Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fe93e3e2 by Moritz Muehlenhoff at 2022-10-12T12:02:46+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,7 +47,7 @@ CVE-2022-3460
CVE-2022-3459
RESERVED
CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource
Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-42867
RESERVED
CVE-2022-42866
@@ -391,7 +391,7 @@ CVE-2022-42719
CVE-2022-42718
RESERVED
CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The
recommen ...)
- TODO: check
+ NOT-FOR-US: Hashicorp Packer
CVE-2022-42716
RESERVED
CVE-2022-42715
@@ -403,7 +403,7 @@ CVE-2022-42713
CVE-2022-42712
RESERVED
CVE-2022-42711 (In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker
application ...)
- TODO: check
+ NOT-FOR-US: Progress WhatsUp Gold
CVE-2022-42710
RESERVED
CVE-2022-42709
@@ -1847,23 +1847,23 @@ CVE-2022-42046
CVE-2022-42045
RESERVED
CVE-2022-42044 (The d8s-asns package for Python, as distributed on PyPI,
included a po ...)
- TODO: check
+ NOT-FOR-US: d8s-asns
CVE-2022-42043 (The d8s-xml package for Python, as distributed on PyPI,
included a pot ...)
- TODO: check
+ NOT-FOR-US: d8s-xml
CVE-2022-42042 (The d8s-networking package for Python, as distributed on PyPI,
include ...)
- TODO: check
+ NOT-FOR-US: d8s-networking
CVE-2022-42041 (The d8s-file-system package for Python, as distributed on
PyPI, includ ...)
- TODO: check
+ NOT-FOR-US: d8s-file-system
CVE-2022-42040 (The d8s-algorithms package for Python, as distributed on PyPI,
include ...)
- TODO: check
+ NOT-FOR-US: d8s-algorithms
CVE-2022-42039 (The d8s-lists package for Python, as distributed on PyPI,
included a p ...)
- TODO: check
+ NOT-FOR-US: d8s-lists
CVE-2022-42038 (The d8s-ip-addresses package for Python, as distributed on
PyPI, inclu ...)
- TODO: check
+ NOT-FOR-US: d8s-ip-addresses
CVE-2022-42037 (The d8s-asns package for Python, as distributed on PyPI,
included a po ...)
- TODO: check
+ NOT-FOR-US: d8s-asns
CVE-2022-42036 (The d8s-urls package for Python, as distributed on PyPI,
included a po ...)
- TODO: check
+ NOT-FOR-US: d8s-urls
CVE-2022-42035
RESERVED
CVE-2022-42034 (Wedding Planner v1.0 is vulnerable to arbitrary code execution
via use ...)
@@ -2237,7 +2237,7 @@ CVE-2022-41852 (Those using JXPath to interpret untrusted
XPath expressions may
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133
CVE-2022-41851 (A vulnerability has been identified in JTTK (All versions <
V11.1.1 ...)
- TODO: check
+ NOT-FOR-US: JTTK
CVE-2022-41836
RESERVED
CVE-2022-41835
@@ -3175,11 +3175,11 @@ CVE-2022-41534
CVE-2022-41533
RESERVED
CVE-2022-41532 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41531
RESERVED
CVE-2022-41530 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41529
RESERVED
CVE-2022-41528 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to
contain an a ...)
@@ -3425,11 +3425,11 @@ CVE-2022-41410
CVE-2022-41409
RESERVED
CVE-2022-41408 (Online Pet Shop We App v1.0 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: Online Pet Shop
CVE-2022-41407 (Online Pet Shop We App v1.0 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: Online Pet Shop
CVE-2022-41406 (An arbitrary file upload vulnerability in the
/admin/admin_pic.php com ...)
- TODO: check
+ NOT-FOR-US: Church Management System
CVE-2022-41405
RESERVED
CVE-2022-41404 (An issue in the fetch() method in the BasicProfile class of
org.ini4j ...)
