[Git][security-tracker-team/security-tracker][master] bullseye/bookworm/samba triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Aug 28 22:04:47 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fef73cb9 by Moritz Muehlenhoff at 2023-08-28T23:03:06+02:00
bullseye/bookworm/samba triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52316,6 +52316,8 @@ CVE-2022-45142 (The fix for CVE-2022-3437 included changing memcmp to be constan
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296
 CVE-2022-45141 (Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerabili ...)
 	- samba 2:4.16.0+dfsg-2
+	[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
+	[buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
 	NOTE: https://www.samba.org/samba/security/CVE-2022-45141.html
 CVE-2022-45140 (The configuration backend allows an unauthenticated user to write arbi ...)
 	NOT-FOR-US: WAGO
@@ -62021,6 +62023,7 @@ CVE-2022-3437 (A heap-based buffer overflow vulnerability was found in Samba wit
 	NOTE: https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696 (heimdal-7.7.1)
 	NOTE: https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2 (heimdal-7.7.1)
 	NOTE: https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef (heimdal-7.7.1)
+	NOTE: In scope for continued Samba support
 CVE-2021-46845
 	RESERVED
 CVE-2020-36606
@@ -85923,6 +85926,7 @@ CVE-2022-2127 (An out-of-bounds read vulnerability was found in Samba due to ins
 	{DSA-5477-1}
 	- samba 2:4.18.5+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2022-2127.html
+	NOTE: In scope for continued Samba support
 CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.)
 	{DLA-3053-1}
 	- vim 2:9.0.0135-1 (unimportant; bug #1015984)
@@ -96257,7 +96261,7 @@ CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allo
 CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable random val ...)
 	[experimental] - samba 2:4.17.0+dfsg-1
 	- samba 2:4.16.5+dfsg-2 (bug #1021024)
-	[bullseye] - samba <postponed> (Minor issue)
+	[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
 	[buster] - samba <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103
 	NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2644
@@ -119907,12 +119911,13 @@ CVE-2021-46181
 CVE-2021-46180
 	RESERVED
 CVE-2021-46179 (Reachable Assertion vulnerability in upx before 4.0.0 allows attackers ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/545
 	NOTE: https://github.com/upx/upx/commit/4a9c46253e308d60b550e9f529e7d37daf978be5 (v3.99)
 	NOTE: https://github.com/upx/upx/commit/2d6987252ef4cec9b9051e3e161977ab88b67aac (v3.99)
 	NOTE: https://github.com/upx/upx/commit/fcdf0e92c1a2d89188ec7b50fb9b40ef51362560 (v3.99)
 	NOTE: https://github.com/upx/upx/commit/be23f93ee6853a688fb9a920c9ee5222aa212303 (v3.99)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-46178
 	RESERVED
 CVE-2021-46177
@@ -196187,6 +196192,8 @@ CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate s
 	NOTE: Bogus issue, can be configured using MaxClientsPerIP in pure-ftpd.conf configuration file
 CVE-2020-35357 (A buffer overflow can occur when calculating the quantile value using  ...)
 	- gsl <unfixed>
+	[bookworm] - gsl <no-dsa> (Minor issue)
+	[bullseye] - gsl <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?59624
 	NOTE: https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859
 CVE-2020-35356
@@ -211787,6 +211794,7 @@ CVE-2020-25720
 	RESERVED
 	- samba 2:4.17.8+dfsg-1
 	[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
+	[buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14810
 	NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2514
 	NOTE: https://gitlab.com/samba-team/samba/-/commit/cc64ea24daa649dc8de4a212c7abfbe111095655



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fef73cb9c1c14644a0247befa9f8b002cb73ae5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fef73cb9c1c14644a0247befa9f8b002cb73ae5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230828/63c43ba3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list