[Git][security-tracker-team/security-tracker][master] Reserve DLA-3974-1 for dnsmasq

Fri Nov 29 15:10:47 GMT 2024


Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1fdf666a by Lee Garrett at 2024-11-29T16:10:33+01:00
Reserve DLA-3974-1 for dnsmasq

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -135882,7 +135882,6 @@ CVE-2023-28451 (An issue was discovered in Technitium 11.0.2. There is a vulnera
 CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...)
 	- dnsmasq 2.90-1 (bug #1033165)
 	[bookworm] - dnsmasq <no-dsa> (Minor issue)
-	[bullseye] - dnsmasq <no-dsa> (Minor issue)
 	[buster] - dnsmasq <no-dsa> (Minor issue)
 	NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
 CVE-2023-1424 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
@@ -220477,7 +220476,6 @@ CVE-2022-26884 (Users can read any files by log server, Apache DolphinScheduler
 	NOT-FOR-US: Apache DolphinScheduler
 CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was found in dn ...)
 	- dnsmasq 2.87-1 (bug #1014715)
-	[bullseye] - dnsmasq <no-dsa> (Minor issue)
 	[buster] - dnsmasq <no-dsa> (Minor issue)
 	[stretch] - dnsmasq <no-dsa> (Minor issue)
 	NOTE: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Nov 2024] DLA-3974-1 dnsmasq - security update
+	{CVE-2022-0934 CVE-2023-28450 CVE-2023-50387 CVE-2023-50868}
+	[bullseye] - dnsmasq 2.85-1+deb11u1
 [28 Nov 2024] DLA-3973-1 redis - security update
 	{CVE-2022-35977 CVE-2024-31228}
 	[bullseye] - redis 5:6.0.16-1+deb11u4


=====================================
data/dla-needed.txt
=====================================
@@ -58,13 +58,6 @@ clamav
   NOTE: 20241121: Added by Front-Desk (Beuc)
   NOTE: 20241121: Bump to 0.103.12 to follow fixes from bookworm 12.8 (2 CVEs) (Beuc/front-desk)
 --
-dnsmasq (lee)
-  NOTE: 20240313: Added by oldstable Security Team (jmm)
-  NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and CVE-2023-50868
-  NOTE: 20240802: look quite disruptive. Contacting maintainer to consult on the best course of
-  NOTE: 20240802: action. (lee)
-  NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
 edk2
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fdf666a18ccf054dd859cca4fd399ca064272a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fdf666a18ccf054dd859cca4fd399ca064272a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241129/15ac6aa1/attachment-0001.htm>