@@ -3467,21 +3467,21 @@ CVE-2022-41389
CVE-2022-41388
RESERVED
CVE-2022-41387 (The d8s-pdfs package for Python, as distributed on PyPI,
included a po ...)
- TODO: check
+ NOT-FOR-US: d8s-pdfs
CVE-2022-41386 (The d8s-utility package for Python, as distributed on PyPI,
included a ...)
- TODO: check
+ NOT-FOR-US: d8s-utility
CVE-2022-41385 (The d8s-html package for Python, as distributed on PyPI,
included a po ...)
- TODO: check
+ NOT-FOR-US: d8s-html
CVE-2022-41384 (The d8s-domains package for Python, as distributed on PyPI,
included a ...)
- TODO: check
+ NOT-FOR-US: d8s-domains
CVE-2022-41383 (The d8s-archives package for Python, as distributed on PyPI,
included ...)
- TODO: check
+ NOT-FOR-US: d8s-archives
CVE-2022-41382 (The d8s-json package for Python, as distributed on PyPI,
included a po ...)
- TODO: check
+ NOT-FOR-US: d8s-json
CVE-2022-41381 (The d8s-utility package for Python, as distributed on PyPI,
included a ...)
- TODO: check
+ NOT-FOR-US: d8s-utility
CVE-2022-41380 (The d8s-yaml package for Python, as distributed on PyPI,
included a po ...)
- TODO: check
+ NOT-FOR-US: d8s-yaml
CVE-2022-41379 (An arbitrary file upload vulnerability in the component
/leave_system/ ...)
NOT-FOR-US: Online Leave Management System
CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL
injection ...)
@@ -3970,95 +3970,95 @@ CVE-2022-41212
CVE-2022-41211
RESERVED
CVE-2022-41210 (SAP Customer Data Cloud (Gigya mobile app for Android) -
version 7.4, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41209 (SAP Customer Data Cloud (Gigya mobile app for Android) -
version 7.4, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41208
RESERVED
CVE-2022-41207
RESERVED
CVE-2022-41206 (SAP BusinessObjects Business Intelligence platform (Analysis
for OLAP) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41205
RESERVED
CVE-2022-41204 (An attacker can change the content of an SAP Commerce -
versions 1905, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41203
RESERVED
CVE-2022-41202 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41201 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41200 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41199 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41198 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41197 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41196 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41195 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41194 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41193 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41192 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41191 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41190 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41189 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41188 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41187 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41186 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41185 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41184 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41183 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41182 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41181 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41180 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41179 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41178 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41177 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41176 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41175 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41174 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41173 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41172 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41171 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41170 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41169 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41168 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41167 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41166 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-41165
RESERVED
CVE-2022-41164
@@ -4622,7 +4622,7 @@ CVE-2022-40923 (A vulnerability in the
LIEF::MachO::SegmentCommand::virtual_addr
CVE-2022-40922 (A vulnerability in the
LIEF::MachO::BinaryParser::init_and_parse funct ...)
NOT-FOR-US: LIEF
CVE-2022-40921 (DedeCMS V5.7.99 was discovered to contain an arbitrary file
upload vul ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2022-40920
RESERVED
CVE-2022-40919
@@ -4910,7 +4910,7 @@ CVE-2022-40779
CVE-2022-40778 (A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT
MetaDefend ...)
NOT-FOR-US: OPSWAT MetaDefender ICAP Server
CVE-2022-40777 (Interspire Email Marketer through 6.5.0 allows arbitrary file
upload v ...)
- TODO: check
+ NOT-FOR-US: Interspire Email Marketer
CVE-2022-40776
RESERVED
CVE-2022-40775 (An issue was discovered in Bento4 through 1.6.0-639. A NULL
pointer de ...)
@@ -5738,7 +5738,7 @@ CVE-2022-40471
CVE-2022-40470
RESERVED
CVE-2022-40469 (iKuai8 v3.6.7 was discovered to contain an authenticated
remote code e ...)
- TODO: check
+ NOT-FOR-US: iKuai8
CVE-2022-40468 (Potential leak of left-over heap data if custom error page
templates c ...)
- tinyproxy 1.11.1-2 (bug #1021015)
[bullseye] - tinyproxy <no-dsa> (Minor issue)
@@ -5799,7 +5799,7 @@ CVE-2022-40442
CVE-2022-40441
RESERVED
CVE-2022-40440 (mxGraph v4.2.2 was discovered to contain a cross-site
scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: mxGraph
CVE-2022-40439 (An memory leak issue was discovered in
AP4_StdcFileByteStream::Create ...)
NOT-FOR-US: Bento4
CVE-2022-40438 (Buffer overflow vulnerability in function
AP4_MemoryByteStream::WriteP ...)
@@ -6313,7 +6313,7 @@ CVE-2022-38098
CVE-2022-38095 (Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus
Advanced ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38086 (Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes
Ultimate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38085 (Cross-Site Request Forgery (CSRF) vulnerability in Read more
By Adam p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38077
@@ -7269,23 +7269,23 @@ CVE-2022-3119 (The OAuth client Single Sign On
WordPress plugin before 3.0.4 doe
CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project.
It has ...)
NOT-FOR-US: Sourcecodehero ERP System Project
CVE-2022-39808 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39807 (Due to lack of proper memory management, when a victim opens
manipulat ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39806 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39805 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39804 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39803 (Due to lack of proper memory management, when a victim opens a
manipul ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39802 (SAP Manufacturing Execution - versions 15.1, 15.2, 15.3,
allows an att ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39801 (SAP GRC Access control Emergency Access Management allows an
authentic ...)
NOT-FOR-US: SAP
CVE-2022-39800 (SAP BusinessObjects BI LaunchPad - versions 420, 430, is
susceptible t ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39799 (An attacker with no prior authentication could craft and send
maliciou ...)
NOT-FOR-US: SAP
CVE-2022-3117
@@ -8335,7 +8335,7 @@ CVE-2022-39298
CVE-2022-39297
RESERVED
CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's
assets locat ...)
- TODO: check
+ NOT-FOR-US: MelisAssetManager
CVE-2022-39295
RESERVED
CVE-2022-39294
@@ -8401,7 +8401,7 @@ CVE-2022-39273 (FlyteAdmin is the control plane for the
data processing platform
CVE-2022-39272
RESERVED
CVE-2022-39271 (Traefik (pronounced traffic) is a modern HTTP reverse proxy
and load b ...)
- TODO: check
+ NOT-FOR-US: Traefik
CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table
of cont ...)
NOT-FOR-US: DiscoTOC Discourse theme
CVE-2022-39269 (PJSIP is a free and open source multimedia communication
library writt ...)
@@ -9195,11 +9195,11 @@ CVE-2022-3034
[buster] - thunderbird <not-affected> (Only affects ESR102)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034
CVE-2022-39015 (Under certain conditions, BOE AdminTools/ BOE SDK allows an
attacker t ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39014 (Under certain conditions SAP BusinessObjects Business
Intelligence Pla ...)
NOT-FOR-US: SAP
CVE-2022-39013 (Under certain conditions an authenticated attacker can get
access to O ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-39012
RESERVED
CVE-2022-39011
@@ -9665,7 +9665,7 @@ CVE-2022-38453 (Multiple binary application files on the
CMS8000 device are comp
CVE-2022-38399 (Missing protection mechanism for alternate hardware interface
in SmaCa ...)
NOT-FOR-US: SmaCam
CVE-2022-38138 (The Triangle Microworks IEC 61850 Library (Any client or
server using ...)
- TODO: check
+ NOT-FOR-US: Triangle Microworks IEC 61850 Library
CVE-2022-38100 (The CMS800 device fails while attempting to parse malformed
network da ...)
NOT-FOR-US: Contec Health
CVE-2022-38069 (Multiple globally default credentials exist across all CMS8000
devices ...)
