Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2b6222ed by Bastien Roucariès at 2024-02-03T09:05:40+00:00 Reserve DLA-3732-1 for sudo - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -50357,12 +50357,10 @@ CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by netwo CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...) - sudo 1.9.13p1-1 [bullseye] - sudo <no-dsa> (Minor issue) - [buster] - sudo <no-dsa> (Minor issue) NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log messages.) - sudo 1.9.13p1-1 [bullseye] - sudo <no-dsa> (Minor issue) - [buster] - sudo <no-dsa> (Minor issue) NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca NOTE: https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b (fix a regression) CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in file previ ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[03 Feb 2024] DLA-3732-1 sudo - security update + {CVE-2023-7090 CVE-2023-28486 CVE-2023-28487} + [buster] - sudo 1.8.27-1+deb10u6 [01 Feb 2024] DLA-3731-1 man-db - sandboxing fixes [buster] - man-db 2.8.5-2+deb10u1 [01 Feb 2024] DLA-3730-1 python-asyncssh - security update ===================================== data/dla-needed.txt ===================================== @@ -229,11 +229,6 @@ squid NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix NOTE: 20240109: appears to be intrusive. I could not locate the fix for CVE-2023-49288 yet. (apo) -- -sudo (rouca) - NOTE: 20231224: Added by Front-Desk (ta) - NOTE: 20240128: Wait for review by sudo team (rouca) - NOTE: 20240128: Ported test suite (rouca) --- suricata (Adrian Bunk) NOTE: 20230620: Added by Front-Desk (Beuc) NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6222ed8da2765e55a2ff7a292add3e35438dd2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6222ed8da2765e55a2ff7a292add3e35438dd2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits