Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e90f5c2d by Moritz Muehlenhoff at 2019-03-22T11:27:19Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11663,13 +11663,13 @@ CVE-2019-5418 [File Content Disclosure in Action View]
- rails 2:5.2.2.1+dfsg-1 (bug #924520)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/5
CVE-2019-5417 (A path traversal vulnerability in serve npm package version
7.0.1 allo ...)
- TODO: check
+ NOT-FOR-US: node serve module
CVE-2019-5416 (A path traversal vulnerability in localhost-now npm package
version 1. ...)
- TODO: check
+ NOT-FOR-US: node localhost-now module
CVE-2019-5415 (A bug in handling the ignore files and directories feature in
serve 6. ...)
- TODO: check
+ NOT-FOR-US: node serve module
CVE-2019-5414 (If an attacker can control the port, which in itself is a very
sensiti ...)
- TODO: check
+ NOT-FOR-US: kill-port node module
CVE-2019-5413 (An attacker can use the format parameter to inject arbitrary
commands ...)
NOT-FOR-US: morgan node module
CVE-2019-5412
@@ -26951,7 +26951,7 @@ CVE-2018-19193 (An issue was discovered in XiaoCms
20141229. There is XSS via th
CVE-2018-19192 (An issue was discovered in XiaoCms 20141229.
admin/index.php?c=content ...)
NOT-FOR-US: XiaoCms
CVE-2018-19191 (Webmin 1.890 has XSS via /config.cgi?webmin, the
/shell/index.cgi hist ...)
- TODO: check
+ NOT-FOR-US: Webmin
CVE-2018-19190 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through
2018-04 ...)
NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19189 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through
2018-04 ...)
@@ -27017,7 +27017,7 @@ CVE-2018-19160
CVE-2018-19159
RESERVED
CVE-2018-19158 (ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake
cryptocurre ...)
- TODO: check
+ NOT-FOR-US: ColossusCoinXT
CVE-2018-19157
RESERVED
CVE-2018-19156
@@ -27613,7 +27613,7 @@ CVE-2018-18915 (There is an infinite loop in the
Exiv2::Image::printIFDStructure
CVE-2018-18914
RESERVED
CVE-2018-18913 (Opera before 57.0.3098.106 is vulnerable to a DLL Search Order
hijacki ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2018-18912
RESERVED
CVE-2018-18911
@@ -27681,9 +27681,9 @@ CVE-2018-18885
CVE-2018-18884
RESERVED
CVE-2018-18882 (A stored cross-site scripting (XSS) issue was discovered in
ControlByW ...)
- TODO: check
+ NOT-FOR-US: ControlByWeb
CVE-2018-18881 (A Denial of Service (DOS) issue was discovered in ControlByWeb
X-320M- ...)
- TODO: check
+ NOT-FOR-US: ControlByWeb
CVE-2018-18880
RESERVED
CVE-2018-18879
@@ -27723,7 +27723,7 @@ CVE-2018-18864 (Loadbalancer.org Enterprise VA MAX
before 8.3.3 has XSS because
CVE-2018-18863
RESERVED
CVE-2018-18862 (BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR
System has ...)
- TODO: check
+ NOT-FOR-US: BMC
CVE-2018-18861 (Buffer overflow in PCMan FTP Server 2.0.7 allows for remote
code execu ...)
NOT-FOR-US: PCMan FTP Server
CVE-2018-18860 (A local privilege escalation vulnerability has been identified
in the ...)
@@ -27762,7 +27762,7 @@ CVE-2018-18847
CVE-2018-18846
RESERVED
CVE-2018-18845 (internal/advanced_comment_system/index.php and
internal/advanced_comme ...)
- TODO: check
+ NOT-FOR-US: Advanced Comment System
CVE-2018-18844
RESERVED
CVE-2018-18843 (The Kubernetes integration in GitLab Enterprise Edition 11.x
before 11 ...)
@@ -27885,7 +27885,7 @@ CVE-2018-18800
CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via
event/controller. ...)
NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18798 (School Attendance Monitoring System 1.0 has SQL Injection via
user/con ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18797 (School Attendance Monitoring System 1.0 has CSRF via
/user/user/edit.p ...)
NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18796 (Library Management System 1.0 has SQL Injection via the
"Search for Bo ...)
