Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c7a6723 by Sylvain Beucler at 2022-02-05T22:00:32+01:00
CVE-2021-22570/protobuf: stretch postponed
- - - - -
0fdbc15a by Sylvain Beucler at 2022-02-05T22:23:07+01:00
dla: add libphp-adodb
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -70998,6 +70998,7 @@ CVE-2021-22570 (Nullptr dereference when a null char is
present in a proto symbo
- protobuf <unfixed>
[bullseye] - protobuf <no-dsa> (Minor issue)
[buster] - protobuf <no-dsa> (Minor issue)
+ [stretch] - protobuf <postponed> (Minor issue; clean crash / Dos; patch
needs to be isolated)
NOTE: Fixed upstream in v3.15.0:
https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of
com.google.proto ...)
[experimental] - protobuf 3.19.3-1
=====================================
data/dla-needed.txt
=====================================
@@ -70,6 +70,9 @@ openjdk-8 (Emilio)
pgbouncer
NOTE: 20220104: maintainer might want to upload fixed version
--
+libphp-adodb
+ NOTE: 20220205: cf. huntr.dev link at mitre for impact on e.g. phppgadmin
(Beuc)
+--
pjproject (Abhijith PA)
NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fc7e18604cc802f13e4ba9e459c07a69a67584aa...0fdbc15acc4aac4ce33e993d332b53bae4bc1ae5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fc7e18604cc802f13e4ba9e459c07a69a67584aa...0fdbc15acc4aac4ce33e993d332b53bae4bc1ae5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
