[Git][security-tracker-team/security-tracker][master] Drop use of CVE-2022-23816
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 17 21:41:31 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ff94f3c3 by Salvatore Bonaccorso at 2023-01-17T22:40:59+01:00
Drop use of CVE-2022-23816
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -78088,20 +78088,6 @@ CVE-2022-23817
RESERVED
CVE-2022-23816
REJECTED
- {DSA-5207-1 DSA-5184-1}
- - linux 5.18.14-1
- [buster] - linux <ignored> (New mitigations are too invasive to backport)
- - xen 4.16.2-1
- [buster] - xen <end-of-life> (DSA 4677-1)
- NOTE: This is the AMD assigned CVE for Retbleed (CVE-2022-29900), as AMD did not
- NOTE: agree on the coverage for CVE-2022-29900: As stated in the Xen advisory 407:
- NOTE: On AMD CPUs, Retbleed is one specific instance of a more general
- NOTE: microarchitectural behaviour called Branch Type Confusion. AMD have
- NOTE: assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type Confusion).
- NOTE: Unfortunately both CVE-2022-23816 and CVE-2022-29900 are widely used by now for
- NOTE: referring the same issue, cf. https://www.openwall.com/lists/oss-security/2022/07/13/1
- NOTE: https://xenbits.xen.org/xsa/advisory-407.html
- NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
CVE-2022-23815
RESERVED
CVE-2022-23814 (Failure to validate addresses provided by software to BIOS commands ma ...)
=====================================
data/DSA/list
=====================================
@@ -340,7 +340,7 @@
{CVE-2022-29536}
[bullseye] - epiphany-browser 3.38.2-1+deb11u3
[15 Aug 2022] DSA-5207-1 linux - security update
- {CVE-2022-2585 CVE-2022-2586 CVE-2022-2588 CVE-2022-23816 CVE-2022-26373 CVE-2022-29900 CVE-2022-29901 CVE-2022-36879 CVE-2022-36946}
+ {CVE-2022-2585 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373 CVE-2022-29900 CVE-2022-29901 CVE-2022-36879 CVE-2022-36946}
[bullseye] - linux 5.10.136-1
[12 Aug 2022] DSA-5206-1 trafficserver - security update
{CVE-2021-37150 CVE-2022-25763 CVE-2022-28129 CVE-2022-31778 CVE-2022-31779 CVE-2022-31780}
@@ -417,7 +417,7 @@
[buster] - mat2 0.8.0-3+deb10u1
[bullseye] - mat2 0.12.1-2+deb11u1
[15 Jul 2022] DSA-5184-1 xen - security update
- {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900}
+ {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900}
[bullseye] - xen 4.14.5+24-g87d90d511c-1
[15 Jul 2022] DSA-5183-1 wpewebkit - security update
{CVE-2022-22677 CVE-2022-26710}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff94f3c399d52c5f7a97c4f34217798276739731
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff94f3c399d52c5f7a97c4f34217798276739731
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230117/fb43bc9a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list