@@ -12550,7 +12550,7 @@ CVE-2022-2722 (A vulnerability was found in
SourceCodester Simple Student Inform
CVE-2022-2721
RESERVED
CVE-2022-2720 (In affected versions of Octopus Server it was identified that
when a s ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2021-46833
RESERVED
CVE-2021-46832
@@ -12580,7 +12580,7 @@ CVE-2022-37866
CVE-2022-37865
RESERVED
CVE-2022-37864 (A vulnerability has been identified in Solid Edge (All
Versions < S ...)
- TODO: check
+ NOT-FOR-US: Solid Edge
CVE-2022-35733 (Missing authentication for critical function vulnerability in
UNIMO Te ...)
NOT-FOR-US: Technology digital video recorders firmware
CVE-2022-2719 (In ImageMagick, a crafted file could trigger an assertion
failure when ...)
@@ -13122,7 +13122,7 @@ CVE-2022-37619
CVE-2022-37618
RESERVED
CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in
resolve- ...)
- TODO: check
+ NOT-FOR-US: Node browserify-shim
CVE-2022-37616 (A prototype pollution vulnerability exists in the function
copy in dom ...)
- node-xmldom <unfixed> (bug #1021618)
NOTE: https://github.com/xmldom/xmldom/issues/436
@@ -13138,11 +13138,11 @@ CVE-2022-37613
CVE-2022-37612
RESERVED
CVE-2022-37611 (Prototype pollution vulnerability in tschaub gh-pages 3.1.0
via the pa ...)
- TODO: check
+ NOT-FOR-US: Node gh-pages
CVE-2022-37610
RESERVED
CVE-2022-37609 (Prototype pollution vulnerability in beautify-web js-beautify
1.13.7 v ...)
- TODO: check
+ NOT-FOR-US: Node js-beautify
CVE-2022-37608
RESERVED
CVE-2022-37607
@@ -13162,7 +13162,7 @@ CVE-2022-37601
CVE-2022-37600
RESERVED
CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found
in Funct ...)
- TODO: check
+ NOT-FOR-US: loader-utils
CVE-2022-37598
RESERVED
CVE-2022-37597
@@ -16092,7 +16092,7 @@ CVE-2022-2531 (An issue has been discovered in GitLab
EE affecting all versions
CVE-2022-2530
RESERVED
CVE-2022-2529 (sflow decode package does not employ sufficient packet
sanitisation wh ...)
- TODO: check
+ NOT-FOR-US: goflow
CVE-2022-2528 (In affected versions of Octopus Deploy it is possible to upload
a pack ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-36439
@@ -16363,13 +16363,13 @@ CVE-2022-2507
CVE-2022-2506
RESERVED
CVE-2022-36363 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
- TODO: check
+ NOT-FOR-US: LOGO!
CVE-2022-36362 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
- TODO: check
+ NOT-FOR-US: LOGO!
CVE-2022-36361 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
- TODO: check
+ NOT-FOR-US: LOGO!
CVE-2022-36360 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
- TODO: check
+ NOT-FOR-US: LOGO!
CVE-2022-35239 (The image file management page of SolarView Compact
SV-CPT-MC310 Ver.7 ...)
NOT-FOR-US: SolarView Compact SV-CPT-MC310
CVE-2022-2505
@@ -17484,7 +17484,7 @@ CVE-2022-35958
CVE-2022-35957 (Grafana is an open-source platform for monitoring and
observability. V ...)
- grafana <removed>
CVE-2022-35956 (This Rails gem adds two methods to the ActiveRecord::Base
class that a ...)
- TODO: check
+ NOT-FOR-US: Ruby gem activerecord-update-by-case
CVE-2022-35955
RESERVED
CVE-2022-35954 (The GitHub Actions ToolKit provides a set of packages to make
creating ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe93e3e295ef7bc84f86145d1d284a8079d0dc6a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe93e3e295ef7bc84f86145d1d284a8079d0dc6a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
