Ubuntu CVE Tracker

Merge ~bruce-cable/ubuntu-cve-tracker:cve-status-updates into ubuntu-cve-tracker:master

  1. Git
  2. lp:~bruce-cable/ubuntu-cve-tracker
  3. cve-status-updates
  4. Merge into master
Proposed by Bruce Cable
Status: Merged
Merged at revision: 2e854f362fef24d8634c61f1fddb2745f53249a9
Proposed branch: ~bruce-cable/ubuntu-cve-tracker:cve-status-updates
Merge into: ubuntu-cve-tracker:master
Diff against target: 67 lines (+18/-18)
2 files modified
active/CVE-2022-22995 (+11/-11)
active/CVE-2023-3164 (+7/-7)
Reviewer Review Type Date Requested Status
Evan Caville Approve
Alex Murray Approve
Review via email: mp+466475@code.launchpad.net

Commit message

Status updates for CVE-2022-22995 and CVE-2023-3164

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM (I was going to suggest that for noble and devel these should be marked as 'released' rather than 'not-affected' but then I see that the change to mark devel as not-affected was done by me as part of our https://wiki.ubuntu.com/SecurityTeam/ReleaseCycle#Infrastructure_.28devel.29 processes so then let's leave it as not-affected)

review: Approve
Revision history for this message
Alex Murray (alexmurray) wrote :

oh whoops, I didn't notice you explicitly tagged Evan for review - apologies, I just merged it!

Revision history for this message
Evan Caville (evancaville) wrote :

I approve alex's approval of this pr

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/CVE-2022-22995 b/active/CVE-2022-22995
2index f21821c..2fc3849 100644
3--- a/active/CVE-2022-22995
4+++ b/active/CVE-2022-22995
5@@ -16,24 +16,24 @@ Bugs:
6 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053545
7 Priority: medium
8 Discovered-by:
9-Assigned-to:
10+Assigned-to: bruce-cable
11 CVSS:
12 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
13
14 Patches_netatalk:
15 upstream_netatalk: released (3.1.18~ds-1)
16 trusty_netatalk: ignored (end of standard support)
17-trusty/esm_netatalk: needs-triage
18+trusty/esm_netatalk: not-affected (code not present)
19 xenial_netatalk: ignored (end of standard support)
20-esm-apps/xenial_netatalk: needs-triage
21+esm-apps/xenial_netatalk: not-affected (code not present)
22 bionic_netatalk: ignored (end of standard support)
23-esm-apps/bionic_netatalk: needs-triage
24-focal_netatalk: needs-triage
25-esm-apps/focal_netatalk: needs-triage
26-jammy_netatalk: needs-triage
27-esm-apps/jammy_netatalk: needs-triage
28+esm-apps/bionic_netatalk: not-affected (code not present)
29+focal_netatalk: needed
30+esm-apps/focal_netatalk: needed
31+jammy_netatalk: needed
32+esm-apps/jammy_netatalk: needed
33 lunar_netatalk: ignored (end of life, was needs-triage)
34-mantic_netatalk: needs-triage
35-noble_netatalk: needs-triage
36-esm-apps/noble_netatalk: needs-triage
37+mantic_netatalk: needed
38+noble_netatalk: not-affected (3.1.18~ds-1build4)
39+esm-apps/noble_netatalk: not-affected (3.1.18~ds-1build4)
40 devel_netatalk: not-affected (3.1.18~ds-1build4)
41diff --git a/active/CVE-2023-3164 b/active/CVE-2023-3164
42index c98a0fe..d77fa2c 100644
43--- a/active/CVE-2023-3164
44+++ b/active/CVE-2023-3164
45@@ -26,15 +26,15 @@ CVSS:
46 Patches_tiff:
47 upstream_tiff: needs-triage
48 trusty_tiff: ignored (end of standard support)
49-trusty/esm_tiff: deferred
50+trusty/esm_tiff: needed
51 xenial_tiff: ignored (end of standard support)
52-esm-infra/xenial_tiff: deferred
53+esm-infra/xenial_tiff: needed
54 bionic_tiff: ignored (end of standard support)
55-esm-infra/bionic_tiff: deferred
56-focal_tiff: deferred
57-jammy_tiff: deferred
58+esm-infra/bionic_tiff: needed
59+focal_tiff: needed
60+jammy_tiff: needed
61 kinetic_tiff: ignored (end of life, was needs-triage)
62 lunar_tiff: ignored (end of life, was deferred)
63-mantic_tiff: deferred
64-noble_tiff: deferred
65+mantic_tiff: needed
66+noble_tiff: needed
67 devel_tiff: deferred

Subscribers

People subscribed via source and target branches