[Git][security-tracker-team/security-tracker][master] 2 commits: Added openvswitch to dla-needed. There is no known fix for the problem. The...

Sun, 11 Sep 2022 13:51:07 -0700 


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ee918a8d by Ola Lundqvist at 2022-09-11T22:50:24+02:00
Added openvswitch to dla-needed. There is no known fix for the problem. The 
paper suggest a short term workaround to be implemented and long term to change 
to an alternative algorithm. Both seems complicated.

- - - - -
6f515f11 by Ola Lundqvist at 2022-09-11T22:50:24+02:00
Added wordpress to dla-needed with a note that further work is needed to figure 
out what parts of 6.0.2 release applies to buster.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -187,6 +187,9 @@ CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in 
Open vSwitch 2.x throu
        - openvswitch <unfixed>
        NOTE: https://arxiv.org/abs/2011.09107
        NOTE: https://sites.google.com/view/tuple-space-explosion
+       NOTE: https://dl.acm.org/doi/10.1145/3359989.3365431
+       NOTE: https://www.youtube.com/watch?v=5cHpzVK0D28
+       NOTE: https://www.youtube.com/watch?v=DSC3m-Bww64
 CVE-2022-40237
        RESERVED
 CVE-2022-40236


=====================================
data/dla-needed.txt
=====================================
@@ -85,6 +85,9 @@ openexr
   NOTE: 20220904: Programming language: C++.
   NOTE: 20220904: Should be synced with Stretch. (apo)
 --
+openvswitch
+  NOTE: 20220911: No known patch for this problem.
+--
 paramiko (Chris Lamb)
   NOTE: 20220909: Programming language: Python.
 --
@@ -162,6 +165,10 @@ vim
 wkhtmltopdf
   NOTE: 20220904: Programming language: C++.
 --
+wordpress
+  NOTE: 20220911: Programming language: PHP
+  NOTE: 20220911: Further investigation needed to see what parts of 6.0.2 
update that applies to buster.
+--
 zlib (Emilio)
   NOTE: 20220813: Programming language: C.
   NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57351ceab2760a3f77d826a4fb4213292299052d...6f515f119791a74b12a113e20fed8cbe50079758

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57351ceab2760a3f77d826a4fb4213292299052d...6f515f119791a74b12a113e20fed8cbe50079758
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to