diff options
| author | Bastien Roucariès <rouca@debian.org> | 2024-02-03 09:05:40 +0000 |
|---|---|---|
| committer | Bastien Roucariès <rouca@debian.org> | 2024-02-03 09:05:40 +0000 |
| commit | 2b6222ed8da2765e55a2ff7a292add3e35438dd2 (patch) | |
| tree | 82284392a041882d2dceabe2f6a501f38caf58a5 | |
| parent | aa7e277eba56d8f236cf81f1594e054928d7ecd9 (diff) | |
Reserve DLA-3732-1 for sudo
| -rw-r--r-- | data/CVE/list | 2 | ||||
| -rw-r--r-- | data/DLA/list | 3 | ||||
| -rw-r--r-- | data/dla-needed.txt | 5 |
3 files changed, 3 insertions, 7 deletions
diff --git a/data/CVE/list b/data/CVE/list index e701ddb9d5..2b2b16eb38 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -50357,12 +50357,10 @@ CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by netwo CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...) - sudo 1.9.13p1-1 [bullseye] - sudo <no-dsa> (Minor issue) - [buster] - sudo <no-dsa> (Minor issue) NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log messages.) - sudo 1.9.13p1-1 [bullseye] - sudo <no-dsa> (Minor issue) - [buster] - sudo <no-dsa> (Minor issue) NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca NOTE: https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b (fix a regression) CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in file previ ...) diff --git a/data/DLA/list b/data/DLA/list index 38a10cea74..a485483017 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[03 Feb 2024] DLA-3732-1 sudo - security update + {CVE-2023-7090 CVE-2023-28486 CVE-2023-28487} + [buster] - sudo 1.8.27-1+deb10u6 [01 Feb 2024] DLA-3731-1 man-db - sandboxing fixes [buster] - man-db 2.8.5-2+deb10u1 [01 Feb 2024] DLA-3730-1 python-asyncssh - security update diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 013323be2a..053ca4e679 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -229,11 +229,6 @@ squid NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix NOTE: 20240109: appears to be intrusive. I could not locate the fix for CVE-2023-49288 yet. (apo) -- -sudo (rouca) - NOTE: 20231224: Added by Front-Desk (ta) - NOTE: 20240128: Wait for review by sudo team (rouca) - NOTE: 20240128: Ported test suite (rouca) --- suricata (Adrian Bunk) NOTE: 20230620: Added by Front-Desk (Beuc) NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie, |