[Git][security-tracker-team/security-tracker][master] ignore protobuf CVEs in buster that are ignored in bullseye

[Helmut Grohne (@helmutg)]

Helmut Grohne pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
32f18fa8 by Helmut Grohne at 2023-04-16T20:21:28+02:00
ignore protobuf CVEs in buster that are ignored in bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44697,12 +44697,14 @@ CVE-2022-3510 (A parsing issue similar to 
CVE-2022-3171, but with Message-Type E
        [experimental] - protobuf 3.21.7-1
        - protobuf 3.21.9-3
        [bullseye] - protobuf <ignored> (Too intrusive to backport, requires 
significant refactoring via CVE-2022-3171)
+       [buster] - protobuf <ignored> (Too intrusive to backport, requires 
significant refactoring via CVE-2022-3171)
        NOTE: 
https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
        NOTE: CPU DoS in protobuf-java, requires significant refactoring via 
CVE-2022-3171
 CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat 
in proto ...)
        [experimental] - protobuf 3.21.7-1
        - protobuf 3.21.9-3
        [bullseye] - protobuf <ignored> (Too intrusive to backport, requires 
significant refactoring via CVE-2022-3171)
+       [buster] - protobuf <ignored> (Too intrusive to backport, requires 
significant refactoring via CVE-2022-3171)
        NOTE: 
https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9
 (v21.7, v3.21.7)
        NOTE: CPU DoS in protobuf-java, requires significant refactoring via 
CVE-2022-3171
 CVE-2022-3508
@@ -51634,7 +51636,8 @@ CVE-2022-3172
 CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite 
versio ...)
        [experimental] - protobuf 3.21.7-1
        - protobuf 3.21.9-3
-       [bullseye] - protobuf <ignored> (Too intrusive to backport, requires 
significant refactoring via CVE-2022-3171)
+       [bullseye] - protobuf <ignored> (Too intrusive to backport, requires 
significant refactoring)
+       [buster] - protobuf <ignored> (Too intrusive to backport, requires 
significant refactoring)
        NOTE: 
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
        NOTE: https://github.com/protocolbuffers/protobuf/pull/10664
        NOTE: https://github.com/protocolbuffers/protobuf/pull/10665



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32f18fa8d455362c1218404bcae2b6fa518a9b37

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32f18fa8d455362c1218404bcae2b6fa518a9b37
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits