) beuc at debian.org
Mon Feb 27 12:35:13 GMT 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02d1f326 by Sylvain Beucler at 2023-02-27T13:35:39+01:00
CVE-2022-41862/postgresql-11: fix triage: buster not-affected

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36290,13 +36290,15 @@ CVE-2022-41863
 	RESERVED
 CVE-2022-41862
 	RESERVED
-	{DLA-3316-1}
 	- postgresql-15 15.2-1
 	- postgresql-13 <removed>
 	[bullseye] - postgresql-13 <no-dsa> (Minor issue)
 	- postgresql-11 <removed>
+	[buster] - postgresql-11 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.postgresql.org/about/news/postgresql-152-147-1310-1214-and-1119-released-2592/
 	NOTE: Fixed in 15.2, 14.7, 13.10, 12.14
+	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3f7342671341a7a137f2d8b06ab3461cdb0e1d88 (REL_12_14)
+	NOTE: GSSAPI encryption support introduced in https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b0b39f72b9904bcb80f97b35837ccff1578aa4b8 (REL_12_BETA1)
 CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or home serv ...)
 	{DLA-3342-1}
 	- freeradius 3.2.0+dfsg-1


=====================================
data/DLA/list
=====================================
@@ -87,7 +87,6 @@
 	{CVE-2020-3299 CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1236 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749 CVE-2021-40114}
 	[buster] - snort 2.9.20-0+deb10u1
 [10 Feb 2023] DLA-3316-1 postgresql-11 - security update
-	{CVE-2022-41862}
 	[buster] - postgresql-11 11.19-0+deb10u1
 [10 Feb 2023] DLA-3315-1 sox - security update
 	{CVE-2019-13590 CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02d1f3265eea435bdb48b58b67b078aba2a1c11f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02d1f3265eea435bdb48b58b67b078aba2a1c11f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230227/de382984/attachment.htm>

More information about the debian-security-tracker-commits mailing list