Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
696a7296 by Chris Lamb at 2023-02-01T11:27:55-08:00
Mark a series of redis vulnerabilities as 'ignored'; they all require
an elevated (and possibly raw TCP-) level of access.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45691,7 +45691,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel
game engine with easy moddi
NOTE:
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
(5.6.0)
CVE-2022-35977 (Redis is an in-memory database that persists on disk.
Authenticated us ...)
- redis 5:7.0.8-1
- [bullseye] - redis <no-dsa> (Minor issue)
+ [bullseye] - redis <ignored> (Minor issue; requires authed user)
NOTE:
https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea
(7.0.8)
CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in
order t ...)
NOT-FOR-US: GitOps Tools Extension for VSCode
@@ -78026,7 +78026,7 @@ CVE-2022-24737 (HTTPie is a command-line HTTP client.
HTTPie has the practical c
CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to
version ...)
[experimental] - redis 5:7.0.0-1
- redis 5:7.0.1-4
- [bullseye] - redis <no-dsa> (Minor issue)
+ [bullseye] - redis <ignored> (Minor issue; requires authed user;
problematic to backport patch)
[buster] - redis <no-dsa> (Minor issue)
[stretch] - redis <no-dsa> (Minor issue, problematic to backport patch
to embedded Lua engine)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984
@@ -78034,7 +78034,7 @@ CVE-2022-24736 (Redis is an in-memory database that
persists on disk. Prior to v
CVE-2022-24735 (Redis is an in-memory database that persists on disk. By
exploiting we ...)
[experimental] - redis 5:7.0.0-1
- redis 5:7.0.1-4
- [bullseye] - redis <no-dsa> (Minor issue)
+ [bullseye] - redis <ignored> (Minor issue; requires authed user;
problematic to backport patch)
[buster] - redis <no-dsa> (Minor issue)
[stretch] - redis <no-dsa> (Minor issue, problematic to backport patch
to embedded Lua engine)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/696a72962fd90820a00c7c36aae166c54e26416e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/696a72962fd90820a00c7c36aae166c54e26416e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
