Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c532277 by security tracker role at 2026-06-10T19:13:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,16 +1,256 @@
+CVE-2026-9758 (Improper comparison with the certificates trusted list in S2OPC
allows ...)
+ TODO: check
+CVE-2026-9151 (An OS command injection vulnerability exists in the VPN module
of TP-L ...)
+ TODO: check
+CVE-2026-9045 (During an internal security assessment, a potential
vulnerability was ...)
+ TODO: check
+CVE-2026-9019 (The Easy Image Collage plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2026-8853 (The MW WP Form plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-8637 (A potential uncontrolled search path vulnerability was reported
in the ...)
+ TODO: check
+CVE-2026-8613 (The aThemes Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-8335 (A missing authentication check on the Aix\u2011DB
"/llm/process_llm_ou ...)
+ TODO: check
+CVE-2026-7516 (A vulnerability was identified in the Lenovo Android
Application, dist ...)
+ TODO: check
+CVE-2026-6090 (A potential authentication bypass was reported in Lenovo Smart
Connect ...)
+ TODO: check
+CVE-2026-53698 (Silverpeas through 6.4.6 mishandles the "Personal space"
feature that ...)
+ TODO: check
+CVE-2026-53694 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
+ TODO: check
+CVE-2026-53693 (A stored cross-site scripting vulnerability existed in
MISPBSimVis tag ...)
+ TODO: check
+CVE-2026-53689 (libnfs through 6.0.2 before 55c18ea does not validate a string
size, l ...)
+ TODO: check
+CVE-2026-53476 (A flaw was found in assisted-migration-agent. An
unauthenticated attac ...)
+ TODO: check
+CVE-2026-53475 (A flaw was found in assisted-migration-agent. The application
hardcode ...)
+ TODO: check
+CVE-2026-53474 (A flaw was found in migration-planner. A remote authenticated
attacker ...)
+ TODO: check
+CVE-2026-53473 (A flaw was found in migration-planner-ui-app. An attacker can
register ...)
+ TODO: check
+CVE-2026-53471 (A flaw was found in migration-planner. The agent-API
middleware proces ...)
+ TODO: check
+CVE-2026-53470 (A flaw was found in migration-planner. An authenticated
attacker could ...)
+ TODO: check
+CVE-2026-53469 (A flaw was found in migration-planner. An authenticated user
can explo ...)
+ TODO: check
+CVE-2026-53442 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not
encrypt se ...)
+ TODO: check
+CVE-2026-53441 (Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1
through 2.55 ...)
+ TODO: check
+CVE-2026-53440 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not
ensure tha ...)
+ TODO: check
+CVE-2026-53439 (Missing permission checks in Jenkins 2.567 and earlier, LTS
2.555.2 an ...)
+ TODO: check
+CVE-2026-53438 (A missing permission check in Jenkins 2.567 and earlier, LTS
2.555.2 a ...)
+ TODO: check
+CVE-2026-53437 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly
determin ...)
+ TODO: check
+CVE-2026-53436 (Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly
determin ...)
+ TODO: check
+CVE-2026-53435 (In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is
possible ...)
+ TODO: check
+CVE-2026-52759 (Ghidra before 12.1.1 contains an uncontrolled memory
allocation vulner ...)
+ TODO: check
+CVE-2026-52758 (Ghidra before 12.1 contains a SQL injection vulnerability in
BSim filt ...)
+ TODO: check
+CVE-2026-52757 (Ghidra before 12.1 contains a heap-use-after-free
vulnerability in the ...)
+ TODO: check
+CVE-2026-52756 (Ghidra before 12.2 contains an unauthenticated path traversal
vulnerab ...)
+ TODO: check
+CVE-2026-52755 (Ghidra before 12.0.4 contains a path traversal vulnerability
in the th ...)
+ TODO: check
+CVE-2026-52754 (Ghidra before 12.1 contains an authentication bypass
vulnerability in ...)
+ TODO: check
+CVE-2026-52753 (Ghidra before 12.0.3 contains an out-of-memory vulnerability
in the ru ...)
+ TODO: check
+CVE-2026-52752 (Ghidra before 12.0.2 contains a path traversal vulnerability
in the ex ...)
+ TODO: check
+CVE-2026-52751 (Ghidra before 12.1 contains an unsafe deserialization
vulnerability in ...)
+ TODO: check
+CVE-2026-52750 (Ghidra before 12.1 contains a command injection vulnerability
in URL a ...)
