Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 35e0ffe6 by Thorsten Alteholz at 2022-01-20T16:18:36+01:00 add openjdk-8 - - - - - dcfaf2bc by Thorsten Alteholz at 2022-01-20T16:20:46+01:00 add nss - - - - - 4f3dcb43 by Thorsten Alteholz at 2022-01-20T16:25:42+01:00 follow sec team and mark some CVEs of glibc as no-dsa - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1579,11 +1579,13 @@ CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc - glibc 2.33-3 [bullseye] - glibc <no-dsa> (Minor issue) [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542 CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...) - glibc 2.33-3 [bullseye] - glibc <no-dsa> (Minor issue) [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768 CVE-2022-23217 RESERVED @@ -11160,12 +11162,14 @@ CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()] - glibc <unfixed> [bullseye] - glibc <no-dsa> (Minor issue) [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769 CVE-2021-3998 [Unexpected return value from realpath() for too long results] RESERVED - glibc <unfixed> [bullseye] - glibc <no-dsa> (Minor issue) [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770 NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddh...@sourceware.org/ CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles] ===================================== data/dla-needed.txt ===================================== @@ -90,6 +90,11 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- +nss + NOTE: 20220120: no public information yet +-- +openjdk-8 (Emilio) +-- pgbouncer (Christoph Berg) NOTE: 20220104: maintainer might want to upload fixed version -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f50403b7c75ece8064cfea5f8cc95e5d94fd845e...4f3dcb43ea85a8c9937a3da0a23a8b098962b962 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f50403b7c75ece8064cfea5f8cc95e5d94fd845e...4f3dcb43ea85a8c9937a3da0a23a8b098962b962 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits