[Git][security-tracker-team/security-tracker][master] Reserve DLA-3563-1 for samba

Tue Sep 12 16:58:23 BST 2023


Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b6f16251 by Lee Garrett at 2023-09-12T17:58:04+02:00
Reserve DLA-3563-1 for samba

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -276110,7 +276110,6 @@ CVE-2019-19345 (A vulnerability was found in all openshift/mediawiki-apb 4.x.x v
 	NOT-FOR-US: openshift
 CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...)
 	- samba 2:4.11.5+dfsg-1 (bug #950499)
-	[buster] - samba <no-dsa> (Minor issue)
 	[stretch] - samba <not-affected> (Only affects Samba 4.9 onwards)
 	[jessie] - samba <not-affected> (Only affects Samba 4.9 onwards)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
@@ -292162,7 +292161,6 @@ CVE-2019-14908
 CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...)
 	{DLA-2668-1}
 	- samba 2:4.11.5+dfsg-1
-	[buster] - samba <no-dsa> (Minor issue)
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
 CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...)
@@ -292187,7 +292185,6 @@ CVE-2019-14903
 CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...)
 	{DLA-2668-1}
 	- samba 2:4.11.5+dfsg-1
-	[buster] - samba <no-dsa> (Minor issue)
 	[jessie] - samba <ignored> (difficult and risky backport to 4.2 in jessie)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html
 	NOTE: Workaround: Use of 'samba-tool drs replicate $DC1 $DC2 $NC --full-sync' will
@@ -292502,7 +292499,6 @@ CVE-2019-14848
 CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...)
 	{DLA-2668-1}
 	- samba 2:4.11.0+dfsg-6
-	[buster] - samba <no-dsa> (Minor issue)
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
 CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, an ...)
@@ -292547,7 +292543,6 @@ CVE-2019-14834 (A vulnerability was found in dnsmasq before version 2.81, where
 CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0 before sa ...)
 	{DLA-2668-1}
 	- samba 2:4.11.1+dfsg-2
-	[buster] - samba <no-dsa> (Minor issue)
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14833.html
 CVE-2019-14832 (A flaw was found in the Keycloak REST API before version 8.0.0 where i ...)
@@ -307015,7 +307010,6 @@ CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml v
 CVE-2019-10218 (A flaw was found in the samba client, all samba versions before samba  ...)
 	{DLA-2668-1}
 	- samba 2:4.11.1+dfsg-2
-	[buster] - samba <no-dsa> (Minor issue)
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-10218.html
 CVE-2019-10217 (A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensit ...)
@@ -465836,7 +465830,6 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa
 CVE-2016-2124 (A flaw was found in the way samba implemented SMB1 authentication. An  ...)
 	{DSA-5003-1}
 	- samba 2:4.13.14+dfsg-1
-	[buster] - samba <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html
 CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine n ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Sep 2023] DLA-3563-1 samba - security update
+	{CVE-2016-2124 CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 CVE-2019-14902 CVE-2019-14907 CVE-2019-19344}
+	[buster] - samba 2:4.9.5+dfsg-5+deb10u4
 [12 Sep 2023] DLA-3562-1 orthanc - security update
 	{CVE-2023-33466}
 	[buster] - orthanc 1.5.6+dfsg-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -227,16 +227,6 @@ salt
   NOTE: 20230720: https://docs.saltproject.io/en/master/topics/releases/3002.html#execution-module-changes
   NOTE: 20230720: Last but not least salt is not present in stable/testing (rouca)
 --
-samba
-  NOTE: 20220904: Added by Front-Desk (apo)
-  NOTE: 20220904: Many postponed or open CVE in general. (apo)
-  NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee)
-  NOTE: 20230807: WIP package is available at git at salsa.debian.org:lts-team/packages/samba.git
-  NOTE: 20230807: in the branch "lgarrett/2023-02-23-debian/buster-proposed"
-  NOTE: 20230807: functional test framework is however needed (WIP) as most
-  NOTE: 20230807: CVEs/bugfixes don't have test coverage.
-  NOTE: 20230822: https://lists.debian.org/debian-lts/2023/08/msg00027.html (lee)
---
 suricata
   NOTE: 20230620: Added by Front-Desk (Beuc)
   NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie,



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f162515f4b01ed1aaa348f0cdb55bdd06c2b0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f162515f4b01ed1aaa348f0cdb55bdd06c2b0e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230912/81c32b9b/attachment-0001.htm>
