[Git][security-tracker-team/security-tracker][master] Reserve DLA-4614-1 for sudo

Andreas Henriksson (@ah) gitlab at salsa.debian.org
Thu Jun 4 12:53:35 BST 2026 


Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66126d26 by Andreas Henriksson at 2026-06-04T13:53:28+02:00
Reserve DLA-4614-1 for sudo

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -38324,7 +38324,6 @@ CVE-2026-35535 (In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid,
 	- sudo 1.9.17p2-5 (bug #1130593)
 	[trixie] - sudo 1.9.16p2-3+deb13u2
 	[bookworm] - sudo 1.9.13p3-1+deb12u4
-	[bullseye] - sudo <postponed> (Minor issue, can be fixed in a point release)
 	NOTE: Introduced by: https://github.com/sudo-project/sudo/commit/bd1ca79cca827a92e904f022e49df121931d4ff5 (SUDO_1_9_4p1)
 	NOTE: Fixed by: https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69
 	NOTE: https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[04 Jun 2026] DLA-4614-1 sudo - security update
+	{CVE-2026-35535}
+	[bullseye] - sudo 1.9.5p2-3+deb11u4
 [01 Jun 2026] DLA-4613-1 python-aiohttp - security update
 	{CVE-2025-53643 CVE-2025-69224 CVE-2025-69225 CVE-2025-69226 CVE-2025-69227 CVE-2025-69228 CVE-2025-69229 CVE-2026-22815 CVE-2026-34513 CVE-2026-34514 CVE-2026-34516 CVE-2026-34517 CVE-2026-34518 CVE-2026-34519 CVE-2026-34520 CVE-2026-34525}
 	[bullseye] - python-aiohttp 3.7.4-1+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -561,11 +561,6 @@ starlette/bullseye (dleidert)
 strongswan/bullseye
   NOTE: 20260423: Added by Front-Desk (pochu)
 --
-sudo/bullseye (ah)
-  NOTE: 20260522: Added by Front-Desk (Beuc)
-  NOTE: 20260522: Follow bookworm 12.14, CVE-2026-35535 part of the high-profile
-  NOTE: 20260522: CrackArmor PoC from Qualys (Beuc/front-desk)
---
 suricata/bullseye
   NOTE: 20250331: re added to fix next bunch of CVEs (ta)
   NOTE: 20250825: testing package (ta)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66126d264aef879b505d53c7e3dab132c65fc126

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66126d264aef879b505d53c7e3dab132c65fc126
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260604/719a0dce/attachment.htm>

More information about the debian-security-tracker-commits mailing list