[Git][security-tracker-team/security-tracker][master] Reserve DLA-4336-1 for sysstat

Thorsten Alteholz (@alteholz) alteholz at debian.org
Fri Oct 17 17:30:44 BST 2025 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2f1a1e5 by Thorsten Alteholz at 2025-10-17T18:30:22+02:00
Reserve DLA-4336-1 for sysstat

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -231649,7 +231649,6 @@ CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer overflow
 	{DLA-3434-1}
 	- sysstat 12.6.1-2 (bug #1036294)
 	[bookworm] - sysstat <ignored> (Minor issue, limited to 32 bit archs)
-	[bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377 not applied)
 	NOTE: https://github.com/sysstat/sysstat/pull/360
 	NOTE: https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
 	NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
@@ -290622,7 +290621,6 @@ CVE-2022-39378 (Discourse is a platform for community discussion. Under certain
 CVE-2022-39377 (sysstat is a set of system performance tools for the Linux operating s ...)
 	{DLA-3188-1}
 	- sysstat 12.6.1-1 (bug #1023832)
-	[bullseye] - sysstat <no-dsa> (Minor issue)
 	NOTE: https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
 	NOTE: https://github.com/sysstat/sysstat/commit/9c4eaf150662ad40607923389d4519bc83b93540 (v12.7.1)
 	NOTE: The original fix is incomplete and opens up CVE-2023-33204.


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Oct 2025] DLA-4336-1 sysstat - security update
+	{CVE-2022-39377 CVE-2023-33204}
+	[bullseye] - sysstat 12.5.2-2+deb11u1
 [17 Oct 2025] DLA-4335-1 firefox-esr - security update
 	{CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711 CVE-2025-11712 CVE-2025-11714 CVE-2025-11715}
 	[bullseye] - firefox-esr 140.4.0esr-1~deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f1a1e5b6bf70caef5355773f97de7aabbbfaec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f1a1e5b6bf70caef5355773f97de7aabbbfaec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251017/d89a1f34/attachment.htm>

More information about the debian-security-tracker-commits mailing list