[Git][security-tracker-team/security-tracker][master] Reserve DLA-3363-1 for pcre2
Guilhem Moulin (@guilhem)
guilhem at debian.org
Thu Mar 16 02:28:48 GMT 2023
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
90ab1b53 by Guilhem Moulin at 2023-03-16T03:28:24+01:00
Reserve DLA-3363-1 for pcre2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -72178,13 +72178,11 @@ CVE-2022-1588
CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
- pcre2 10.40-1 (bug #1011954)
[bullseye] - pcre2 10.36-2+deb11u1
- [buster] - pcre2 <no-dsa> (Minor issue)
[stretch] - pcre2 <no-dsa> (Minor issue)
NOTE: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 (pcre2-10.40)
CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
- pcre2 10.40-1 (bug #1011954)
[bullseye] - pcre2 10.36-2+deb11u1
- [buster] - pcre2 <no-dsa> (Minor issue)
[stretch] - pcre2 <no-dsa> (Minor issue)
NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40)
NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c (pcre2-10.40)
@@ -228580,7 +228578,6 @@ CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK
NOT-FOR-US: Heartland & Global Payments PHP SDK
CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...)
- pcre2 10.34-1
- [buster] - pcre2 <no-dsa> (Minor issue)
[stretch] - pcre2 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=2421
NOTE: https://bugs.php.net/bug.php?id=78338
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Mar 2023] DLA-3363-1 pcre2 - security update
+ {CVE-2019-20454 CVE-2022-1586 CVE-2022-1587}
+ [buster] - pcre2 10.32-5+deb10u1
[14 Mar 2023] DLA-3362-1 qemu - security update
{CVE-2020-14394 CVE-2020-17380 CVE-2020-29130 CVE-2021-3409 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2022-0216 CVE-2022-1050}
[buster] - qemu 1:3.1+dfsg-8+deb10u10
=====================================
data/dla-needed.txt
=====================================
@@ -185,10 +185,6 @@ openimageio (Markus Koschany)
NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git
NOTE: 20220313: will be released today (apo)
--
-pcre2 (guilhem)
- NOTE: 20230303: Programming language: C.
- NOTE: 20230303: Follow fixes from bullseye 11.5 (Beuc/front-desk)
---
php-cas
NOTE: 20221105: Programming language: PHP.
NOTE: 20221105: The fix is not backwards compatible. Should be investigated further whether this issue should be solved or ignored.. (ola)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90ab1b536c119407cf18bca9436cd64b6ec44d81
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90ab1b536c119407cf18bca9436cd64b6ec44d81
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230316/7b2b5961/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list