+ TODO: check
+CVE-2026-50639 (Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl
does not ...)
+ TODO: check
+CVE-2026-50638 (Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl
does no ...)
+ TODO: check
+CVE-2026-50637 (Metrics::Any::Adapter::Statsd versions before 0.04 for Perl
does not p ...)
+ TODO: check
+CVE-2026-50570 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-50569 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-50568 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-50567 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-50566 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-50565 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-50564 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-50563 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-50545 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-49824 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-49823 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-49822 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-49821 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-49760 (Stack-based Buffer Overflow vulnerability in Erlang OTP
(erl_interface ...)
+ TODO: check
+CVE-2026-49759 (Stack-based Buffer Overflow vulnerability in Erlang OTP erts
(inet_drv ...)
+ TODO: check
+CVE-2026-49498 (Ghidra 11.0 before 12.1 contains a SQL injection vulnerability
in the ...)
+ TODO: check
+CVE-2026-49497 (Ghidra before 12.1 contains a path traversal vulnerability in
SameDirD ...)
+ TODO: check
+CVE-2026-49496 (Ghidra before 12.1 contains a heap-use-after-free
vulnerability in Sle ...)
+ TODO: check
+CVE-2026-49495 (Ghidra 10.2 before 12.1 contains an uncontrolled resource
consumption ...)
+ TODO: check
+CVE-2026-49069 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-48860 (Reliance on IP Address for Authentication vulnerability in
Erlang/OTP ...)
+ TODO: check
+CVE-2026-48859 (Observable Timing Discrepancy vulnerability in Erlang/OTP ssh
(ssh_aut ...)
+ TODO: check
+CVE-2026-48858 (Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP
ftp (ft ...)
+ TODO: check
+CVE-2026-48856 (Sensitive Data Exposure vulnerability in Erlang OTP inets
(httpc_respo ...)
+ TODO: check
+CVE-2026-48855 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2026-48556
+ REJECTED
+CVE-2026-48096 (OpenFGA is an authorization/permission engine built for
developers. Pr ...)
+ TODO: check
+CVE-2026-46642 (draw.io is a configurable diagramming and whiteboarding
application. P ...)
+ TODO: check
+CVE-2026-46618 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-46617 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-46616 (Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and
17.4.0, some ...)
+ TODO: check
+CVE-2026-46614 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-46612 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
+ TODO: check
+CVE-2026-46609 (Umbraco is an ASP.NET CMS. From version 14.0.0 to before
version 17.4. ...)
+ TODO: check
+CVE-2026-46558 (Plane is an open-source project management tool. Prior to
version 1.3. ...)
+ TODO: check
+CVE-2026-46497 (Crawlee is a web scraping and browser automation library. From
version ...)
+ TODO: check
+CVE-2026-45569 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45567 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45566 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45565 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45564 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45563 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45561 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45560 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45559 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45558 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45556 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45552 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45550 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45549 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-45062 (FrankenPHP is a modern application server for PHP. From
version 1.11.2 ...)
+ TODO: check
+CVE-2026-3018 (The Newsletters plugin for WordPress is vulnerable to
time-based SQL I ...)
+ TODO: check
+CVE-2026-25700 (Improper Restriction of Security Token Assignment
vulnerability in Apa ...)
+ TODO: check
+CVE-2026-24067 (Slate Digital Connect 1.37.0 for macOS installs a privileged
helper to ...)
+ TODO: check
+CVE-2026-24066 (Slate Digital Connect 1.37.0 for macOS installs a privileged
helper to ...)
+ TODO: check
+CVE-2026-20260 (In Splunk SOAR (Security Orchestration, Automation, and
Response) vers ...)
+ TODO: check
+CVE-2026-20259 (In Splunk Enterprise versions below 10.2.4 and 10.0.7, and
Splunk Clou ...)
+ TODO: check
+CVE-2026-20258 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
+ TODO: check
+CVE-2026-20257 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
+ TODO: check
+CVE-2026-20256 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
+ TODO: check
+CVE-2026-20255 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
+ TODO: check
+CVE-2026-20254 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
+ TODO: check
+CVE-2026-20253 (In Splunk Enterprise versions below 10.2.4 and 10.0.7, and
Splunk Clou ...)
+ TODO: check
+CVE-2026-20252 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
+ TODO: check
+CVE-2026-20251 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
+ TODO: check
+CVE-2026-11884 (A heap buffer overflow flaw was found in 389 Directory Server.
When se ...)
