[Git][security-tracker-team/security-tracker][master] Reserve DLA-3732-1 for sudo
Bastien Roucariès (@rouca)
rouca at debian.org
Sat Feb 3 09:06:12 GMT 2024
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b6222ed by Bastien Roucariès at 2024-02-03T09:05:40+00:00
Reserve DLA-3732-1 for sudo
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -50357,12 +50357,10 @@ CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by netwo
CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...)
- sudo 1.9.13p1-1
[bullseye] - sudo <no-dsa> (Minor issue)
- [buster] - sudo <no-dsa> (Minor issue)
NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log messages.)
- sudo 1.9.13p1-1
[bullseye] - sudo <no-dsa> (Minor issue)
- [buster] - sudo <no-dsa> (Minor issue)
NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
NOTE: https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b (fix a regression)
CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in file previ ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Feb 2024] DLA-3732-1 sudo - security update
+ {CVE-2023-7090 CVE-2023-28486 CVE-2023-28487}
+ [buster] - sudo 1.8.27-1+deb10u6
[01 Feb 2024] DLA-3731-1 man-db - sandboxing fixes
[buster] - man-db 2.8.5-2+deb10u1
[01 Feb 2024] DLA-3730-1 python-asyncssh - security update
=====================================
data/dla-needed.txt
=====================================
@@ -229,11 +229,6 @@ squid
NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix
NOTE: 20240109: appears to be intrusive. I could not locate the fix for CVE-2023-49288 yet. (apo)
--
-sudo (rouca)
- NOTE: 20231224: Added by Front-Desk (ta)
- NOTE: 20240128: Wait for review by sudo team (rouca)
- NOTE: 20240128: Ported test suite (rouca)
---
suricata (Adrian Bunk)
NOTE: 20230620: Added by Front-Desk (Beuc)
NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie,
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6222ed8da2765e55a2ff7a292add3e35438dd2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6222ed8da2765e55a2ff7a292add3e35438dd2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240203/0870774c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list