[Git][security-tracker-team/security-tracker][master] Reserve DLA-4047-1 for sssd

Guilhem Moulin (@guilhem) Sun, 09 Feb 2025 03:51:56 -0800


Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
43de6f4c by Guilhem Moulin at 2025-02-09T12:51:28+01:00
Reserve DLA-4047-1 for sssd

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -83575,7 +83575,6 @@ CVE-2023-41864 (Cross-Site Request Forgery (CSRF) 
vulnerability in Pepro Dev. Gr
 CVE-2023-3758 (A race condition flaw was found in sssd where the GPO policy is 
not co ...)
        - sssd 2.9.5-1 (bug #1070369)
        [bookworm] - sssd <no-dsa> (Minor issue)
-       [bullseye] - sssd <no-dsa> (Minor issue)
        [buster] - sssd <postponed> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223762
        NOTE: https://github.com/SSSD/sssd/pull/7302
@@ -289331,7 +289330,6 @@ CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS 
by placing a payload in the
 CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was 
vulnerable to s ...)
        {DLA-3436-1 DLA-2758-1}
        - sssd 2.5.2-1 (bug #992710)
-       [bullseye] - sssd <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
        NOTE: 
https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe 
(sssd-2-7)
        NOTE: 
https://github.com/SSSD/sssd/commit/b4b32677a886bc26d60ce0171505aa3ab0c82c8a 
(sssd-1-16)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Feb 2025] DLA-4047-1 sssd - security update
+       {CVE-2021-3621 CVE-2023-3758}
+       [bullseye] - sssd 2.4.1-2+deb11u1
 [08 Feb 2025] DLA-4046-1 ark - security update
        {CVE-2024-57966}
        [bullseye] - ark 4:20.12.2-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -243,9 +243,6 @@ shadow
   NOTE: 20250105: shadow is a high-profile package. Upstream discussion for 
CVE-2024-56433 is
   NOTE: 20250105: ongoing. I'm adding it to dla-needed.txt to keep it on our 
radar.
 --
-sssd (guilhem)
-  NOTE: 20250130: Added by guilhem with Front-Desk's blessing (pochu)
---
 snapcast
   NOTE: 20250118: Added by Front-Desk (rouca)
   NOTE: 20250119: Upstream just re-added a secured Stream.AddStream 
functionality to fix CVE-2023-36177, but hasn't released it yet (dleidert)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43de6f4c203602b3806e9f698e5209f666fe9bcf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43de6f4c203602b3806e9f698e5209f666fe9bcf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-4047-1 for sssd

Reply via email to