[Git][security-tracker-team/security-tracker][master] bullseye/bookworm/samba triage

Mon, 28 Aug 2023 14:04:57 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fef73cb9 by Moritz Muehlenhoff at 2023-08-28T23:03:06+02:00
bullseye/bookworm/samba triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52316,6 +52316,8 @@ CVE-2022-45142 (The fix for CVE-2022-3437 included 
changing memcmp to be constan
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296
 CVE-2022-45141 (Since the Windows Kerberos RC4-HMAC Elevation of Privilege 
Vulnerabili ...)
        - samba 2:4.16.0+dfsg-2
+       [bullseye] - samba <ignored> (Domain controller functionality is EOLed, 
see DSA DSA-5477-1)
+       [buster] - samba <ignored> (Domain controller functionality is EOLed, 
see DSA-5015-1)
        NOTE: https://www.samba.org/samba/security/CVE-2022-45141.html
 CVE-2022-45140 (The configuration backend allows an unauthenticated user to 
write arbi ...)
        NOT-FOR-US: WAGO
@@ -62021,6 +62023,7 @@ CVE-2022-3437 (A heap-based buffer overflow 
vulnerability was found in Samba wit
        NOTE: 
https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696
 (heimdal-7.7.1)
        NOTE: 
https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2
 (heimdal-7.7.1)
        NOTE: 
https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef
 (heimdal-7.7.1)
+       NOTE: In scope for continued Samba support
 CVE-2021-46845
        RESERVED
 CVE-2020-36606
@@ -85923,6 +85926,7 @@ CVE-2022-2127 (An out-of-bounds read vulnerability was 
found in Samba due to ins
        {DSA-5477-1}
        - samba 2:4.18.5+dfsg-1
        NOTE: https://www.samba.org/samba/security/CVE-2022-2127.html
+       NOTE: In scope for continued Samba support
 CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.)
        {DLA-3053-1}
        - vim 2:9.0.0135-1 (unimportant; bug #1015984)
@@ -96257,7 +96261,7 @@ CVE-2022-28702 (Incorrect Default Permissions 
vulnerability in ABB e-Design allo
 CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable 
random val ...)
        [experimental] - samba 2:4.17.0+dfsg-1
        - samba 2:4.16.5+dfsg-2 (bug #1021024)
-       [bullseye] - samba <postponed> (Minor issue)
+       [bullseye] - samba <ignored> (Domain controller functionality is EOLed, 
see DSA DSA-5477-1)
        [buster] - samba <not-affected> (Vulnerable code introduced later)
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103
        NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2644
@@ -119907,12 +119911,13 @@ CVE-2021-46181
 CVE-2021-46180
        RESERVED
 CVE-2021-46179 (Reachable Assertion vulnerability in upx before 4.0.0 allows 
attackers ...)
-       - upx-ucl <unfixed>
+       - upx-ucl <unfixed> (unimportant)
        NOTE: https://github.com/upx/upx/issues/545
        NOTE: 
https://github.com/upx/upx/commit/4a9c46253e308d60b550e9f529e7d37daf978be5 
(v3.99)
        NOTE: 
https://github.com/upx/upx/commit/2d6987252ef4cec9b9051e3e161977ab88b67aac 
(v3.99)
        NOTE: 
https://github.com/upx/upx/commit/fcdf0e92c1a2d89188ec7b50fb9b40ef51362560 
(v3.99)
        NOTE: 
https://github.com/upx/upx/commit/be23f93ee6853a688fb9a920c9ee5222aa212303 
(v3.99)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-46178
        RESERVED
 CVE-2021-46177
@@ -196187,6 +196192,8 @@ CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote 
attackers to prevent legitimate s
        NOTE: Bogus issue, can be configured using MaxClientsPerIP in 
pure-ftpd.conf configuration file
 CVE-2020-35357 (A buffer overflow can occur when calculating the quantile 
value using  ...)
        - gsl <unfixed>
+       [bookworm] - gsl <no-dsa> (Minor issue)
+       [bullseye] - gsl <no-dsa> (Minor issue)
        NOTE: https://savannah.gnu.org/bugs/?59624
        NOTE: 
https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859
 CVE-2020-35356
@@ -211787,6 +211794,7 @@ CVE-2020-25720
        RESERVED
        - samba 2:4.17.8+dfsg-1
        [bullseye] - samba <ignored> (Domain controller functionality is EOLed, 
see DSA DSA-5477-1)
+       [buster] - samba <ignored> (Domain controller functionality is EOLed, 
see DSA-5015-1)
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14810
        NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2514
        NOTE: 
https://gitlab.com/samba-team/samba/-/commit/cc64ea24daa649dc8de4a212c7abfbe111095655



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fef73cb9c1c14644a0247befa9f8b002cb73ae5a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fef73cb9c1c14644a0247befa9f8b002cb73ae5a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to