@@ -27964,7 +27964,7 @@ CVE-2018-18764 (An exploitable arbitrary memory read
vulnerability exists in the
CVE-2018-18763 (SaltOS 3.1 r8126 allows
action=ajax&query=numbers&page=usuario ...)
NOT-FOR-US: SaltOS
CVE-2018-18762 (SaltOS 3.1 r8126 allows CSRF. ...)
- TODO: check
+ NOT-FOR-US: SaltOS
CVE-2018-18761 (SaltOS 3.1 r8126 allows
action=login&querystring=&user=[SQL] S ...)
NOT-FOR-US: SaltOS
CVE-2018-18760 (RhinOS 3.0 build 1190 allows CSRF. ...)
@@ -28758,7 +28758,7 @@ CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3
build 123214 allows Unre
CVE-2018-18474
RESERVED
CVE-2018-18473 (A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N
devices ...)
- TODO: check
+ NOT-FOR-US: PATLITE NBM-D88N
CVE-2018-18472
RESERVED
CVE-2018-18471
@@ -28772,7 +28772,7 @@ CVE-2018-18468
CVE-2018-18467 (An issue was discovered in Daniel Gultsch Conversations 2.3.4.
It is p ...)
NOT-FOR-US: Daniel Gultsch Conversations
CVE-2018-18466 (An issue was discovered in SecurEnvoy SecurAccess 9.3.502.
When put in ...)
- TODO: check
+ NOT-FOR-US: SecurEnvoy SecurAccess
CVE-2018-18465
RESERVED
CVE-2018-18464
@@ -28883,7 +28883,7 @@ CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb
Registro Elettronico 1.7.0,
CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the
console/acco ...)
NOT-FOR-US: JTBC(PHP)
CVE-2018-18435 (KioWare Server 4.9.6 allows local users to gain privileges by
replacin ...)
- TODO: check
+ NOT-FOR-US: KioWare Server
CVE-2018-18434 (An issue was discovered in litemall 0.9.0. Arbitrary file
download is ...)
NOT-FOR-US: litemall
CVE-2018-18433 (An issue was discovered in DESTOON B2B 7.0.
admin/category.inc.php has ...)
@@ -30145,9 +30145,9 @@ CVE-2018-17999
CVE-2018-17998
RESERVED
CVE-2018-17997 (LayerBB 1.1.1 allows XSS via the titles of conversations
(PMs). ...)
- TODO: check
+ NOT-FOR-US: LayerBB
CVE-2018-17996 (LayerBB before 1.1.3 allows CSRF for adding a user via
admin/new_user. ...)
- TODO: check
+ NOT-FOR-US: LayerBB
CVE-2018-17995
RESERVED
CVE-2018-17994
@@ -31300,47 +31300,47 @@ CVE-2018-17504
CVE-2018-17503
RESERVED
CVE-2018-17502 (The Receptionist for iPad could allow a local attacker to
obtain sensi ...)
- TODO: check
+ NOT-FOR-US: Receptionist for iPad
CVE-2018-17501
RESERVED
CVE-2018-17500 (Envoy Passport for Android and Envoy Passport for iPhone could
allow a ...)
- TODO: check
+ NOT-FOR-US: Envoy Passport
CVE-2018-17499 (Envoy Passport for Android and Envoy Passport for iPhone could
allow a ...)
- TODO: check
+ NOT-FOR-US: Envoy Passport
CVE-2018-17498
RESERVED
CVE-2018-17497 (eVisitorPass contains default administrative credentials. An
attacker ...)
- TODO: check
+ NOT-FOR-US: eVisitorPass
CVE-2018-17496 (eVisitorPass could allow a local attacker to gain elevated
privileges ...)
- TODO: check
+ NOT-FOR-US: eVisitorPass
CVE-2018-17495 (eVisitorPass could allow a local attacker to gain elevated
privileges ...)
- TODO: check
+ NOT-FOR-US: eVisitorPass
CVE-2018-17494 (eVisitorPass could allow a local attacker to gain elevated
privileges ...)
- TODO: check
+ NOT-FOR-US: eVisitorPass
CVE-2018-17493 (eVisitorPass could allow a local attacker to gain elevated
privileges ...)
