Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad8dc01c by Salvatore Bonaccorso at 2020-10-13T14:36:24+02:00
Mark sympa as no-dsa and to be released via point release
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37574,6 +37574,7 @@ CVE-2020-10937
CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
{DLA-2401-1}
- sympa 6.2.40~dfsg-5 (bug #961491)
+ [buster] - sympa <no-dsa> (Will be fixed via point release)
NOTE: https://sympa-community.github.io/security/2020-002.html
NOTE: Patch:
https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
NOTE: Patch for sympa-6.1.25:
https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch
@@ -37582,6 +37583,7 @@ CVE-2020-10936 (Sympa before 6.2.56 allows privilege
escalation. ...)
CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before
6.2.40~dfsg- ...)
{DLA-2401-1}
- sympa 6.2.40~dfsg-7 (bug #971904)
+ [buster] - sympa <no-dsa> (Will be fixed via point release)
NOTE: Debian specific issue where sympa_newaliases-wrapper had loose
permissions
NOTE: (already suid root and word-executable) allowing to gain root
privileges
NOTE: without first to escalate to sympa user.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad8dc01c069dd9d856f08ebdc2b2227f9073ba5c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad8dc01c069dd9d856f08ebdc2b2227f9073ba5c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
