[Git][security-tracker-team/security-tracker][master] Reserve DLA-4472-1 for sudo
Bastien Roucariès (@rouca)
rouca at debian.org
Fri Feb 6 21:24:25 GMT 2026
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
346b14b9 by Bastien Roucariès at 2026-02-06T22:24:09+01:00
Reserve DLA-4472-1 for sudo
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -284645,12 +284645,10 @@ CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by netwo
CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...)
{DLA-3732-1}
- sudo 1.9.13p1-1
- [bullseye] - sudo <no-dsa> (Minor issue)
NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log messages.)
{DLA-3732-1}
- sudo 1.9.13p1-1
- [bullseye] - sudo <no-dsa> (Minor issue)
NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
NOTE: https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b (fix a regression)
CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in file previ ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[06 Feb 2026] DLA-4472-1 sudo - security update
+ {CVE-2023-28486 CVE-2023-28487}
+ [bullseye] - sudo 1.9.5p2-3+deb11u3
[06 Feb 2026] DLA-4471-1 debian-security-support - update
[bullseye] - debian-security-support 1:11+2026.02.06
[06 Feb 2026] DLA-4470-1 phpunit - security update
=====================================
data/dla-needed.txt
=====================================
@@ -362,11 +362,6 @@ rust-openssl
smb4k
NOTE: 20251217: Added by Front-Desk (pochu)
--
-sudo (rouca)
- NOTE: 20251130: Added by Front-Desk (rouca)
- NOTE: 20251130: Fix CVE-2023-2848[6-7] to avoid a regression between buster -> bullseye
- NOTE: 20250108: proposed fix to maintainer (rouca)
---
suricata
NOTE: 20250331: re added to fix next bunch of CVEs (ta)
NOTE: 20250825: testing package (ta)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/346b14b907772d4757c1b5607801bef7a833bc52
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/346b14b907772d4757c1b5607801bef7a833bc52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260206/7be31c0d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list