Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker
Commits: b9b23c9c by Helmut Grohne at 2023-04-12T08:30:15+02:00 classify protobuf-java CPU DoS CVEs as unimportant - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -43657,14 +43657,14 @@ CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure NOT-FOR-US: WordPress plugin CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ...) [experimental] - protobuf 3.21.7-1 - - protobuf 3.21.9-3 - [bullseye] - protobuf <no-dsa> (Minor issue) + - protobuf 3.21.9-3 (unimportant) NOTE: https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48 + NOTE: CPU DoS in protobuf-java, requires significant refactoring via CVE-2022-3171 CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat in proto ...) [experimental] - protobuf 3.21.7-1 - - protobuf 3.21.9-3 - [bullseye] - protobuf <no-dsa> (Minor issue) + - protobuf 3.21.9-3 (unimportant) NOTE: https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9 (v21.7, v3.21.7) + NOTE: CPU DoS in protobuf-java, requires significant refactoring via CVE-2022-3171 CVE-2022-3508 RESERVED CVE-2022-3507 @@ -50584,9 +50584,10 @@ CVE-2022-3172 NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite versio ...) [experimental] - protobuf 3.21.7-1 - - protobuf 3.21.9-3 - [bullseye] - protobuf <no-dsa> (Minor issue) + - protobuf 3.21.9-3 (unimportant) NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 + NOTE: https://github.com/protocolbuffers/protobuf/pull/10664 10665 10666 10667 10668 + NOTE: CPU DoS in protobuf-java, fixed by significant refactoring CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...) - linux <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125879 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9b23c9c962973b630a627bcd72e6ab8eea8d94e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9b23c9c962973b630a627bcd72e6ab8eea8d94e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits