Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
334895fd by Moritz Mühlenhoff at 2022-07-15T19:39:34+02:00
xen, mat2 DSAs
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5560,18 +5560,21 @@ CVE-2022-33743 (network backend may cause Linux
netfront to use freed SKBs While
CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information
record relat ...)
- linux <unfixed>
- xen <unfixed>
+ [bullseye] - xen <ignored> (Too intrusive too backport)
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information
record relat ...)
- linux <unfixed>
- xen <unfixed>
+ [bullseye] - xen <ignored> (Too intrusive too backport)
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
CVE-2022-33740 (Linux disk/nic frontends data leaks T[his CNA information
record relat ...)
- linux <unfixed>
- xen <unfixed>
+ [bullseye] - xen <ignored> (Too intrusive too backport)
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
@@ -26326,6 +26329,7 @@ CVE-2022-0836 (The SEMA API WordPress plugin before
4.02 does not properly sanit
CVE-2022-26365 (Linux disk/nic frontends data leaks T[his CNA information
record relat ...)
- linux <unfixed>
- xen <unfixed>
+ [bullseye] - xen <ignored> (Too intrusive too backport)
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,10 @@
+[15 Jul 2022] DSA-5185-1 mat2 - security update
+ {CVE-2022-35410}
+ [buster] - mat2 0.8.0-3+deb10u1
+ [bullseye] - mat2 0.12.1-2+deb11u1
+[15 Jul 2022] DSA-5184-1 xen - security update
+ {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816
CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900}
+ [bullseye] - xen 4.14.5+24-g87d90d511c-1
[15 Jul 2022] DSA-5183-1 wpewebkit - security update
{CVE-2022-22677 CVE-2022-26710}
[bullseye] - wpewebkit 2.36.4-1~deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -34,9 +34,6 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
--
-mat2
- Maintainer is going to prepare updates
---
ndpi/oldstable
--
netatalk
@@ -69,7 +66,5 @@ unzip
unclear information, initial report indicates writable memory corruption, but
some identified patch is just for a NULL deref, needs more clarification
--
-xen (jmm)
---
xorg-server
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/334895fdf2ce86f674b001f0cdcaa0e36736f75f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/334895fdf2ce86f674b001f0cdcaa0e36736f75f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
