[Git][security-tracker-team/security-tracker][master] 4 commits: Remove one unused NOTE

Sun Dec 29 11:59:37 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b75dc557 by Salvatore Bonaccorso at 2019-12-29T11:50:28Z
Remove one unused NOTE

- - - - -
4e6e16d9 by Salvatore Bonaccorso at 2019-12-29T11:55:41Z
Add upstream commit reference for CVE-2018-10852

- - - - -
b051178a by Salvatore Bonaccorso at 2019-12-29T11:56:14Z
Add fixed version for CVE-2018-10852/sssd

- - - - -
b42513ae by Salvatore Bonaccorso at 2019-12-29T11:58:02Z
Remove buster tagged source entry for CVE-2018-10852/sssd

The issue was fixed in 1.16.3 upstream, included in the 1.16.3-1 upload
to unstable and did make it apparently to buster.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72027,7 +72027,6 @@ CVE-2018-16883 (sssd versions from 1.13.0 to before 2.0.0 did not properly restr
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1659862
 	NOTE: Fixed in upstream 2.0.0 while refactoring code
 	NOTE: Fixed by https://pagure.io/SSSD/sssd/c/fbe2476a3dd9be83ffa85c29dca26f734618d72d?branch=master
-	NOTE: Fixes for older branches will be provided in January 2019.
 CVE-2018-16882 (A use-after-free issue was found in the way the Linux kernel's KVM hyp ...)
 	- linux 4.19.13-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -88386,10 +88385,10 @@ CVE-2018-10853 (A flaw was found in the way Linux kernel KVM hypervisor before 4
 	NOTE: Fixed by: https://git.kernel.org/linus/3c9fa24ca7c9c47605672916491f79e8ccacb9e6
 CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the available s ...)
 	{DLA-1429-1}
-	- sssd <unfixed> (bug #902860)
-	[buster] - sssd <no-dsa> (Minor issue)
+	- sssd 1.16.3-1 (bug #902860)
 	[stretch] - sssd <no-dsa> (Minor issue)
 	NOTE: https://pagure.io/SSSD/sssd/issue/3766
+	NOTE: https://pagure.io/SSSD/sssd/c/ed90a20a0f0e936eb00d268080716c0384ffb01d (master, ssd-1_16_3)
 CVE-2018-10851 (PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4. ...)
 	- pdns 4.1.5-1 (bug #913163)
 	[stretch] - pdns 4.0.3-1+deb9u3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3ddc1c2172ff36a897b41a11bce2852c4ee69e7e...b42513ae30e2565a157a67580f1d1e89cfeddffc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3ddc1c2172ff36a897b41a11bce2852c4ee69e7e...b42513ae30e2565a157a67580f1d1e89cfeddffc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191229/f277654c/attachment.html>
