[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2022-26635 as no-dsa

Thorsten Alteholz (@alteholz) Sun, 10 Apr 2022 15:29:04 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
580acc50 by Thorsten Alteholz at 2022-04-11T00:28:39+02:00
mark CVE-2022-26635 as no-dsa

- - - - -
c40f2ec6 by Thorsten Alteholz at 2022-04-11T00:28:40+02:00
mark CVE-2022-24795 as no-dsa for Stretch

- - - - -
f16f10f4 by Thorsten Alteholz at 2022-04-11T00:28:40+02:00
add twisted

- - - - -
e106af23 by Thorsten Alteholz at 2022-04-11T00:28:40+02:00
update notes

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6047,6 +6047,7 @@ CVE-2022-26636
        RESERVED
 CVE-2022-26635 (PHP-Memcached v2.2.0 and below contains an improper NULL 
termination w ...)
        - php-memcached <unfixed>
+       [stretch] - php-memcached <no-dsa> (Minor issue)
        NOTE: https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/
 CVE-2022-26634
        RESERVED
@@ -11058,6 +11059,7 @@ CVE-2022-24796 (RaspberryMatic is a free and 
open-source operating system for ru
        NOT-FOR-US: RaspberryMatic
 CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and 
generation libra ...)
        - ruby-yajl <unfixed>
+       [stretch] - ruby-yajl <no-dsa> (Minor issue)
        NOTE: 
https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
        NOTE: 
https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6
 CVE-2022-24794 (Express OpenID Connect is an Express JS middleware 
implementing sign o ...)


=====================================
data/dla-needed.txt
=====================================
@@ -74,7 +74,7 @@ kvmtool
   NOTE: 20220402: CVE-2021-45464 looks critical, check with upstream for 
acknowledgments/fixes (Beuc)
 --
 libarchive (Thorsten Alteholz)
-  NOTE: 20220327: next round of testing
+  NOTE: 20220410: still testing
 --
 liblouis
   NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
@@ -83,6 +83,7 @@ liblouis
 libpgjava
 --
 libvirt (Thorsten Alteholz)
+  NOTE: 20220410: wait for upload in newer releases
 --
 libz-mingw-w64
   NOTE: 20220231: upcoming DSA (Beuc)
@@ -150,6 +151,8 @@ tiff (Utkarsh)
 twig
   NOTE: 20220402: cf. DSA-5107-1; similar code in lib/Twig/Extension/Core.php 
(Beuc)
 --
+twisted
+--
 unzip
   NOTE: 20220319: no patches yet but reproducible (apo)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68604087422ab8691faad90c869bfbfc4434dda...e106af23a9f40c611f8902f84ff14ca8bc1db7b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68604087422ab8691faad90c869bfbfc4434dda...e106af23a9f40c611f8902f84ff14ca8bc1db7b5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2022-26635 as no-dsa

Reply via email to