golang-golang-x-text: buster postponed

Sylvain Beucler (@beuc) Fri, 11 Nov 2022 01:44:07 -0800


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
27948f86 by Sylvain Beucler at 2022-11-11T10:43:38+01:00
CVE-2022-32149/golang-golang-x-text: buster postponed

- - - - -
aa2075b8 by Sylvain Beucler at 2022-11-11T10:43:39+01:00
CVE-2022-3275/puppet-module-puppetlabs-apt: buster postponed

- - - - -
f8ef1b71 by Sylvain Beucler at 2022-11-11T10:43:39+01:00
dla: add libstb

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12657,6 +12657,7 @@ CVE-2022-3276 (Command injection is possible in the 
puppetlabs-mysql module prio
 CVE-2022-3275 (Command injection is possible in the puppetlabs-apt module 
prior to ve ...)
        - puppet-module-puppetlabs-apt <unfixed> (bug #1023625)
        [bullseye] - puppet-module-puppetlabs-apt <no-dsa> (Minor issue)
+       [buster] - puppet-module-puppetlabs-apt <postponed> (Minor issue, rare 
condition, follow buster status)
        NOTE: https://puppet.com/security/cve/CVE-2022-3275
        NOTE: 
https://github.com/puppetlabs/puppetlabs-apt/commit/c26ad2a54f318b4d6fbe55f837b00cd6afd9f1eb
 (v9.0.0)
 CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository 
ikus060/rdiffwe ...)
@@ -36863,6 +36864,7 @@ CVE-2022-32150
        RESERVED
 CVE-2022-32149 (An attacker may cause a denial of service by crafting an 
Accept-Langua ...)
        - golang-golang-x-text 0.3.8-1 (bug #1021785)
+       [buster] - golang-golang-x-text <postponed> (Limited support, minor 
issue, follow bullseye DSAs/point-releases (renamed package))
        - golang-x-text <removed>
        NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU
        NOTE: https://go.dev/issue/56152


=====================================
data/dla-needed.txt
=====================================
@@ -135,6 +135,9 @@ libde265
 libreoffice
   NOTE: 20221012: Programming language: C++.
 --
+libstb
+  NOTE: 20221111: Programming language: C.
+--
 linux (Ben Hutchings)
 --
 man2html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1a7adcf093a16eb24c9e808d034cf0fcef7418e8...f8ef1b71af7c159c5a39d9672fcbbcc79ed8fc93

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1a7adcf093a16eb24c9e808d034cf0fcef7418e8...f8ef1b71af7c159c5a39d9672fcbbcc79ed8fc93
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-32149/golang-golang-x-text: buster postponed

Reply via email to