- TODO: check
+ NOT-FOR-US: eVisitorPass
CVE-2018-17492 (EasyLobby Solo contains default administrative credentials. An
attacke ...)
- TODO: check
+ NOT-FOR-US: EasyLobby Solo
CVE-2018-17491 (EasyLobby Solo could allow a local attacker to gain elevated
privilege ...)
- TODO: check
+ NOT-FOR-US: EasyLobby Solo
CVE-2018-17490 (EasyLobby Solo is vulnerable to a denial of service. By
visiting the k ...)
- TODO: check
+ NOT-FOR-US: EasyLobby Solo
CVE-2018-17489 (EasyLobby Solo could allow a local attacker to obtain
sensitive inform ...)
- TODO: check
+ NOT-FOR-US: EasyLobby Solo
CVE-2018-17488 (Lobby Track Desktop could allow a local attacker to gain
elevated priv ...)
- TODO: check
+ NOT-FOR-US: Lobby Track Desktop
CVE-2018-17487 (Lobby Track Desktop could allow a local attacker to gain
elevated priv ...)
- TODO: check
+ NOT-FOR-US: Lobby Track Desktop
CVE-2018-17486 (Lobby Track Desktop could allow a local attacker to bypass
security re ...)
- TODO: check
+ NOT-FOR-US: Lobby Track Desktop
CVE-2018-17485 (Lobby Track Desktop contains default administrative
credentials. An at ...)
- TODO: check
+ NOT-FOR-US: Lobby Track Desktop
CVE-2018-17484 (Lobby Track Desktop could allow a local attacker to obtain
sensitive i ...)
- TODO: check
+ NOT-FOR-US: Lobby Track Desktop
CVE-2018-17483 (Lobby Track Desktop could allow a local attacker to obtain
sensitive i ...)
- TODO: check
+ NOT-FOR-US: Lobby Track Desktop
CVE-2018-17482 (Lobby Track Desktop could allow a local attacker to obtain
sensitive i ...)
- TODO: check
+ NOT-FOR-US: Lobby Track Desktop
CVE-2018-17481 (Incorrect object lifecycle handling in PDFium in Google Chrome
prior t ...)
{DSA-4395-1 DSA-4352-1}
- chromium 71.0.3578.80-1
@@ -32151,7 +32151,7 @@ CVE-2018-17169
CVE-2018-17168
RESERVED
CVE-2018-17167 (PrinterOn Enterprise 4.1.4 suffers from multiple authenticated
stored ...)
- TODO: check
+ NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17166
RESERVED
CVE-2018-17165
@@ -33809,7 +33809,7 @@ CVE-2018-16565
CVE-2018-16564
RESERVED
CVE-2018-16563 (A vulnerability has been identified in Firmware variant IEC
61850 for ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-16562
RESERVED
CVE-2018-16561
@@ -33936,7 +33936,7 @@ CVE-2018-16521 (An XML External Entity (XXE)
vulnerability exists in HTML Form E
CVE-2018-16520
RESERVED
CVE-2018-16519 (COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS)
via URLs ...)
- TODO: check
+ NOT-FOR-US: COYO
CVE-2018-16518 (A directory traversal vulnerability with remote code execution
in Prim ...)
NOT-FOR-US: Prim'X Zed! FREE
CVE-2018-16517 (asm/labels.c in Netwide Assembler (NASM) is prone to NULL
Pointer Dere ...)
@@ -35461,7 +35461,7 @@ CVE-2018-15908 (In Artifex Ghostscript 9.23 before
2018-08-23, attackers are abl
CVE-2018-15907 (** DISPUTED ** Technicolor (formerly RCA) TC8305C devices
allow remote ...)
NOT-FOR-US: Technicolor (formerly RCA) TC8305C devices
CVE-2018-15906 (SolarWinds Serv-U FTP Server 15.1.6 allows remote
authenticated users ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2018-15905
RESERVED
CVE-2018-15904 (A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before
2.7.2-P ...)
@@ -35775,7 +35775,7 @@ CVE-2018-15820
CVE-2018-15819
RESERVED
CVE-2018-15818 (An issue was discovered in Repute ARForms 3.5.1 and prior. An
attacker ...)
- TODO: check
+ NOT-FOR-US: Repute ARForms
CVE-2018-15817
RESERVED
CVE-2018-15816
@@ -36545,7 +36545,7 @@ CVE-2018-15534 (Geutebrueck re_porter 16 before
7.8.974.20 has a possibility of
CVE-2018-15533 (A reflected cross-site scripting vulnerability exists in
Geutebrueck r ...)
NOT-FOR-US: Geutebrueck
CVE-2018-15532 (SynTP.sys in Synaptics Touchpad drivers before 2018-06-06
allows local ...)
- TODO: check
+ NOT-FOR-US: Synaptics Touchpad drivers
CVE-2018-15531 (JavaMelody before 1.74.0 has XXE via parseSoapMethodName in
bull/javam ...)
NOT-FOR-US: JavaMelody
CVE-2018-15530
@@ -36621,7 +36621,7 @@ CVE-2018-15500
CVE-2018-15499 (GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0,
allow lo ...)
NOT-FOR-US: GEAR Software
CVE-2018-15498 (YSoft SafeQ Server 6 allows a replay attack. ...)
- TODO: check
+ NOT-FOR-US: YSoft SafeQ
CVE-2018-15497 (The Mitel MiVoice 5330e VoIP device is affected by memory
corruption f ...)
NOT-FOR-US: Mitel
CVE-2018-15496
@@ -38353,7 +38353,7 @@ CVE-2018-14950 (The mail message display page in
SquirrelMail through 1.4.22 has
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14745 (Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi
driver ...)
- TODO: check
+ NOT-FOR-US: bcmdhd4538 wifi driver (not in mainline)
CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
NOT-FOR-US: cloudwu PBC
CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
@@ -38397,7 +38397,7 @@ CVE-2018-14726
CVE-2018-14725
RESERVED
CVE-2018-14724 (In the Ban List plugin 1.0 for MyBB, any forum user with mod
privilege ...)
- TODO: check
+ NOT-FOR-US: MyBB plugin
CVE-2018-14723
RESERVED
CVE-2018-14722 (An issue was discovered in evaluate_auto_mountpoint in
btrfsmaintenanc ...)
@@ -38942,7 +38942,7 @@ CVE-2018-14577
CVE-2018-14576 (The mintToken function of a smart contract implementation for
SunContr ...)
NOT-FOR-US: smart contract implementation for SunContract
CVE-2018-14575 (Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS)
via a t ...)
- TODO: check
+ NOT-FOR-US: MyBB plugin
CVE-2018-14574 (django.middleware.common.CommonMiddleware in Django 1.11.x
before 1.11 ...)
{DSA-4264-1}
- python-django 1:1.11.15-1 (bug #905216)
@@ -39241,7 +39241,7 @@ CVE-2018-14488
CVE-2018-14487
RESERVED
CVE-2018-14486 (DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting
(XSS) via ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-14485
RESERVED
CVE-2018-14484
@@ -41005,7 +41005,7 @@ CVE-2018-13800 (A vulnerability has been identified in
SIMATIC S7-1200 CPU famil
CVE-2018-13799 (A vulnerability has been identified in SIMATIC WinCC OA V3.14
and prio ...)
NOT-FOR-US: SIMATIC
CVE-2018-13798 (A vulnerability has been identified in SICAM A8000 CP-8000
(All versio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2018-13796 (An issue was discovered in GNU Mailman before 2.1.28. A
crafted URL ca ...)
{DLA-1442-1}
- mailman 1:2.1.27-1.1 (bug #903674)
@@ -42518,9 +42518,9 @@ CVE-2018-13106 (ClipperCMS 1.3.3 has stored XSS via the
"Tools -> Configurati
CVE-2018-13105
RESERVED
CVE-2018-13104 (OX App Suite 7.8.4 and earlier allows XSS. Internal reference:
58742 ( ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2018-13103 (OX App Suite 7.8.4 and earlier allows SSRF. ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2018-13102 (AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL
preload ...)
NOT-FOR-US: AnyDesk
CVE-2018-13101 (KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0
suffers from ...)
@@ -43653,7 +43653,7 @@ CVE-2018-12640 (The webService binary on Insteon HD IP
Camera White 2864-222 dev
CVE-2018-12639
RESERVED
CVE-2018-12638 (An issue was discovered in the Bose Soundtouch app 18.1.4 for
iOS. The ...)
