Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
854f3801 by Salvatore Bonaccorso at 2020-02-02T08:30:03+01:00
Track sudo fixes via the new upstream version in unstable
Furthermore demote the two disupted CVEs to unimportant. They are quite
far-fetched and upstream introduded in upstream 1.8.30 new configuration
options to handle those interpretations. In the case of CVE-2019-19234
actually only for the shell.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17198,19 +17198,16 @@ CVE-2019-19236
CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows
10 note ...)
NOT-FOR-US: ASUS
CVE-2019-19234 (** DISPUTED ** In Sudo through 1.8.29, the fact that a user
has been b ...)
- - sudo <unfixed> (bug #947225)
- [buster] - sudo <no-dsa> (Minor issue)
- [stretch] - sudo <no-dsa> (Minor issue)
- [jessie] - sudo <no-dsa> (Minor issue)
+ - sudo 1.8.31-1 (bug #947225; unimportant)
NOTE: https://www.sudo.ws/devel.html#1.8.30b2
+ NOTE: Sudo 1.8.30 adds an optional setting to check the shell of the
target user
+ NOTE: additionally.
CVE-2019-19233
RESERVED
CVE-2019-19232 (** DISPUTED ** In Sudo through 1.8.29, an attacker with access
to a Ru ...)
- - sudo <unfixed> (bug #947225)
- [buster] - sudo <no-dsa> (Minor issue)
- [stretch] - sudo <no-dsa> (Minor issue)
- [jessie] - sudo <no-dsa> (Minor issue)
+ - sudo 1.8.31-1 (bug #947225; unimportant)
NOTE: https://www.sudo.ws/devel.html#1.8.30b2
+ NOTE: Sudo 1.8.30 introduces an option to enable/disable the behavior.
CVE-2019-19231 (An insecure file access vulnerability exists in CA Client
Automation 1 ...)
NOT-FOR-US: CA Client Automation
CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release
Automatio ...)
@@ -20887,7 +20884,7 @@ CVE-2019-18635 (An issue was discovered in Mooltipass
Moolticute through v0.42.1
NOT-FOR-US: Mooltipass Moolticute
CVE-2019-18634 (In Sudo before 1.8.26, if pwfeedback is enabled in
/etc/sudoers, users ...)
{DSA-4614-1}
- - sudo <unfixed> (bug #950371)
+ - sudo 1.8.31-1 (bug #950371)
[buster] - sudo <no-dsa> (EOF handling introduced in 1.8.26 prevents
exploitation of bug)
NOTE: https://www.sudo.ws/alerts/pwfeedback.html
NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/6
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/854f3801e6eb89c640e02313ba7e4989af5a5b30
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/854f3801e6eb89c640e02313ba7e4989af5a5b30
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