+ TODO: check
+CVE-2026-11859 (An HTML injection vulnerability in the "fetch links" email
sent by Thi ...)
+ TODO: check
+CVE-2026-11626 (CleanWipe Removal Tool (macOS), prior to 16.0.0.65,may be
susceptible ...)
+ TODO: check
+CVE-2026-11596 (In ScreenConnect\u2122 versions prior to 26.2, input
validation within ...)
+ TODO: check
+CVE-2026-11417 (OS command injection in the NodejsFunction local bundling
pipeline in ...)
+ TODO: check
+CVE-2026-10740 (Unbounded memory allocation in the CRYPTO frame reassembler in
s2n-qui ...)
+ TODO: check
+CVE-2026-10721 (Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection
viaunse ...)
+ TODO: check
+CVE-2025-71330 (image-size through 2.0.2 contains a denial of service
vulnerability th ...)
+ TODO: check
+CVE-2025-71329 (image-size through 2.0.2 contains a denial of service
vulnerability th ...)
+ TODO: check
+CVE-2025-6254 (The Doctreat Core plugin for WordPress is vulnerable to
Privilege Esca ...)
+ TODO: check
+CVE-2025-10238 (During an internal security assessment, apotential
out-of-bounds write ...)
+ TODO: check
+CVE-2025-10237 (During an internal security assessment, a potential
vulnerability was ...)
+ TODO: check
+CVE-2024-58350 (Ghidra before 11.2 contains a use after free vulnerability in
the Slei ...)
+ TODO: check
CVE-2026-XXXX [OnionShare follows symlinks in shared directories, allowing
unintended disclosure of local files]
- onionshare <unfixed>
NOTE:
https://github.com/onionshare/onionshare/security/advisories/GHSA-22p9-r2f5-22mf
CVE-2026-XXXX [OnionShare Receive mode writes uploaded files even when file
uploads are disabled]
- onionshare <unfixed>
NOTE:
https://github.com/onionshare/onionshare/security/advisories/GHSA-v833-3823-cmhp
-CVE-2026-11853
+CVE-2026-11853 (Debusine is an integrated solution to build, distribute and
maintain a ...)
- debusine 0.14.9
[trixie] - debusine <no-dsa> (Will be fixed via point release)
NOTE: https://salsa.debian.org/freexian-team/debusine/-/work_items/1484
NOTE:
https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3103
NOTE:
https://salsa.debian.org/freexian-team/debusine/-/commit/c24cdc49fb258714767546bdec5b09f8065d414e
-CVE-2026-11852
+CVE-2026-11852 (Debusine is an integrated solution to build, distribute and
maintain a ...)
- debusine 0.14.6
[trixie] - debusine <no-dsa> (Will be fixed via point release)
NOTE: https://salsa.debian.org/freexian-team/debusine/-/work_items/1499
@@ -340,7 +580,7 @@ CVE-2026-10238
REJECTED
CVE-2025-8444 (The Animation Addons for Elementor \u2013 GSAP Powered
Elementor Addon ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-71319 (image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a
denial ...)
+CVE-2025-71319 (image-size through 2.0.2 contains a denial of service
vulnerability th ...)
NOT-FOR-US: Node image-size
CVE-2025-66281 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
NOT-FOR-US: QNAP
@@ -427,7 +667,7 @@ CVE-2026-49959 (Hermes WebUI before version 0.51.311
contains a remote code exec
NOT-FOR-US: Hermes WebUI
CVE-2026-49958 (Hermes WebUI before version 0.51.303 contains a time-of-check
time-of- ...)
NOT-FOR-US: Hermes WebUI
-CVE-2026-49957 (Hermes WebUI before version 0.51.269 contains a workspace
boundary byp ...)
+CVE-2026-49957 (Hermes WebUI before version 0.51.296 contains a workspace
boundary byp ...)
NOT-FOR-US: Hermes WebUI
CVE-2026-49956 (Hermes WebUI before version 0.51.269 contains a profile
isolation bypa ...)
NOT-FOR-US: Hermes WebUI
@@ -1280,7 +1520,7 @@ CVE-2026-0419 (Insufficient input validation in NETGEAR
JR6150 (AC750 WiFi Route
NOT-FOR-US: Netgear
CVE-2026-0418 (Insufficient configuration management in the listed
devicesallows auth ...)
NOT-FOR-US: Netgear
-CVE-2026-0417 (Insufficient input validation vulnerability in
NETGEARdevicesallows au ...)
