[Git][security-tracker-team/security-tracker][master] Reserve DLA-3181-1 for sudo
Chris Lamb (@lamby)
lamby at debian.org
Mon Nov 7 12:02:04 GMT 2022
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e018d7ab by Chris Lamb at 2022-11-07T12:01:32+00:00
Reserve DLA-3181-1 for sudo
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -130956,7 +130956,6 @@ CVE-2021-23240 (selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows
NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
CVE-2021-23239 (The sudoedit personality of Sudo before 1.9.5 may allow a local unpriv ...)
- sudo 1.9.5-1
- [buster] - sudo <ignored> (Minor issue)
[stretch] - sudo <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2
NOTE: https://www.sudo.ws/repos/sudo/rev/ea19d0073c02
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Nov 2022] DLA-3181-1 sudo - security update
+ {CVE-2021-23239}
+ [buster] - sudo 1.8.27-1+deb10u4
[07 Nov 2022] DLA-3180-1 python-scciclient - security update
{CVE-2022-2996}
[buster] - python-scciclient 0.7.2-2+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -264,9 +264,6 @@ sox
NOTE: 20220818: Requires some investigation; see #1012138 etc.
NOTE: 20221003: https://sourceforge.net/p/sox/bugs/362/ Re-pinged upstream committer (abhijith)
--
-sudo (Chris Lamb)
- NOTE: 20221105: Programming language: C.
---
tiff
NOTE: 20221031: Programming language: C.
NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/tiff.git
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e018d7ab6a1b374d58dd7d8118dc130f23160e62
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e018d7ab6a1b374d58dd7d8118dc130f23160e62
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221107/7697bb02/attachment.htm>
More information about the debian-security-tracker-commits
mailing list