[Git][security-tracker-team/security-tracker][master] CVE-2022-26520,libpgjava: Mark as no-dsa for all distributions.

Fri, 20 May 2022 13:40:10 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
16648b3a by Markus Koschany at 2022-05-20T22:39:23+02:00
CVE-2022-26520,libpgjava: Mark as no-dsa for all distributions.

This issue requires access to connection properties only authenticated users
should have. Upstream does not consider this to be a security vulnerability
with the driver, instead application developers must take care of validating
the contents of any JDBC URLs.

Just removing the loggerFile and loggerLevel connection properties may
break existing applications. This should be tested in unstable and testing
first.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16642,6 +16642,9 @@ CVE-2022-0656 (The Web To Print Shop : uDraw WordPress 
plugin before 3.3.3 does
        NOT-FOR-US: WordPress plugin
 CVE-2022-26520 (** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who 
controls the  ...)
        - libpgjava 42.3.3-1
+       [bullseye] - libpgjava <no-dsa> (Requires control over connection 
properties)
+       [buster] - libpgjava <no-dsa> (Requires control over connection 
properties)
+       [stretch] - libpgjava <no-dsa> (Requires control over connection 
properties)
        NOTE: 
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
        NOTE: 
https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064
 (REL42.3.3-rc1)
 CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The 
unsafe handl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16648b3afe726f68b648eb6dc2fdb63458f19343

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16648b3afe726f68b648eb6dc2fdb63458f19343
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to