[Git][security-tracker-team/security-tracker][master] Reserve DLA-4092-1 for libcap2

Wed Mar 26 13:56:51 GMT 2025


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
87deb59d by Chris Lamb at 2025-03-26T13:56:26+00:00
Reserve DLA-4092-1 for libcap2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -162211,7 +162211,6 @@ CVE-2023-2603 (A vulnerability was found in libcap. This issue occurs in the _li
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=422bec25ae4a1ab03fd4d6f728695ed279173b18 (libcap-2.69)
 CVE-2023-2602 (A vulnerability was found in the pthread_create() function in libcap.  ...)
 	- libcap2 1:2.66-4 (bug #1036114)
-	[bullseye] - libcap2 <no-dsa> (Minor issue)
 	[buster] - libcap2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe
 	NOTE: https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Mar 2025] DLA-4092-1 libcap2 - security update
+	{CVE-2023-2602 CVE-2023-2603 CVE-2025-1390}
+	[bullseye] - libcap2 1:2.44-1+deb11u1
 [25 Mar 2025] DLA-4091-1 nginx - security update
 	{CVE-2024-7347 CVE-2025-23419}
 	[bullseye] - nginx 1.18.0-6.1+deb11u4


=====================================
data/dla-needed.txt
=====================================
@@ -145,11 +145,6 @@ knot-resolver
 lemonldap-ng
   NOTE: 20250206: CVE-2024-52948
 --
-libcap2
-  NOTE: 20250220: Added by Front-Desk (Beuc)
-  NOTE: 20250220: Also fix postponed/no-dsa issues (Beuc/front-desk)
-  NOTE: 20250306: Update prepared, just clarifying one last CVE (CVE-2023-2603). (lamby)
---
 libnet-easytcp-perl
   NOTE: 20250117: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87deb59d312e9c829f39a657e0d057c4110c7fab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87deb59d312e9c829f39a657e0d057c4110c7fab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250326/08f50412/attachment-0001.htm>
