| === arif-ali_ is now known as arif-ali | ||
| === fauxpide is now known as fauxpride | ||
| jdstrand | pfsmorigo_, et al: hi! I saw https://ubuntu.com/security/notices/USN-5712-1 come in which says it fixed CVE-2022-35737. I then went to https://ubuntu.com/security/CVE-2022-35737 and see it isn't fixed anywhere. I then went to https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-35737 and see it is also not marked as released | 19:33 |
|---|---|---|
| -ubottu:#ubuntu-security- SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737> | 19:33 | |
| jdstrand | pfsmorigo_: I then wondered if esm data is being stored in UCT (I thought I recalled that it was). If so, I guess UCT just hasn't been updated yet... | 19:34 |
| jdstrand | ok, yes, eg active/CVE-2022-42012 has esm-infra/xenial_dbus: released (1.10.6-1ubuntu3.6+esm2) | 19:37 |
| -ubottu:#ubuntu-security- An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012> | 19:37 | |
| jdstrand | pfsmorigo_: nm, I answered my own question. Looks like UCT just hasn't been updated yet | 19:38 |
| enyc | https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa Thunderbird 102.4.1 in -proposed yet??!? | 19:42 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!