Lee Garrett pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b6f16251 by Lee Garrett at 2023-09-12T17:58:04+02:00
Reserve DLA-3563-1 for samba
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -276110,7 +276110,6 @@ CVE-2019-19345 (A vulnerability was found in all
openshift/mediawiki-apb 4.x.x v
NOT-FOR-US: openshift
CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions
before 4.9 ...)
- samba 2:4.11.5+dfsg-1 (bug #950499)
- [buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <not-affected> (Only affects Samba 4.9 onwards)
[jessie] - samba <not-affected> (Only affects Samba 4.9 onwards)
NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
@@ -292162,7 +292161,6 @@ CVE-2019-14908
CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12
and 4.11 ...)
{DLA-2668-1}
- samba 2:4.11.5+dfsg-1
- [buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did
not fix ...)
@@ -292187,7 +292185,6 @@ CVE-2019-14903
CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5,
all samb ...)
{DLA-2668-1}
- samba 2:4.11.5+dfsg-1
- [buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <ignored> (difficult and risky backport to 4.2 in
jessie)
NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html
NOTE: Workaround: Use of 'samba-tool drs replicate $DC1 $DC2 $NC
--full-sync' will
@@ -292502,7 +292499,6 @@ CVE-2019-14848
CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba
4.10.x b ...)
{DLA-2668-1}
- samba 2:4.11.0+dfsg-6
- [buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine
2.8.5, an ...)
@@ -292547,7 +292543,6 @@ CVE-2019-14834 (A vulnerability was found in dnsmasq
before version 2.81, where
CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0
before sa ...)
{DLA-2668-1}
- samba 2:4.11.1+dfsg-2
- [buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14833.html
CVE-2019-14832 (A flaw was found in the Keycloak REST API before version 8.0.0
where i ...)
@@ -307015,7 +307010,6 @@ CVE-2019-10219 (A vulnerability was found in
Hibernate-Validator. The SafeHtml v
CVE-2019-10218 (A flaw was found in the samba client, all samba versions
before samba ...)
{DLA-2668-1}
- samba 2:4.11.1+dfsg-2
- [buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-10218.html
CVE-2019-10217 (A flaw was found in ansible 2.8.0 before 2.8.4. Fields
managing sensit ...)
@@ -465836,7 +465830,6 @@ CVE-2016-2125 (It was found that Samba before
versions 4.5.3, 4.4.8, 4.3.13 alwa
CVE-2016-2124 (A flaw was found in the way samba implemented SMB1
authentication. An ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
- [buster] - samba <no-dsa> (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444
NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html
CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba
routine n ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Sep 2023] DLA-3563-1 samba - security update
+ {CVE-2016-2124 CVE-2019-10218 CVE-2019-14833 CVE-2019-14847
CVE-2019-14902 CVE-2019-14907 CVE-2019-19344}
+ [buster] - samba 2:4.9.5+dfsg-5+deb10u4
[12 Sep 2023] DLA-3562-1 orthanc - security update
{CVE-2023-33466}
[buster] - orthanc 1.5.6+dfsg-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -227,16 +227,6 @@ salt
NOTE: 20230720:
https://docs.saltproject.io/en/master/topics/releases/3002.html#execution-module-changes
NOTE: 20230720: Last but not least salt is not present in stable/testing
(rouca)
--
-samba
- NOTE: 20220904: Added by Front-Desk (apo)
- NOTE: 20220904: Many postponed or open CVE in general. (apo)
- NOTE: 20230323: Still working on the long list of CVEs, will likely release
an intermittent package first (lee)
- NOTE: 20230807: WIP package is available at
[email protected]:lts-team/packages/samba.git
- NOTE: 20230807: in the branch "lgarrett/2023-02-23-debian/buster-proposed"
- NOTE: 20230807: functional test framework is however needed (WIP) as most
- NOTE: 20230807: CVEs/bugfixes don't have test coverage.
- NOTE: 20230822: https://lists.debian.org/debian-lts/2023/08/msg00027.html
(lee)
---
suricata
NOTE: 20230620: Added by Front-Desk (Beuc)
NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with
last LTS update in Jessie,
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f162515f4b01ed1aaa348f0cdb55bdd06c2b0e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f162515f4b01ed1aaa348f0cdb55bdd06c2b0e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
