Debian Security Advisory 5260-1

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5260-1                   [email protected]://www.debian.org/security/                       Moritz MuehlenhoffOctober 23, 2022                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : lavaCVE ID         : CVE-2022-42902Debian Bug     : 1021737Igor Ponomarev discovered that LAVA, a continuous integration system fordeploying operating systems onto physical and virtual hardware forrunning tests, used exec() on input passed to the server component.For the stable distribution (bullseye), this problem has been fixed inversion 2020.12-5+deb11u1.We recommend that you upgrade your lava packages.For the detailed security status of lava please refer toits security tracker page at:https://security-tracker.debian.org/tracker/lavaFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNViSgACgkQEMKTtsN8TjbTZQ/+PZMyV4LA6box8yB3VGBSBfh4NSDKqtc0YqmsBhMFbiXAtSqNfxr93GEId+e6cHdGJQn73g0gLj/N70922Qz7k+nC7+kjDBul19S84M2gp5O9OWaOgXwZVBS2BFJQkdGz4yG1bp94GxX/S66q1podS+NWFP6M87OD3eB/XnBUIPYj9K+ItUiSwr3XNiXvqF1ocItc4yGjtJDM8Dh7avYL0mVLJ+VEZV3x2JVGR2ytTDOQOT9MOiNl5aG+PziP8nzxUN4XcS5vSjFQjCNrfEJ43vCR5n20KBFMgTA8NlRGqKhElHuel2MC2R4UreOnw7l6/6b05aaUfXJhi94KZx8/4ZEniL7MF6WyGmCnXp2oRlEM07U+nefTOo2qPbPfEm4fFYajFVSO7Spq4GbSYdDku1/83zoa1BFOw3UU2YQhYfNFhmcR6cLoqdVwvjitSbIfysdtvWWXef0q1cdmI5M1GWfiuIOstUQsleOQCBDxqMyGtxoZzvwwDyAteZe8dV8iBwgDPYwuii40l0/0npSVEsmwMUCz6K6D0b0AxmGmAf487c64WErQhlRF9dl/VYzwLtPJNweEUC3y3CwhrdFu1J3w/4Blj0+ynnMgqUENwMFvCTJlitbMy74oDUY3qu3tGE52FGCODrct5ksPShI9KBAyE7DDlnsapJjV0yuvxZQ==b+Kz-----END PGP SIGNATURE-----