Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits: 90ab1b53 by Guilhem Moulin at 2023-03-16T03:28:24+01:00 Reserve DLA-3363-1 for pcre2 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -72178,13 +72178,11 @@ CVE-2022-1588 CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) - pcre2 10.40-1 (bug #1011954) [bullseye] - pcre2 10.36-2+deb11u1 - [buster] - pcre2 <no-dsa> (Minor issue) [stretch] - pcre2 <no-dsa> (Minor issue) NOTE: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 (pcre2-10.40) CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) - pcre2 10.40-1 (bug #1011954) [bullseye] - pcre2 10.36-2+deb11u1 - [buster] - pcre2 <no-dsa> (Minor issue) [stretch] - pcre2 <no-dsa> (Minor issue) NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40) NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c (pcre2-10.40) @@ -228580,7 +228578,6 @@ CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK NOT-FOR-US: Heartland & Global Payments PHP SDK CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...) - pcre2 10.34-1 - [buster] - pcre2 <no-dsa> (Minor issue) [stretch] - pcre2 <no-dsa> (Minor issue) NOTE: https://bugs.exim.org/show_bug.cgi?id=2421 NOTE: https://bugs.php.net/bug.php?id=78338 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[16 Mar 2023] DLA-3363-1 pcre2 - security update + {CVE-2019-20454 CVE-2022-1586 CVE-2022-1587} + [buster] - pcre2 10.32-5+deb10u1 [14 Mar 2023] DLA-3362-1 qemu - security update {CVE-2020-14394 CVE-2020-17380 CVE-2020-29130 CVE-2021-3409 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2022-0216 CVE-2022-1050} [buster] - qemu 1:3.1+dfsg-8+deb10u10 ===================================== data/dla-needed.txt ===================================== @@ -185,10 +185,6 @@ openimageio (Markus Koschany) NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git NOTE: 20220313: will be released today (apo) -- -pcre2 (guilhem) - NOTE: 20230303: Programming language: C. - NOTE: 20230303: Follow fixes from bullseye 11.5 (Beuc/front-desk) --- php-cas NOTE: 20221105: Programming language: PHP. NOTE: 20221105: The fix is not backwards compatible. Should be investigated further whether this issue should be solved or ignored.. (ola) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90ab1b536c119407cf18bca9436cd64b6ec44d81 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90ab1b536c119407cf18bca9436cd64b6ec44d81 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits