Guilhem Moulin pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d961e0cf by Guilhem Moulin at 2023-05-29T15:16:50+02:00
Reserve DLA-3436-1 for sssd
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -36482,7 +36482,6 @@ CVE-2022-4255 (An info leak issue was identified in all
versions of GitLab EE fr
- gitlab <not-affected> (Specific to EE)
CVE-2022-4254 (sssd: libsss_certmap fails to sanitise certificate data used in
LDAP f ...)
- sssd 2.3.1-1
- [buster] - sssd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2149894
NOTE: https://github.com/SSSD/sssd/issues/5135
NOTE:
https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274
@@ -142309,7 +142308,6 @@ CVE-2021-3621 (A flaw was found in SSSD, where the
sssctl command was vulnerable
{DLA-2758-1}
- sssd 2.5.2-1 (bug #992710)
[bullseye] - sssd <no-dsa> (Minor issue)
- [buster] - sssd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
NOTE:
https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
(sssd-2-7)
NOTE:
https://github.com/SSSD/sssd/commit/b4b32677a886bc26d60ce0171505aa3ab0c82c8a
(sssd-1-16)
@@ -309587,7 +309585,6 @@ CVE-2019-3812 (QEMU, through version 2.10 and through
version 3.1.0, is vulnerab
CVE-2019-3811 (A vulnerability was found in sssd. If a user was configured
with no ho ...)
{DLA-1635-1}
- sssd 2.2.0-1 (bug #919051)
- [buster] - sssd <no-dsa> (Minor issue)
[stretch] - sssd <no-dsa> (Minor issue)
NOTE: Upstream ticket: https://pagure.io/SSSD/sssd/issue/3901
NOTE: Pull request: https://github.com/SSSD/sssd/pull/703
@@ -328389,7 +328386,6 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1
are vulnerable to a buffer o
NOTE: Fixed by:
https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation.
When the ...)
- sssd 2.2.0-1 (bug #931432)
- [buster] - sssd <no-dsa> (Minor issue)
[stretch] - sssd <no-dsa> (Minor issue)
[jessie] - sssd <not-affected> (GPO based access control introduced
later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640820
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 May 2023] DLA-3436-1 sssd - security update
+ {CVE-2018-16838 CVE-2019-3811 CVE-2021-3621 CVE-2022-4254}
+ [buster] - sssd 1.16.3-3.2+deb10u1
[28 May 2023] DLA-3435-1 rainloop - security update
{CVE-2019-13389 CVE-2022-29360}
[buster] - rainloop 1.12.1-2+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -211,11 +211,6 @@ samba
NOTE: 20220904: Many postponed or open CVE in general. (apo)
NOTE: 20230323: Still working on the long list of CVEs, will likely release
an intermittent package first (lee)
--
-sssd (guilhem)
- NOTE: 20230131: Programming language: C.
- NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
- NOTE: 20230508: WIP (gladk)
---
webkit2gtk (Emilio)
NOTE: 20230512: Programming language: C++.
NOTE: 20230512: VCS: https://salsa.debian.org/webkit-team/webkit.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d961e0cfa51f54fc061b57ee03167b9125662965
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d961e0cfa51f54fc061b57ee03167b9125662965
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
