Santiago R.R. pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c3b37c9 by Santiago Ruano Rincón at 2024-04-22T09:06:25-03:00
Reserve DLA-3792-1 for samba
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -288613,7 +288613,6 @@ CVE-2020-14383 (A flaw was found in samba's DNS
server. An authenticated user co
{DLA-2463-1}
[experimental] - samba 2:4.13.2+dfsg-1
- samba 2:4.13.2+dfsg-2 (bug #973398)
- [buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2020-14383.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14472
CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0
where, ...)
@@ -288900,7 +288899,6 @@ CVE-2020-14323 (A null pointer dereference flaw was
found in samba's Winbind ser
{DLA-2463-1}
[experimental] - samba 2:4.13.2+dfsg-1
- samba 2:4.13.2+dfsg-2 (bug #973399)
- [buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2020-14323.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14436
CVE-2020-14322 (In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo
needed to l ...)
@@ -288915,7 +288913,6 @@ CVE-2020-14318 (A flaw was found in the way samba
handled file and directory per
{DLA-2463-1}
[experimental] - samba 2:4.13.2+dfsg-1
- samba 2:4.13.2+dfsg-2 (bug #973400)
- [buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2020-14318.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14434
CVE-2020-14317 (It was found that the issue for security flaw CVE-2019-3805
appeared a ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Apr 2024] DLA-3792-1 samba - security update
+ {CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 CVE-2022-2127
CVE-2022-3437 CVE-2022-32742 CVE-2023-4091}
+ [buster] - samba 2:4.9.5+dfsg-5+deb10u5
[22 Apr 2024] DLA-3791-1 thunderbird - security update
{CVE-2024-2609 CVE-2024-3302 CVE-2024-3852 CVE-2024-3854 CVE-2024-3857
CVE-2024-3859 CVE-2024-3861 CVE-2024-3864}
[buster] - thunderbird 1:115.10.1-1~deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -281,10 +281,6 @@ runc (dleidert)
NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in
bullseye.
NOTE: 20240314: Uploads to ospu should be coordinated. (roberto)
--
-samba (Santiago)
- NOTE: 20230918: Added by Front-Desk (apo)
- NOTE: 20240406: Update should be ready. Will upload this Monday. (Santiago)
---
sendmail (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not
publish patches (CVE-2023-51765)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c3b37c90df72638fb3c2c96e87b26278e57b94a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c3b37c90df72638fb3c2c96e87b26278e57b94a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
