Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 580acc50 by Thorsten Alteholz at 2022-04-11T00:28:39+02:00 mark CVE-2022-26635 as no-dsa - - - - - c40f2ec6 by Thorsten Alteholz at 2022-04-11T00:28:40+02:00 mark CVE-2022-24795 as no-dsa for Stretch - - - - - f16f10f4 by Thorsten Alteholz at 2022-04-11T00:28:40+02:00 add twisted - - - - - e106af23 by Thorsten Alteholz at 2022-04-11T00:28:40+02:00 update notes - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -6047,6 +6047,7 @@ CVE-2022-26636 RESERVED CVE-2022-26635 (PHP-Memcached v2.2.0 and below contains an improper NULL termination w ...) - php-memcached <unfixed> + [stretch] - php-memcached <no-dsa> (Minor issue) NOTE: https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ CVE-2022-26634 RESERVED @@ -11058,6 +11059,7 @@ CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for ru NOT-FOR-US: RaspberryMatic CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...) - ruby-yajl <unfixed> + [stretch] - ruby-yajl <no-dsa> (Minor issue) NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6 CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...) ===================================== data/dla-needed.txt ===================================== @@ -74,7 +74,7 @@ kvmtool NOTE: 20220402: CVE-2021-45464 looks critical, check with upstream for acknowledgments/fixes (Beuc) -- libarchive (Thorsten Alteholz) - NOTE: 20220327: next round of testing + NOTE: 20220410: still testing -- liblouis NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN @@ -83,6 +83,7 @@ liblouis libpgjava -- libvirt (Thorsten Alteholz) + NOTE: 20220410: wait for upload in newer releases -- libz-mingw-w64 NOTE: 20220231: upcoming DSA (Beuc) @@ -150,6 +151,8 @@ tiff (Utkarsh) twig NOTE: 20220402: cf. DSA-5107-1; similar code in lib/Twig/Extension/Core.php (Beuc) -- +twisted +-- unzip NOTE: 20220319: no patches yet but reproducible (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68604087422ab8691faad90c869bfbfc4434dda...e106af23a9f40c611f8902f84ff14ca8bc1db7b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68604087422ab8691faad90c869bfbfc4434dda...e106af23a9f40c611f8902f84ff14ca8bc1db7b5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits