[Git][security-tracker-team/security-tracker][master] More triage of current ceph issues

[Stefano Rivera (@stefanor)]

Stefano Rivera pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9c926fc4 by Stefano Rivera at 2023-01-02T10:55:47-04:00
More triage of current ceph issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13325,9 +13325,12 @@ CVE-2022-3855
 CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends]
        RESERVED
        - ceph <unfixed> (bug #1027151)
+       [bullseye] - ceph <not-affected> (Vulnerable code added in Ceph 16.1)
+       [buster] - ceph <not-affected> (Vulnerable code added in Ceph 16.1)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139925
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1205025
        NOTE: https://tracker.ceph.com/issues/55765
+       NOTE: https://github.com/ceph/ceph/pull/47025
 CVE-2022-44664
        RESERVED
 CVE-2022-44663
@@ -17812,6 +17815,7 @@ CVE-2022-3650 [ceph-crash.service allows local ceph 
user to root exploit]
        RESERVED
        - ceph 16.2.10+ds-4 (bug #1024932)
        [bullseye] - ceph <no-dsa> (Minor issue)
+       [buster] - ceph <not-affected> (ceph-crash service added in Ceph 14)
        NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1
        NOTE: https://tracker.ceph.com/issues/57967
        NOTE: https://github.com/ceph/ceph/pull/48713
@@ -68715,9 +68719,10 @@ CVE-2022-0671 (A flaw was found in vscode-xml in 
versions prior to 0.19.0. Schem
 CVE-2022-0670 (A flaw was found in Openstack manilla owning a Ceph File system 
"share ...)
        - ceph 16.2.10+ds-1 (bug #1016069)
        [bullseye] - ceph <no-dsa> (Minor issue)
-       [buster] - ceph <no-dsa> (Minor issue)
+       [buster] - ceph <not-affected> (The volumes manager module was added in 
Ceph 14)
        NOTE: https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
        NOTE: https://docs.ceph.com/en/latest/security/CVE-2022-0670/
+       NOTE: https://github.com/ceph/ceph/pull/47229
 CVE-2022-0669 (A flaw was found in dpdk. This flaw allows a malicious 
vhost-user mast ...)
        {DSA-5130-1}
        - dpdk 20.11.5-1 (bug #1010641)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c926fc4e91eed601cb8d6a4d062b3404f1a8e3f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c926fc4e91eed601cb8d6a4d062b3404f1a8e3f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits