Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
810bdcd3 by Moritz Mühlenhoff at 2024-03-24T21:32:12+01:00
mark three CVEs as ignored for bullseye/buster, only relevant for AD
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -95330,6 +95330,8 @@ CVE-2022-44640 (Heimdal before 7.7.1 allows remote
attackers to execute arbitrar
{DSA-5287-1 DLA-3206-1}
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- samba 2:4.17.4+dfsg-1
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
+ [buster] - samba <ignored> (Domain controller functionality is EOLed,
see DSA-5015-1)
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
NOTE:
https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e
(heimdal-7.7.1)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14929
@@ -102125,6 +102127,8 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka
krb5) before 1.19.4 and 1.20.
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- krb5 1.20.1-1 (bug #1024267)
- samba 2:4.17.3+dfsg-1
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
+ [buster] - samba <ignored> (Domain controller functionality is EOLed,
see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2022-42898.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15203
NOTE: samba: only exploitable in 32-bit systems, according to upstream
advisory
@@ -115648,6 +115652,8 @@ CVE-2022-37967 (Windows Kerberos Elevation of
Privilege Vulnerability)
NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
+ [bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
+ [buster] - samba <ignored> (Domain controller functionality is EOLed,
see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2022-37966.html
NOTE: possible samba 4.13,4.15 regression:
https://bugzilla.samba.org/show_bug.cgi?id=15243
NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810bdcd36746e1d7c8791bc3bf59633e1024fbfb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810bdcd36746e1d7c8791bc3bf59633e1024fbfb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
