[Git][security-tracker-team/security-tracker][master] Reserve DLA-3436-1 for sssd

Mon May 29 14:17:56 BST 2023


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d961e0cf by Guilhem Moulin at 2023-05-29T15:16:50+02:00
Reserve DLA-3436-1 for sssd

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -36482,7 +36482,6 @@ CVE-2022-4255 (An info leak issue was identified in all versions of GitLab EE fr
 	- gitlab <not-affected> (Specific to EE)
 CVE-2022-4254 (sssd: libsss_certmap fails to sanitise certificate data used in LDAP f ...)
 	- sssd 2.3.1-1
-	[buster] - sssd <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2149894
 	NOTE: https://github.com/SSSD/sssd/issues/5135
 	NOTE: https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274
@@ -142309,7 +142308,6 @@ CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable
 	{DLA-2758-1}
 	- sssd 2.5.2-1 (bug #992710)
 	[bullseye] - sssd <no-dsa> (Minor issue)
-	[buster] - sssd <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
 	NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe (sssd-2-7)
 	NOTE: https://github.com/SSSD/sssd/commit/b4b32677a886bc26d60ce0171505aa3ab0c82c8a (sssd-1-16)
@@ -309587,7 +309585,6 @@ CVE-2019-3812 (QEMU, through version 2.10 and through version 3.1.0, is vulnerab
 CVE-2019-3811 (A vulnerability was found in sssd. If a user was configured with no ho ...)
 	{DLA-1635-1}
 	- sssd 2.2.0-1 (bug #919051)
-	[buster] - sssd <no-dsa> (Minor issue)
 	[stretch] - sssd <no-dsa> (Minor issue)
 	NOTE: Upstream ticket: https://pagure.io/SSSD/sssd/issue/3901
 	NOTE: Pull request: https://github.com/SSSD/sssd/pull/703
@@ -328389,7 +328386,6 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer o
 	NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
 CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation. When the ...)
 	- sssd 2.2.0-1 (bug #931432)
-	[buster] - sssd <no-dsa> (Minor issue)
 	[stretch] - sssd <no-dsa> (Minor issue)
 	[jessie] - sssd <not-affected> (GPO based access control introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640820


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 May 2023] DLA-3436-1 sssd - security update
+	{CVE-2018-16838 CVE-2019-3811 CVE-2021-3621 CVE-2022-4254}
+	[buster] - sssd 1.16.3-3.2+deb10u1
 [28 May 2023] DLA-3435-1 rainloop - security update
 	{CVE-2019-13389 CVE-2022-29360}
 	[buster] - rainloop 1.12.1-2+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -211,11 +211,6 @@ samba
   NOTE: 20220904: Many postponed or open CVE in general. (apo)
   NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee)
 --
-sssd (guilhem)
-  NOTE: 20230131: Programming language: C.
-  NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
-  NOTE: 20230508: WIP (gladk)
---
 webkit2gtk (Emilio)
   NOTE: 20230512: Programming language: C++.
   NOTE: 20230512: VCS: https://salsa.debian.org/webkit-team/webkit.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d961e0cfa51f54fc061b57ee03167b9125662965

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d961e0cfa51f54fc061b57ee03167b9125662965
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230529/a52c91f8/attachment-0001.htm>
