[Git][security-tracker-team/security-tracker][master] Reserve DLA-3829-1 for sendmail

Bastien Roucariès (@rouca) rouca at debian.org
Sat Jun 15 08:33:40 BST 2024



Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a931aa5 by Bastien Roucariès at 2024-06-15T07:33:19+00:00
Reserve DLA-3829-1 for sendmail

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Jun 2024] DLA-3829-1 sendmail - security update
+	{CVE-2023-51765}
+	[buster] - sendmail 8.15.2-14~deb10u2
 [14 Jun 2024] DLA-3828-1 atril - security update
 	{CVE-2023-52076}
 	[buster] - atril 1.20.3-1+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -298,22 +298,6 @@ runc (dleidert)
   NOTE: 20240521: Already started to work on it. Upload will haben until end of month. (dleidert)
   NOTE: 20240531: Waiting for ok to upload to bullseye-pu <https://bugs.debian.org/1072248> (dleidert)
 --
-sendmail (rouca)
-  NOTE: 20231224: Added by Front-Desk (ta)
-  NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not publish patches (CVE-2023-51765)
-  NOTE: 20240217: Patch extracted and being reviewed (rouca)
-  NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk)
-  NOTE: 20240311: Re-added to dla-needed.txt; while secteam tagged it no-dsa in later dists,
-  NOTE: 20240311: I believe we should fix this sponsored package, like postfix and exim, in all dists,
-  NOTE: 20240311: please coordinate with the package maintainer to help make this happen. (Beuc/front-desk)
-  NOTE: 20240324: some issue coordinate with myself and security team (rouca)
-  NOTE: 20240425: need more time to investigate issue
-  NOTE: 20240430: https://marc.info/?l=oss-security&m=171447187004229&w=2
-  NOTE: 20240506: add possible workarround see #1070190
-  NOTE: 20240514: sid is on the way
-  NOTE: 20240525: sid/testing ok. Bookworm PU
-  NOTE: 20240614: bullseye PU
---
 squid
   NOTE: 20240109: Added by Front-Desk (apo)
   NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a931aa54e27136ce65714e718838551d67b11dc

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a931aa54e27136ce65714e718838551d67b11dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240615/2e19591b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list