[Git][security-tracker-team/security-tracker][master] Reserve DLA-3792-1 for samba

Mon Apr 22 13:06:43 BST 2024


Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c3b37c9 by Santiago Ruano Rincón at 2024-04-22T09:06:25-03:00
Reserve DLA-3792-1 for samba

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -288613,7 +288613,6 @@ CVE-2020-14383 (A flaw was found in samba's DNS server. An authenticated user co
 	{DLA-2463-1}
 	[experimental] - samba 2:4.13.2+dfsg-1
 	- samba 2:4.13.2+dfsg-2 (bug #973398)
-	[buster] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2020-14383.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14472
 CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0 where,  ...)
@@ -288900,7 +288899,6 @@ CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind ser
 	{DLA-2463-1}
 	[experimental] - samba 2:4.13.2+dfsg-1
 	- samba 2:4.13.2+dfsg-2 (bug #973399)
-	[buster] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2020-14323.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14436
 CVE-2020-14322 (In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to l ...)
@@ -288915,7 +288913,6 @@ CVE-2020-14318 (A flaw was found in the way samba handled file and directory per
 	{DLA-2463-1}
 	[experimental] - samba 2:4.13.2+dfsg-1
 	- samba 2:4.13.2+dfsg-2 (bug #973400)
-	[buster] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2020-14318.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14434
 CVE-2020-14317 (It was found that the issue for security flaw CVE-2019-3805 appeared a ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Apr 2024] DLA-3792-1 samba - security update
+	{CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 CVE-2022-2127 CVE-2022-3437 CVE-2022-32742 CVE-2023-4091}
+	[buster] - samba 2:4.9.5+dfsg-5+deb10u5
 [22 Apr 2024] DLA-3791-1 thunderbird - security update
 	{CVE-2024-2609 CVE-2024-3302 CVE-2024-3852 CVE-2024-3854 CVE-2024-3857 CVE-2024-3859 CVE-2024-3861 CVE-2024-3864}
 	[buster] - thunderbird 1:115.10.1-1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -281,10 +281,6 @@ runc (dleidert)
   NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye.
   NOTE: 20240314: Uploads to ospu should be coordinated. (roberto)
 --
-samba (Santiago)
-  NOTE: 20230918: Added by Front-Desk (apo)
-  NOTE: 20240406: Update should be ready. Will upload this Monday. (Santiago)
---
 sendmail (rouca)
   NOTE: 20231224: Added by Front-Desk (ta)
   NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not publish patches (CVE-2023-51765)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c3b37c90df72638fb3c2c96e87b26278e57b94a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c3b37c90df72638fb3c2c96e87b26278e57b94a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240422/c01b2b07/attachment-0001.htm>
