[Git][security-tracker-team/security-tracker][master] pspp no longer installs vulnerable tool

Mon, 13 Feb 2023 01:14:24 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7618c15d by Moritz Muehlenhoff at 2023-02-13T09:57:11+01:00
pspp no longer installs vulnerable tool

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37341,15 +37341,17 @@ CVE-2022-39834 (A stored XSS vulnerability was 
discovered in adminweb/ra/viewend
 CVE-2022-39833 (FileCloud Versions 20.2 and later allows remote attackers to 
potential ...)
        NOT-FOR-US: FileCloud
 CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based 
buffer ov ...)
-       - pspp <unfixed> (bug #1019598)
+       - pspp 1.6.2-2 (bug #1019598)
        [bullseye] - pspp <no-dsa> (Minor issue)
        [buster] - pspp <no-dsa> (Minor issue)
        NOTE: https://savannah.gnu.org/bugs/index.php?63000
+       NOTE: Starting with 1.6.2-2, pspp-dump-sav is no longer installed, 
using that as the fixed version
 CVE-2022-39831 (An issue was discovered in PSPP 1.6.2. There is a heap-based 
buffer ov ...)
-       - pspp <unfixed> (bug #1019597)
+       - pspp 1.6.2-2 (bug #1019597)
        [bullseye] - pspp <no-dsa> (Minor issue)
        [buster] - pspp <no-dsa> (Minor issue)
        NOTE: https://savannah.gnu.org/bugs/?62977
+       NOTE: Starting with 1.6.2-2, pspp-dump-sav is no longer installed, 
using that as the fixed version
 CVE-2022-39830 (sign_pFwInfo in Samsung mTower through 0.3.0 has a missing 
check on th ...)
        NOT-FOR-US: Samsung mTower
 CVE-2022-39829 (There is a NULL pointer dereference in aes256_encrypt in 
Samsung mTowe ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7618c15dbbebf71d1f995c1cb519ff2cd4626ff3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7618c15dbbebf71d1f995c1cb519ff2cd4626ff3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to