[Git][security-tracker-team/security-tracker][master] mark three CVEs as ignored for bullseye/buster, only relevant for AD
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Mar 24 20:33:26 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
810bdcd3 by Moritz Mühlenhoff at 2024-03-24T21:32:12+01:00
mark three CVEs as ignored for bullseye/buster, only relevant for AD
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -95330,6 +95330,8 @@ CVE-2022-44640 (Heimdal before 7.7.1 allows remote attackers to execute arbitrar
{DSA-5287-1 DLA-3206-1}
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- samba 2:4.17.4+dfsg-1
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
+ [buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
NOTE: https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e (heimdal-7.7.1)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14929
@@ -102125,6 +102127,8 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- krb5 1.20.1-1 (bug #1024267)
- samba 2:4.17.3+dfsg-1
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
+ [buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2022-42898.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15203
NOTE: samba: only exploitable in 32-bit systems, according to upstream advisory
@@ -115648,6 +115652,8 @@ CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability)
NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
+ [buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2022-37966.html
NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810bdcd36746e1d7c8791bc3bf59633e1024fbfb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810bdcd36746e1d7c8791bc3bf59633e1024fbfb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240324/3a4a736f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list