- TODO: check
+ NOT-FOR-US: Bose
CVE-2018-1000559 (qutebrowser version introduced in v0.11.0
(1179ee7a937fb31414d77d9970b ...)
- qutebrowser 1.3.3-1
NOTE:
https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7
@@ -61037,7 +61037,7 @@ CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x
before 2.3.5, and 3.x before
CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the site_name parameter in a
page=admi ...)
NOT-FOR-US: Composr CMS
CVE-2018-6517 (Prior to version 0.3.0, chloride's use of net-ssh resulted in
host fin ...)
- TODO: check
+ NOT-FOR-US: chloride
CVE-2018-6516 (On Windows only, with a specifically crafted configuration file
an att ...)
- puppet <not-affected> (Specific issue Windows only)
CVE-2018-6515 (Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior
to 5.3. ...)
@@ -68104,9 +68104,9 @@ CVE-2018-4056 (An exploitable SQL injection
vulnerability exists in the administ
{DSA-4373-1 DLA-1671-1}
- coturn 4.5.1.0-1
CVE-2018-4055 (A local privilege escalation vulnerability exists in the
install helpe ...)
- TODO: check
+ NOT-FOR-US: Renderman
CVE-2018-4054 (A local privilege escalation vulnerability exists in the
install helpe ...)
- TODO: check
+ NOT-FOR-US: Renderman
CVE-2018-4053
RESERVED
CVE-2018-4052
@@ -68154,7 +68154,7 @@ CVE-2018-4032 (An exploitable privilege escalation
vulnerability exists in the w
CVE-2018-4031
RESERVED
CVE-2018-4030 (An exploitable vulnerability exists the safe browsing function
of the ...)
- TODO: check
+ NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4029
RESERVED
CVE-2018-4028
@@ -68199,7 +68199,7 @@ CVE-2018-4013 (An exploitable code execution
vulnerability exists in the HTTP pa
CVE-2018-4012 (An exploitable buffer overflow vulnerability exists in the HTTP
header ...)
NOT-FOR-US: Webroot BrightCloud SDK
CVE-2018-4011 (An exploitable integer underflow vulnerability exists in the
mdnscap b ...)
- TODO: check
+ NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4010 (An exploitable code execution vulnerability exists in the
connect func ...)
NOT-FOR-US: ProtonVPN client
CVE-2018-4009
@@ -68215,7 +68215,7 @@ CVE-2018-4005
CVE-2018-4004
RESERVED
CVE-2018-4003 (An exploitable heap overflow vulnerability exists in the
mdnscap binar ...)
- TODO: check
+ NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4002
RESERVED
CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in
the Offic ...)
@@ -68251,7 +68251,7 @@ CVE-2018-3987
CVE-2018-3986 (An exploitable information disclosure vulnerability exists in
the "Sec ...)
NOT-FOR-US: Telegram Android
CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap
binary ...)
- TODO: check
+ NOT-FOR-US: CUJO Smart Firewall
CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within
the Wo ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3983
@@ -68290,7 +68290,7 @@ CVE-2018-3971 (An exploitable arbitrary write
vulnerability exists in the 0x2222
CVE-2018-3970 (An exploitable memory disclosure vulnerability exists in the
0x222000 ...)
NOT-FOR-US: Sophos
CVE-2018-3969 (An exploitable vulnerability exists in the verified boot
protection of ...)
- TODO: check
+ NOT-FOR-US: CUJO Smart Firewall
CVE-2018-3968 (An exploitable vulnerability exists in the verified boot
protection of ...)
TODO: check
CVE-2018-3967 (An exploitable use-after-free vulnerability exists in the
JavaScript e ...)
@@ -68302,7 +68302,7 @@ CVE-2018-3965 (An exploitable use-after-free
vulnerability exists in the JavaScr
CVE-2018-3964 (An exploitable use-after-free vulnerability exists in the
JavaScript e ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3963 (An exploitable command injection vulnerability exists in the
DHCP daem ...)
- TODO: check
+ NOT-FOR-US: CUJO Smart Firewall
CVE-2018-3962 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3961 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e90f5c2d4a0feba4dc2b3662bd95aefd85a86076
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e90f5c2d4a0feba4dc2b3662bd95aefd85a86076
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
