[Git][security-tracker-team/security-tracker][master] Reserve DLA-3987-1 for renderdoc

Adrian Bunk (@bunk) bunk at debian.org
Sun Dec 8 16:59:45 GMT 2024



Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c419ab44 by Adrian Bunk at 2024-12-08T18:59:32+02:00
Reserve DLA-3987-1 for renderdoc

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -125389,7 +125389,6 @@ CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a sy
 	{DLA-3501-1}
 	- renderdoc 1.27+dfsg-1 (bug #1037208)
 	[bookworm] - renderdoc <no-dsa> (Minor issue)
-	[bullseye] - renderdoc <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27)
@@ -125400,7 +125399,6 @@ CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows a
 	{DLA-3501-1}
 	- renderdoc 1.27+dfsg-1 (bug #1037208)
 	[bookworm] - renderdoc <no-dsa> (Minor issue)
-	[bullseye] - renderdoc <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27)
@@ -125411,7 +125409,6 @@ CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer Overfl
 	{DLA-3501-1}
 	- renderdoc 1.27+dfsg-1 (bug #1037208)
 	[bookworm] - renderdoc <no-dsa> (Minor issue)
-	[bullseye] - renderdoc <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Dec 2024] DLA-3987-1 renderdoc - security update
+	{CVE-2023-33863 CVE-2023-33864 CVE-2023-33865}
+	[bullseye] - renderdoc 1.11+dfsg-5+deb11u1
 [08 Dec 2024] DLA-3986-1 php7.4 - security update
 	{CVE-2024-8929 CVE-2024-8932 CVE-2024-11233 CVE-2024-11234 CVE-2024-11236}
 	[bullseye] - php7.4 7.4.33-1+deb11u7


=====================================
data/dla-needed.txt
=====================================
@@ -195,11 +195,6 @@ qemu (santiago)
   NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
   NOTE: 20241119: Bookworm PU in progress https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086572
 --
-renderdoc (Adrian Bunk)
-  NOTE: 20241206: Added by coordinator (roberto)
-  NOTE: 20241206: CVE-2023-33863, CVE-2023-33864, and CVE-2023-33865 were fixed in buster, are still open (no-dsa) in bullseye and bookworm
-  NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/171
---
 ruby-doorkeeper (Adrian Bunk)
   NOTE: 20241206: Added by coordinator (roberto)
   NOTE: 20241206: CVE-2023-34246 was fixed in buster, is still open (no-dsa) in bullseye and bookworm



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c419ab4486502c4bd4fbaca36bb59871c8d843b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c419ab4486502c4bd4fbaca36bb59871c8d843b9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241208/2ab10d76/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list