[Git][security-tracker-team/security-tracker][master] 5 commits: Mark CVE-2023-2848{6,7}/sudo as no-dsa for buster

Sat Mar 18 13:13:01 GMT 2023


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
958767fb by Utkarsh Gupta at 2023-03-18T18:38:53+05:30
Mark CVE-2023-2848{6,7}/sudo as no-dsa for buster

- - - - -
f67cb5c5 by Utkarsh Gupta at 2023-03-18T18:39:22+05:30
Mark CVE-2023-1175/vim as no-dsa for buster

- - - - -
28fa556a by Utkarsh Gupta at 2023-03-18T18:41:09+05:30
Mark CVE-2021-33391/tidy-html5 as no-dsa for buster

- - - - -
42acdb7f by Utkarsh Gupta at 2023-03-18T18:41:33+05:30
Mark CVE-2023-1161/wireshark as no-dsa for buster

- - - - -
512eab88 by Utkarsh Gupta at 2023-03-18T18:42:42+05:30
Add hdf5 to dla-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -349,10 +349,12 @@ CVE-2023-28488
 CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...)
 	- sudo 1.9.13p1-1
 	[bullseye] - sudo <no-dsa> (Minor issue)
+	[buster] - sudo <no-dsa> (Minor issue)
 	NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
 CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log messages. ...)
 	- sudo 1.9.13p1-1
 	[bullseye] - sudo <no-dsa> (Minor issue)
+	[buster] - sudo <no-dsa> (Minor issue)
 	NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
 CVE-2023-28485
 	RESERVED
@@ -3063,6 +3065,7 @@ CVE-2023-1176
 CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...)
 	- vim 2:9.0.1378-1
 	[bullseye] - vim <no-dsa> (Minor issue)
+	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e
 	NOTE: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba (v9.0.1378)
 CVE-2022-4930 (A vulnerability classified as problematic was found in nuxsmin sysPass ...)
@@ -3285,6 +3288,7 @@ CVE-2023-1162 (A vulnerability, which was classified as critical, was found in D
 CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 an ...)
 	- wireshark <unfixed>
 	[bullseye] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-08.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18839
 CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub repository  ...)
@@ -135849,6 +135853,7 @@ CVE-2021-33392
 CVE-2021-33391 (An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitra ...)
 	- tidy-html5 <unfixed> (bug #1032665)
 	[bullseye] - tidy-html5 <no-dsa> (Minor issue)
+	[buster] - tidy-html5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/htacg/tidy-html5/issues/946
 	NOTE: https://github.com/htacg/tidy-html5/commit/efa61528aa500a1efbd2768121820742d3bb709b
 CVE-2021-33390


=====================================
data/dla-needed.txt
=====================================
@@ -101,6 +101,13 @@ golang-yaml.v2
   NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git
   NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't).
 --
+hdf5
+  NOTE: 20230318: Programming language: C.
+  NOTE: 20230318: VCS: https://salsa.debian.org/lts-team/packages/hdf5.git
+  NOTE: 20230318: Consider fixing all the no-dsa and postponed issues as well. (utkarsh)
+  NOTE: 20230318: Enrico did some work around hdf5* packaging in the past, probably
+  NOTE: 20230318: sync w/ him. (utkarsh)
+--
 intel-microcode (tobi)
   NOTE: 20230219: Programming language: Binary blob.
   NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/intel-microcode.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/95bc6bb4b83952fbd90456ae3a1c68595fb93f3c...512eab88ab049ae26b675a88c03dda88b6e04c38

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/95bc6bb4b83952fbd90456ae3a1c68595fb93f3c...512eab88ab049ae26b675a88c03dda88b6e04c38
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230318/a0a8ff50/attachment.htm>
