[Git][security-tracker-team/security-tracker][master] 2 commits: re-evaluate CVE-2022-46337, a critical CVE should be not no-dsa

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sat Apr 4 18:58:29 BST 2026 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a81e7fa by Thorsten Alteholz at 2026-04-04T19:49:34+02:00
re-evaluate CVE-2022-46337, a critical CVE should be not no-dsa

- - - - -
284c9d34 by Thorsten Alteholz at 2026-04-04T19:56:59+02:00
add glibc

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -338842,8 +338842,6 @@ CVE-2022-41985 (An authentication bypass vulnerability exists in the Authenticat
 CVE-2022-46337 (A cleverly devised username might bypass LDAP authentication checks. I ...)
 	- derby 10.14.2.0-3 (bug #1056755)
 	[bookworm] - derby <no-dsa> (Minor issue)
-	[bullseye] - derby <no-dsa> (Minor issue)
-	[buster] - derby <no-dsa> (Minor issue)
 	NOTE: https://issues.apache.org/jira/browse/DERBY-7147
 	NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3
 CVE-2022-46336


=====================================
data/dla-needed.txt
=====================================
@@ -114,6 +114,10 @@ git-lfs
   NOTE: 20251102: Added by Front-Desk (apo)
   NOTE: 20251102: Fix may be partial due to git < 2.42 in bullseye.
 --
+glibc
+  NOTE: 20260404: Added by Front-Desk (ta)
+  NOTE: 20260404: no upstream fix yet
+--
 golang-github-gorilla-csrf
   NOTE: 20250422: Added by Front-Desk (rouca)
   NOTE: 20250422: Need to binNMU reverse depends (in that order): golang-github-alecthomas-chroma, golang-github-niklasfasching-go-org, golang-github-yuin-goldmark-highlighting, hugo (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a353cc142e53715c337351c11f1456129a64d34...284c9d346acc5774f191dfc34bbdc7ff3cd1bf16

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a353cc142e53715c337351c11f1456129a64d34...284c9d346acc5774f191dfc34bbdc7ff3cd1bf16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260404/92f2bbd2/attachment.htm>

More information about the debian-security-tracker-commits mailing list