[Git][security-tracker-team/security-tracker][master] Reserve DLA-3732-1 for sudo

@rouca Sat, 03 Feb 2024 01:06:20 -0800


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2b6222ed by Bastien Roucariès at 2024-02-03T09:05:40+00:00
Reserve DLA-3732-1 for sudo

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -50357,12 +50357,10 @@ CVE-2023-28488 (client.c in gdhcp in ConnMan through 
1.41 could be used by netwo
 CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in 
sudoreplay ou ...)
        - sudo 1.9.13p1-1
        [bullseye] - sudo <no-dsa> (Minor issue)
-       [buster] - sudo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
 CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log 
messages.)
        - sudo 1.9.13p1-1
        [bullseye] - sudo <no-dsa> (Minor issue)
-       [buster] - sudo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
        NOTE: 
https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b
 (fix a regression)
 CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in 
file previ ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Feb 2024] DLA-3732-1 sudo - security update
+       {CVE-2023-7090 CVE-2023-28486 CVE-2023-28487}
+       [buster] - sudo 1.8.27-1+deb10u6
 [01 Feb 2024] DLA-3731-1 man-db - sandboxing fixes
        [buster] - man-db 2.8.5-2+deb10u1
 [01 Feb 2024] DLA-3730-1 python-asyncssh - security update


=====================================
data/dla-needed.txt
=====================================
@@ -229,11 +229,6 @@ squid
   NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix
   NOTE: 20240109: appears to be intrusive. I could not locate the fix for 
CVE-2023-49288 yet. (apo)
 --
-sudo (rouca)
-  NOTE: 20231224: Added by Front-Desk (ta)
-  NOTE: 20240128: Wait for review by sudo team (rouca)
-  NOTE: 20240128: Ported test suite (rouca)
---
 suricata (Adrian Bunk)
   NOTE: 20230620: Added by Front-Desk (Beuc)
   NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with 
last LTS update in Jessie,



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6222ed8da2765e55a2ff7a292add3e35438dd2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6222ed8da2765e55a2ff7a292add3e35438dd2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3732-1 for sudo

Reply via email to