Ubuntu
dogtag-pki package

CVE-2022-2414 not assigned/evaluated correctly

Bug #1987054 reported by Stefan Fleischmann on 2022-08-19

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	dogtag-pki (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

In the CVE tracker https://ubuntu.com/security/CVE-2022-2414 all recent Ubuntu releases are marked as "not vulnerable", I think this is wrong. We can see in the Debian tracker that the dogtag-pki *source* package is affected: https://security-tracker.debian.org/tracker/CVE-2022-2414
The dogtag-pki binary package is a metapackage, maybe that's why this slipped through? I suppose the vulnerable binary package is pki-core or similar. Anyhow, the "not vulnerable" status must be wrong.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2022-08-19:

Thanks, I've corrected the mistake in our CVE tracker. All releases are now marked as "needed".

Changed in dogtag-pki (Ubuntu):
status:	New → Fix Released

Seth Arnold (seth-arnold) on 2022-08-23

information type:

Private Security → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudogtag-pki package

CVE-2022-2414 not assigned/evaluated correctly

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
dogtag-pki package