[Git][security-tracker-team/security-tracker][master] Reserve DLA-3880-1 for amanda

Sat Sep 7 18:26:45 BST 2024


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d7bad5e by Adrian Bunk at 2024-09-07T20:26:33+03:00
Reserve DLA-3880-1 for amanda

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -106336,7 +106336,6 @@ CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) befor
 	{DLA-3681-1}
 	- amanda 1:3.5.1-11.1 (bug #1055253)
 	[bookworm] - amanda 1:3.5.1-11+deb12u1
-	[bullseye] - amanda <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3
 	NOTE: https://github.com/zmanda/amanda/pull/228
 CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a free ...)
@@ -166586,7 +166585,6 @@ CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local us
 CVE-2022-37705 (A privilege escalation flaw was found in Amanda 3.5.1 in which the bac ...)
 	{DLA-3681-1}
 	- amanda 1:3.5.1-10 (bug #1029829)
-	[bullseye] - amanda <no-dsa> (Minor issue)
 	NOTE: https://github.com/MaherAzzouzi/CVE-2022-37705
 	NOTE: https://github.com/zmanda/amanda/issues/192
 	NOTE: https://marc.info/?l=amanda-hackers&m=167437716918603&w=2
@@ -166595,7 +166593,6 @@ CVE-2022-37705 (A privilege escalation flaw was found in Amanda 3.5.1 in which t
 CVE-2022-37704 (Amanda 3.5.1 allows privilege escalation from the regular user backup  ...)
 	{DLA-3330-1}
 	- amanda 1:3.5.1-10 (bug #1029829)
-	[bullseye] - amanda <no-dsa> (Minor issue)
 	NOTE: https://github.com/MaherAzzouzi/CVE-2022-37704
 	NOTE: https://github.com/zmanda/amanda/issues/192
 	NOTE: https://marc.info/?l=amanda-hackers&m=167437716918603&w=2
@@ -166606,7 +166603,6 @@ CVE-2022-37704 (Amanda 3.5.1 allows privilege escalation from the regular user b
 CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found in the ca ...)
 	{DLA-3681-1}
 	- amanda 1:3.5.1-10 (bug #1021017)
-	[bullseye] - amanda <no-dsa> (Minor issue)
 	NOTE: https://github.com/MaherAzzouzi/CVE-2022-37703
 	NOTE: https://github.com/zmanda/amanda/issues/192
 	NOTE: https://github.com/zmanda/amanda/pull/198


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Sep 2024] DLA-3880-1 amanda - security update
+	{CVE-2022-37703 CVE-2022-37704 CVE-2022-37705 CVE-2023-30577}
+	[bullseye] - amanda 1:3.5.1-7+deb11u1
 [07 Sep 2024] DLA-3879-1 bluez - security update
 	{CVE-2021-3658 CVE-2021-41229 CVE-2021-43400 CVE-2022-0204 CVE-2022-39176 CVE-2022-39177 CVE-2023-27349 CVE-2023-50229 CVE-2023-50230}
 	[bullseye] - bluez 5.55-3.1+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -23,10 +23,6 @@ https://lts-team.pages.debian.net/wiki/Development.html#triage-new-security-issu
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
---
-amanda (Adrian Bunk)
-  NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: Follow fixes from buster DLA-3681-1 (3 CVEs) and bookworm 12.4 (CVE-2023-30577) (Beuc/front-desk)
 --
 aom (Adrian Bunk)
   NOTE: 20240817: Added by Front-Desk (Beuc)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d7bad5e464f486c159cc18a3f4ceb00a55a031e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d7bad5e464f486c159cc18a3f4ceb00a55a031e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240907/ab0d9058/attachment-0001.htm>
