[Git][security-tracker-team/security-tracker][master] Reserve DLA-4472-1 for sudo

Fri, 06 Feb 2026 13:24:36 -0800 


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
346b14b9 by Bastien Roucariès at 2026-02-06T22:24:09+01:00
Reserve DLA-4472-1 for sudo

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -284645,12 +284645,10 @@ CVE-2023-28488 (client.c in gdhcp in ConnMan 
through 1.41 could be used by netwo
 CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in 
sudoreplay ou ...)
        {DLA-3732-1}
        - sudo 1.9.13p1-1
-       [bullseye] - sudo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
 CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log 
messages.)
        {DLA-3732-1}
        - sudo 1.9.13p1-1
-       [bullseye] - sudo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
        NOTE: 
https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b
 (fix a regression)
 CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in 
file previ ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[06 Feb 2026] DLA-4472-1 sudo - security update
+       {CVE-2023-28486 CVE-2023-28487}
+       [bullseye] - sudo 1.9.5p2-3+deb11u3
 [06 Feb 2026] DLA-4471-1 debian-security-support - update
        [bullseye] - debian-security-support 1:11+2026.02.06
 [06 Feb 2026] DLA-4470-1 phpunit - security update


=====================================
data/dla-needed.txt
=====================================
@@ -362,11 +362,6 @@ rust-openssl
 smb4k
   NOTE: 20251217: Added by Front-Desk (pochu)
 --
-sudo (rouca)
-  NOTE: 20251130: Added by Front-Desk (rouca)
-  NOTE: 20251130: Fix CVE-2023-2848[6-7] to avoid a regression between buster 
-> bullseye
-  NOTE: 20250108: proposed fix to maintainer (rouca)
---
 suricata
   NOTE: 20250331: re added to fix next bunch of CVEs (ta)
   NOTE: 20250825: testing package (ta)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/346b14b907772d4757c1b5607801bef7a833bc52

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/346b14b907772d4757c1b5607801bef7a833bc52
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to