[Git][security-tracker-team/security-tracker][master] Reserve DLA-3974-1 for dnsmasq

Lee Garrett (@lgarrett) Fri, 29 Nov 2024 07:11:03 -0800


Lee Garrett pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1fdf666a by Lee Garrett at 2024-11-29T16:10:33+01:00
Reserve DLA-3974-1 for dnsmasq

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -135882,7 +135882,6 @@ CVE-2023-28451 (An issue was discovered in Technitium 
11.0.2. There is a vulnera
 CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default 
maximum ED ...)
        - dnsmasq 2.90-1 (bug #1033165)
        [bookworm] - dnsmasq <no-dsa> (Minor issue)
-       [bullseye] - dnsmasq <no-dsa> (Minor issue)
        [buster] - dnsmasq <no-dsa> (Minor issue)
        NOTE: 
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
 CVE-2023-1424 (Buffer Copy without Checking Size of Input ('Classic Buffer 
Overflow') ...)
@@ -220477,7 +220476,6 @@ CVE-2022-26884 (Users can read any files by log 
server, Apache DolphinScheduler
        NOT-FOR-US: Apache DolphinScheduler
 CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was 
found in dn ...)
        - dnsmasq 2.87-1 (bug #1014715)
-       [bullseye] - dnsmasq <no-dsa> (Minor issue)
        [buster] - dnsmasq <no-dsa> (Minor issue)
        [stretch] - dnsmasq <no-dsa> (Minor issue)
        NOTE: 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Nov 2024] DLA-3974-1 dnsmasq - security update
+       {CVE-2022-0934 CVE-2023-28450 CVE-2023-50387 CVE-2023-50868}
+       [bullseye] - dnsmasq 2.85-1+deb11u1
 [28 Nov 2024] DLA-3973-1 redis - security update
        {CVE-2022-35977 CVE-2024-31228}
        [bullseye] - redis 5:6.0.16-1+deb11u4


=====================================
data/dla-needed.txt
=====================================
@@ -58,13 +58,6 @@ clamav
   NOTE: 20241121: Added by Front-Desk (Beuc)
   NOTE: 20241121: Bump to 0.103.12 to follow fixes from bookworm 12.8 (2 CVEs) 
(Beuc/front-desk)
 --
-dnsmasq (lee)
-  NOTE: 20240313: Added by oldstable Security Team (jmm)
-  NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and 
CVE-2023-50868
-  NOTE: 20240802: look quite disruptive. Contacting maintainer to consult on 
the best course of
-  NOTE: 20240802: action. (lee)
-  NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
 edk2
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fdf666a18ccf054dd859cca4fd399ca064272a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fdf666a18ccf054dd859cca4fd399ca064272a4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3974-1 for dnsmasq

Reply via email to