Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f530ed3b by Moritz Muehlenhoff at 2023-04-13T15:26:31+02:00
mark protobuf as ignored
we use unimportant for issues with negligble impact or non issue, here
there is some impact, but we can't meaningfully address it with a
backport, so mark as <ignored>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43934,12 +43934,14 @@ CVE-2022-3511 (The Awesome Support WordPress plugin
before 6.1.2 does not ensure
NOT-FOR-US: WordPress plugin
CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type
Extens ...)
[experimental] - protobuf 3.21.7-1
- - protobuf 3.21.9-3 (unimportant)
+ - protobuf 3.21.9-3
+ [bullseye] - protobuf <ignored> (Too intrusive to backport, requires
significant refactoring via CVE-2022-3171)
NOTE:
https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
NOTE: CPU DoS in protobuf-java, requires significant refactoring via
CVE-2022-3171
CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat
in proto ...)
[experimental] - protobuf 3.21.7-1
- - protobuf 3.21.9-3 (unimportant)
+ - protobuf 3.21.9-3
+ [bullseye] - protobuf <ignored> (Too intrusive to backport, requires
significant refactoring via CVE-2022-3171)
NOTE:
https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9
(v21.7, v3.21.7)
NOTE: CPU DoS in protobuf-java, requires significant refactoring via
CVE-2022-3171
CVE-2022-3508
@@ -50863,7 +50865,8 @@ CVE-2022-3172
NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite
versio ...)
[experimental] - protobuf 3.21.7-1
- - protobuf 3.21.9-3 (unimportant)
+ - protobuf 3.21.9-3
+ [bullseye] - protobuf <ignored> (Too intrusive to backport, requires
significant refactoring via CVE-2022-3171)
NOTE:
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
NOTE: https://github.com/protocolbuffers/protobuf/pull/10664
NOTE: https://github.com/protocolbuffers/protobuf/pull/10665
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f530ed3b79332ddeec147aa7e4a5d72ac589039c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f530ed3b79332ddeec147aa7e4a5d72ac589039c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