+CVE-2026-0417 (Insufficient input validation vulnerability in the listed
NETGEARdevic ...)
NOT-FOR-US: Netgear
CVE-2026-0416 (Authenticated administrators connected to the local network can
modify ...)
NOT-FOR-US: Netgear
@@ -5971,7 +6211,7 @@ CVE-2021-4481 (Dr\xe4ger Protector Software prior to
version 6.4.2 contains a lo
NOT-FOR-US: Draeger
CVE-2021-4480 (Dr\xe4ger Protector Software prior to version 6.4.2 contains a
local p ...)
NOT-FOR-US: Draeger
-CVE-2021-4479 (Dr\xe4ger Atlan A350 software versions 1.00 through 1.01
contains an i ...)
+CVE-2021-4479 (Dr\xe4ger Atlan A350 versions 1.00 up to and including 1.01
contains a ...)
NOT-FOR-US: Draeger
CVE-2021-4478 (Dr\xe4ger CC-Vision Basic before 7.5.3 and Dr\xe4ger CC-Vision
E-Cal b ...)
NOT-FOR-US: Draeger
@@ -21156,31 +21396,31 @@ CVE-2026-42304 (Twisted is an event-based framework
for internet applications, s
NOTE: Introduced with:
https://github.com/twisted/twisted/commit/e11cd82bdd79b3ebbb0e8635cbb9c76df2b5af09
(twisted-11.1.0)
NOTE: Fixed by:
https://github.com/twisted/twisted/commit/2d196123264efb0027eecfe1b430be4a9babdbd8
(twisted-26.4.0rc1)
CVE-2026-2291 (dnsmasqs extract_name() function can be abused to cause a heap
buffer ...)
- {DSA-6264-1}
+ {DSA-6264-1 DLA-4625-1}
- dnsmasq 2.92-5
NOTE:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
NOTE: https://xchglabs.com/blog/dnsmasq-five-cves.html
NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=014e909f787e808bb35daa546d3f8f3663918de2
(v2.93rc1)
CVE-2026-4890 (A Denial of Service (DoS) vulnerability in the DNSSEC
validation of dn ...)
- {DSA-6264-1}
+ {DSA-6264-1 DLA-4625-1}
- dnsmasq 2.92-5
NOTE:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
NOTE: https://xchglabs.com/blog/dnsmasq-five-cves.html
NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7b151eb60609a0139474918222806f9bcfb4fe71
(v2.93rc1)
CVE-2026-4891 (A heap-based out-of-bounds read vulnerability in the DNSSEC
validation ...)
- {DSA-6264-1}
+ {DSA-6264-1 DLA-4625-1}
- dnsmasq 2.92-5
NOTE:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
NOTE: https://xchglabs.com/blog/dnsmasq-five-cves.html
NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=788b4e0f6c05217981b512bed4e5fea6f8855d01
(v2.93rc1)
CVE-2026-4892 (A heap-based out-of-bounds write vulnerability in the DHCPv6
implement ...)
- {DSA-6264-1}
+ {DSA-6264-1 DLA-4625-1}
- dnsmasq 2.92-5
NOTE:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
NOTE: https://xchglabs.com/blog/dnsmasq-five-cves.html
NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=10e6b5b83e80749cba7b090d7780b29f908f0571
(v2.93rc1)
CVE-2026-4893 (An information disclosure vulnerability in dnsmasq allows
remote attac ...)
- {DSA-6264-1}
+ {DSA-6264-1 DLA-4625-1}
- dnsmasq 2.92-5
NOTE:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
NOTE: https://xchglabs.com/blog/dnsmasq-five-cves.html
@@ -21967,7 +22207,7 @@ CVE-2026-3318 (Open redirection vulnerability in the
latest demo version of the
NOT-FOR-US: Cradle eCommerce platform
CVE-2026-39816 (The optional extension component TinkerpopClientService is
missing the ...)
NOT-FOR-US: Apache software not packaged in Debian
-CVE-2026-38361 (An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2
allows a ...)
+CVE-2026-38361 (Multiple unauthenticated denial-of-service (DoS) issues in
fohrloop da ...)
NOT-FOR-US: fohrloop dash-uploader
CVE-2026-38360 (Directory Traversal vulnerability in fohrloop dash-uploader
v.0.1.0 th ...)
NOT-FOR-US: fohrloop dash-uploader
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c532277f9b78044579a67ba06b19025b912bb78
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c532277f9b78044579a67ba06b19025b912bb78
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
