[Secure-testing-commits] r52682 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jun 18 05:59:07 UTC 2017
Author: carnil
Date: 2017-06-18 05:59:07 +0000 (Sun, 18 Jun 2017)
New Revision: 52682
Modified:
data/CVE/list
Log:
Add two workaround entries for sudo
Not strictly needed, since in two days sudo will migrate and the version
discrepancy will dissaper. But no harm either to track those fixing
versions. The reason is that security-tracker does not version tracking
like BTS, and sudo was uploaded to testing-proposed-updates, propped up
to buster on release. This is not a problem for all other uploads which
were released via stretch-security during the deep freeze 2 week window
time.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-18 05:03:03 UTC (rev 52681)
+++ data/CVE/list 2017-06-18 05:59:07 UTC (rev 52682)
@@ -1230,12 +1230,14 @@
NOTE: Fixed by: https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728 (v4.12-rc5)
CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an ...)
- sudo 1.8.20p1-1.1 (bug #863897)
+ [buster] - sudo 1.8.19p1-2.1
[stretch] - sudo 1.8.19p1-2.1
NOTE: http://www.openwall.com/lists/oss-security/2017/06/02/7
NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an ...)
{DSA-3867-1 DLA-970-1}
- sudo 1.8.20p1-1 (bug #863731)
+ [buster] - sudo 1.8.19p1-2
[stretch] - sudo 1.8.19p1-2
NOTE: https://www.sudo.ws/alerts/linux_tty.html
NOTE: http://www.openwall.com/lists/oss-security/2017/05/30/16
More information about the Secure-testing-commits
mailing list