[Git][security-tracker-team/security-tracker][master] Reserve DLA-3363-1 for pcre2

Guilhem Moulin (@guilhem) guilhem at debian.org
Thu Mar 16 02:28:48 GMT 2023



Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90ab1b53 by Guilhem Moulin at 2023-03-16T03:28:24+01:00
Reserve DLA-3363-1 for pcre2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -72178,13 +72178,11 @@ CVE-2022-1588
 CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
 	- pcre2 10.40-1 (bug #1011954)
 	[bullseye] - pcre2 10.36-2+deb11u1
-	[buster] - pcre2 <no-dsa> (Minor issue)
 	[stretch] - pcre2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 (pcre2-10.40)
 CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
 	- pcre2 10.40-1 (bug #1011954)
 	[bullseye] - pcre2 10.36-2+deb11u1
-	[buster] - pcre2 <no-dsa> (Minor issue)
 	[stretch] - pcre2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40)
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c (pcre2-10.40)
@@ -228580,7 +228578,6 @@ CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK
 	NOT-FOR-US: Heartland & Global Payments PHP SDK
 CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...)
 	- pcre2 10.34-1
-	[buster] - pcre2 <no-dsa> (Minor issue)
 	[stretch] - pcre2 <no-dsa> (Minor issue)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2421
 	NOTE: https://bugs.php.net/bug.php?id=78338


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Mar 2023] DLA-3363-1 pcre2 - security update
+	{CVE-2019-20454 CVE-2022-1586 CVE-2022-1587}
+	[buster] - pcre2 10.32-5+deb10u1
 [14 Mar 2023] DLA-3362-1 qemu - security update
 	{CVE-2020-14394 CVE-2020-17380 CVE-2020-29130 CVE-2021-3409 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2022-0216 CVE-2022-1050}
 	[buster] - qemu 1:3.1+dfsg-8+deb10u10


=====================================
data/dla-needed.txt
=====================================
@@ -185,10 +185,6 @@ openimageio (Markus Koschany)
   NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git
   NOTE: 20220313: will be released today (apo)
 --
-pcre2 (guilhem)
-  NOTE: 20230303: Programming language: C.
-  NOTE: 20230303: Follow fixes from bullseye 11.5 (Beuc/front-desk)
---
 php-cas
   NOTE: 20221105: Programming language: PHP.
   NOTE: 20221105: The fix is not backwards compatible. Should be investigated further whether this issue should be solved or ignored.. (ola)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90ab1b536c119407cf18bca9436cd64b6ec44d81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90ab1b536c119407cf18bca9436cd64b6ec44d81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230316/7b2b5961/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list