Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c419ab44 by Adrian Bunk at 2024-12-08T18:59:32+02:00
Reserve DLA-3987-1 for renderdoc
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -125389,7 +125389,6 @@ CVE-2023-33865 (RenderDoc before 1.27 allows local
privilege escalation via a sy
{DLA-3501-1}
- renderdoc 1.27+dfsg-1 (bug #1037208)
[bookworm] - renderdoc <no-dsa> (Minor issue)
- [bullseye] - renderdoc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
NOTE:
https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862
(v1.27)
@@ -125400,7 +125399,6 @@ CVE-2023-33864 (StreamReader::ReadFromExternal in
RenderDoc before 1.27 allows a
{DLA-3501-1}
- renderdoc 1.27+dfsg-1 (bug #1037208)
[bookworm] - renderdoc <no-dsa> (Minor issue)
- [bullseye] - renderdoc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
NOTE:
https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862
(v1.27)
@@ -125411,7 +125409,6 @@ CVE-2023-33863 (SerialiseValue in RenderDoc before
1.27 allows an Integer Overfl
{DLA-3501-1}
- renderdoc 1.27+dfsg-1 (bug #1037208)
[bookworm] - renderdoc <no-dsa> (Minor issue)
- [bullseye] - renderdoc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
NOTE:
https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862
(v1.27)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Dec 2024] DLA-3987-1 renderdoc - security update
+ {CVE-2023-33863 CVE-2023-33864 CVE-2023-33865}
+ [bullseye] - renderdoc 1.11+dfsg-5+deb11u1
[08 Dec 2024] DLA-3986-1 php7.4 - security update
{CVE-2024-8929 CVE-2024-8932 CVE-2024-11233 CVE-2024-11234
CVE-2024-11236}
[bullseye] - php7.4 7.4.33-1+deb11u7
=====================================
data/dla-needed.txt
=====================================
@@ -195,11 +195,6 @@ qemu (santiago)
NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
NOTE: 20241119: Bookworm PU in progress
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086572
--
-renderdoc (Adrian Bunk)
- NOTE: 20241206: Added by coordinator (roberto)
- NOTE: 20241206: CVE-2023-33863, CVE-2023-33864, and CVE-2023-33865 were
fixed in buster, are still open (no-dsa) in bullseye and bookworm
- NOTE: 20241206:
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/171
---
ruby-doorkeeper (Adrian Bunk)
NOTE: 20241206: Added by coordinator (roberto)
NOTE: 20241206: CVE-2023-34246 was fixed in buster, is still open (no-dsa)
in bullseye and bookworm
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c419ab4486502c4bd4fbaca36bb59871c8d843b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c419ab4486502c4bd4fbaca36bb59871c8d843b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
