[Git][security-tracker-team/security-tracker][master] Reserve DLA-4047-1 for sssd
Guilhem Moulin (@guilhem)
guilhem at debian.org
Sun Feb 9 11:51:45 GMT 2025
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
43de6f4c by Guilhem Moulin at 2025-02-09T12:51:28+01:00
Reserve DLA-4047-1 for sssd
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -83575,7 +83575,6 @@ CVE-2023-41864 (Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Gr
CVE-2023-3758 (A race condition flaw was found in sssd where the GPO policy is not co ...)
- sssd 2.9.5-1 (bug #1070369)
[bookworm] - sssd <no-dsa> (Minor issue)
- [bullseye] - sssd <no-dsa> (Minor issue)
[buster] - sssd <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223762
NOTE: https://github.com/SSSD/sssd/pull/7302
@@ -289331,7 +289330,6 @@ CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the
CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...)
{DLA-3436-1 DLA-2758-1}
- sssd 2.5.2-1 (bug #992710)
- [bullseye] - sssd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe (sssd-2-7)
NOTE: https://github.com/SSSD/sssd/commit/b4b32677a886bc26d60ce0171505aa3ab0c82c8a (sssd-1-16)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Feb 2025] DLA-4047-1 sssd - security update
+ {CVE-2021-3621 CVE-2023-3758}
+ [bullseye] - sssd 2.4.1-2+deb11u1
[08 Feb 2025] DLA-4046-1 ark - security update
{CVE-2024-57966}
[bullseye] - ark 4:20.12.2-1+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -243,9 +243,6 @@ shadow
NOTE: 20250105: shadow is a high-profile package. Upstream discussion for CVE-2024-56433 is
NOTE: 20250105: ongoing. I'm adding it to dla-needed.txt to keep it on our radar.
--
-sssd (guilhem)
- NOTE: 20250130: Added by guilhem with Front-Desk's blessing (pochu)
---
snapcast
NOTE: 20250118: Added by Front-Desk (rouca)
NOTE: 20250119: Upstream just re-added a secured Stream.AddStream functionality to fix CVE-2023-36177, but hasn't released it yet (dleidert)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43de6f4c203602b3806e9f698e5209f666fe9bcf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43de6f4c203602b3806e9f698e5209f666fe9bcf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250209/929b39fc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list