[Git][security-tracker-team/security-tracker][master] reclaim packages
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 21ae6d51 by Thorsten Alteholz at 2019-11-11T07:31:57Z reclaim packages - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -80,8 +80,8 @@ linux-4.9 (Ben Hutchings) -- mesa (Sylvain Beucler) -- -opendmarc - NOTE: 20191027: still testing package +opendmarc (Thorsten Alteholz) + NOTE: 2019: still testing package -- openjdk-7 (Markus Koschany) NOTE: 20191103: According to upstream there is ongoing work on a new IcedTea release. @@ -123,7 +123,7 @@ slurm-llnl thunderbird (Emilio) NOTE: 20191105: toolchain almost ready (waiting for NEW) -- -tiff +tiff (Thorsten Alteholz) NOTE: 20191020: Time to fix the postponed CVE as well? (apo) -- tightvnc (Mike Gabriel) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21ae6d51736262525256a9ccb5a84f0284a2a56a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21ae6d51736262525256a9ccb5a84f0284a2a56a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Unclaim ansible
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: 906b03ba by Brian May at 2019-11-11T06:36:02Z Unclaim ansible CVE-2019-14846: Easy to fix CVE-2019-14858: Can't find required code to patch CVE-2019-14864: Can't find required code to patch Leaving for hopefully somebody who has a better idea how ansible internals work. - - - - - 12de6011 by Brian May at 2019-11-11T06:36:43Z Claiming angular.js - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -18,9 +18,9 @@ ampache (Roberto C. Sánchez) NOTE: 20191103: Upstream has provided a patch which does not apply to the version in jessie. NOTE: 20191109: Adapted upstream-provided patch to apply to Debian version. Waiting on feedback from upstream. (roberto) -- -angular.js +angular.js (Brian May) -- -ansible (Brian May) +ansible NOTE: 20191011: Code appears to be in lib/ansible/callbacks.py in jessie's version. (lamby) NOTE: CVE-2019-14846 should be an easy fix. NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d1d837e9eb5e56cf8ab6ec403910ed262ac85f0d...12de60117c2672412210e33c2c386a20eadcc91c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d1d837e9eb5e56cf8ab6ec403910ed262ac85f0d...12de60117c2672412210e33c2c386a20eadcc91c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen pushed to branch master at Debian Security Tracker / security-tracker Commits: d1d837e9 by Holger Levsen at 2019-11-11T02:36:31Z semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Holger Levsen- - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -18,7 +18,7 @@ ampache (Roberto C. Sánchez) NOTE: 20191103: Upstream has provided a patch which does not apply to the version in jessie. NOTE: 20191109: Adapted upstream-provided patch to apply to Debian version. Waiting on feedback from upstream. (roberto) -- -angular.js (Thorsten Alteholz) +angular.js -- ansible (Brian May) NOTE: 20191011: Code appears to be in lib/ansible/callbacks.py in jessie's version. (lamby) @@ -80,7 +80,7 @@ linux-4.9 (Ben Hutchings) -- mesa (Sylvain Beucler) -- -opendmarc (Thorsten Alteholz) +opendmarc NOTE: 20191027: still testing package -- openjdk-7 (Markus Koschany) @@ -123,7 +123,7 @@ slurm-llnl thunderbird (Emilio) NOTE: 20191105: toolchain almost ready (waiting for NEW) -- -tiff (Thorsten Alteholz) +tiff NOTE: 20191020: Time to fix the postponed CVE as well? (apo) -- tightvnc (Mike Gabriel) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1d837e9eb5e56cf8ab6ec403910ed262ac85f0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1d837e9eb5e56cf8ab6ec403910ed262ac85f0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla-needed: This is still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: c26804d0 by Adrian Bunk at 2019-11-10T22:00:46Z dla-needed: This is still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -63,7 +63,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20191027: work is ongoing + NOTE: 2019: work is ongoing -- libqb (Roberto C. Sánchez) NOTE: 20190616: Upstream patch does not apply at all, but it appears that View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c26804d04320b39f2cd1ed8b9cfbff9846e5cb5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c26804d04320b39f2cd1ed8b9cfbff9846e5cb5f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] squid fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c161a8de by Moritz Muehlenhoff at 2019-11-10T21:29:25Z squid fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2536,26 +2536,26 @@ CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195 NOTE: https://lkml.org/lkml/2019/9/18/337 CVE-2019-18679 [Information Disclosure issue in HTTP Digest Authentication] RESERVED - - squid + - squid 4.9-1 - squid3 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt CVE-2019-18678 [HTTP Request Splitting issue in HTTP message processing] RESERVED - - squid + - squid 4.9-1 - squid3 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_10.txt CVE-2019-18677 [Cross-Site Request Forgery issue in HTTP Request processing] RESERVED - - squid + - squid 4.9-1 - squid3 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt CVE-2019-18676 [Multiple issues in URI processing] RESERVED - - squid + - squid 4.9-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch @@ -21740,7 +21740,7 @@ CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checki NOTE: without regard for the size of the target buffer. CVE-2019-12526 [Heap Overflow issue in URN processing] RESERVED - - squid + - squid 4.9-1 - squid3 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_7.txt @@ -21755,7 +21755,7 @@ CVE-2019-12524 RESERVED CVE-2019-12523 [Multiple issues in URI processing] RESERVED - - squid + - squid 4.9-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c161a8de1303a3dbdf606dfc90beda60d51c6cac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c161a8de1303a3dbdf606dfc90beda60d51c6cac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7f5c226 by security tracker role at 2019-11-10T20:10:28Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10665,7 +10665,7 @@ CVE-2019-15905 CVE-2019-15904 RESERVED CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...) - {DSA-4549-1 DSA-4530-1 DLA-1912-1} + {DSA-4549-1 DSA-4530-1 DLA-1987-1 DLA-1912-1} - expat 2.2.7-2 (bug #939394) - firefox 70.0-1 - firefox-esr 68.2.0esr-1 @@ -23736,7 +23736,7 @@ CVE-2019-11765 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765 CVE-2019-11764 RESERVED - {DSA-4549-1} + {DSA-4549-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 @@ -23745,7 +23745,7 @@ CVE-2019-11764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764 CVE-2019-11763 RESERVED - {DSA-4549-1} + {DSA-4549-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 @@ -23754,7 +23754,7 @@ CVE-2019-11763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763 CVE-2019-11762 RESERVED - {DSA-4549-1} + {DSA-4549-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 @@ -23763,7 +23763,7 @@ CVE-2019-11762 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762 CVE-2019-11761 RESERVED - {DSA-4549-1} + {DSA-4549-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 @@ -23772,7 +23772,7 @@ CVE-2019-11761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761 CVE-2019-11760 RESERVED - {DSA-4549-1} + {DSA-4549-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 @@ -23781,7 +23781,7 @@ CVE-2019-11760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760 CVE-2019-11759 RESERVED - {DSA-4549-1} + {DSA-4549-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 @@ -23796,7 +23796,7 @@ CVE-2019-11758 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758 CVE-2019-11757 RESERVED - {DSA-4549-1} + {DSA-4549-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7f5c226c1bc7b482ca9e56e99284dd23ad88a7d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7f5c226c1bc7b482ca9e56e99284dd23ad88a7d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2019-12922/phpmyadmin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54ace7d6 by Salvatore Bonaccorso at 2019-11-10T19:48:52Z Track fixed version for CVE-2019-12922/phpmyadmin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20765,7 +20765,7 @@ CVE-2019-12924 (MailEnable Enterprise Premium 10.23 was vulnerable to XML Extern CVE-2019-12923 (In MailEnable Enterprise Premium 10.23, the potential cross-site reque ...) NOT-FOR-US: MailEnable Enterprise Premium CVE-2019-12922 (A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in th ...) - - phpmyadmin + - phpmyadmin 4:4.9.1+dfsg1-2 [jessie] - phpmyadmin (Minor issue, target only accessible is setup is enabled and htpasswd.setup populated) NOTE: https://seclists.org/fulldisclosure/2019/Sep/23 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161 (4.9.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/54ace7d65dfdab9158b86cc557576aad0861bc7f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/54ace7d65dfdab9158b86cc557576aad0861bc7f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-18840/wolfssl fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d7910e2f by Salvatore Bonaccorso at 2019-11-10T19:43:31Z CVE-2019-18840/wolfssl fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2019-18842 CVE-2019-18841 RESERVED CVE-2019-18840 (In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of me ...) - - wolfssl + - wolfssl 4.2.0+dfsg-3 NOTE: https://github.com/wolfSSL/wolfssl/issues/2555 NOTE: https://github.com/wolfSSL/wolfssl/commit/52f28bd5149360f8e3bf8ca13d3fb9a77283df7c CVE-2019-18839 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7910e2f798a2a4dd54c700e619276d1d054df46 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7910e2f798a2a4dd54c700e619276d1d054df46 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed versions for phpmyadmin via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 853565d1 by Salvatore Bonaccorso at 2019-11-10T19:36:01Z Track fixed versions for phpmyadmin via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21536,7 +21536,7 @@ CVE-2019-12617 (In SilverStripe through 4.3.3, there is access escalation for CM NOT-FOR-US: SilverStripe CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...) {DLA-1821-1} - - phpmyadmin (bug #930017) + - phpmyadmin 4:4.9.1+dfsg1-2 (bug #930017) [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec @@ -23714,7 +23714,7 @@ CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files in CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the product ...) NOT-FOR-US: TeamViewer CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability ...) - - phpmyadmin (bug #930048) + - phpmyadmin 4:4.9.1+dfsg1-2 (bug #930048) [stretch] - phpmyadmin (Minor issue; can be fixed via point release) [jessie] - phpmyadmin (vulnerable code is not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-3/ @@ -38181,13 +38181,13 @@ CVE-2019-6800 (In TitanHQ SpamTitan through 7.03, a vulnerability exists in the NOT-FOR-US: TitanHQ SpamTitan CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...) {DLA-1692-1} - - phpmyadmin (bug #920823) + - phpmyadmin 4:4.9.1+dfsg1-2 (bug #920823) [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-1/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900 CVE-2019-6798 (An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability wa ...) - - phpmyadmin (bug #920822) + - phpmyadmin 4:4.9.1+dfsg1-2 (bug #920822) [stretch] - phpmyadmin (Minor issue; can be fixed via point release) [jessie] - phpmyadmin (Vulnerable code introduced later >= 4.5.0) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/ @@ -51745,19 +51745,19 @@ CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. ...) NOT-FOR-US: JFrog Artifactory Pro CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ...) {DLA-1658-1} - - phpmyadmin + - phpmyadmin 4:4.9.1+dfsg1-2 [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...) - - phpmyadmin + - phpmyadmin 4:4.9.1+dfsg1-2 [jessie] - phpmyadmin (invasive with 49 patches to backport, only mitigate with _REQUEST->_POST instead of adding CSRF tokens) NOTE: https://www.phpmyadmin.net/security/PMASA-2018-7/ NOTE: Upstream explicitly fixed only the 4.7/4.8 branch but the problem exists in NOTE: earlier versions as well. At least parts of the listed commits are needed. CVE-2018-19968 (An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents o ...) {DLA-1658-1} - - phpmyadmin + - phpmyadmin 4:4.9.1+dfsg1-2 [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://www.phpmyadmin.net/security/PMASA-2018-6/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732 @@ -75044,7 +75044,7 @@ CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article CVE-2018-12582 (An issue was discovered in AKCMS 6.1. CSRF can add an admin account vi ...) NOT-FOR-US: AKCMS CVE-2018-12581 (An issue was discovered in js/designer/move.js in phpMyAdmin before 4. ...) - - phpmyadmin (low) + - phpmyadmin 4:4.9.1+dfsg1-2 (low) [stretch] - phpmyadmin (Vulnerable code not present) [jessie] - phpmyadmin (vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2018-3/ @@ -81934,7 +81934,7 @@ CVE-2018-10190 (A vulnerability in London Trust Media Private Internet Access (P CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is pos ...) NOT-FOR-US: Mautic CVE-20
[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE for libgig. Mark as no-dsa for Jessie.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b8a54735 by Markus Koschany at 2019-11-10T17:32:17Z Triage CVE for libgig. Mark as no-dsa for Jessie. Minor security risk. See #931309 for more information. - - - - - 8589d5e5 by Markus Koschany at 2019-11-10T17:33:40Z Remove libgig from dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -60594,21 +60594,27 @@ CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index NOT-FOR-US: REDAXO CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] fa ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] failu ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member ...) NOT-FOR-US: FineCms @@ -70348,36 +70354,47 @@ CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14458 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14457 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14456 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14455 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14454 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14453 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14452 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14451 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14450 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...) - libgig (bug #931309) + [jessie] - libgig (Minor issue) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md CVE-2018-14449 (An issue was discovered in libgig 4.1.0.
[Git][security-tracker-team/security-tracker][master] add note for libssh2-1
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: e472d269 by Abhijith PA at 2019-11-10T16:05:40Z add note for libssh2-1 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -76,6 +76,7 @@ libqb (Roberto C. Sánchez) NOTE: 20190619: See https://lists.debian.org/debian-lts/2019/06/msg00015.html -- libssh2 (Abhijith PA) + NOTE: Prepared update. Test in progress (abhijith) -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e472d2696baf190f244b6beb6d90236668581ba7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e472d2696baf190f244b6beb6d90236668581ba7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-17666/linux fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 504c464f by Salvatore Bonaccorso at 2019-11-10T11:43:21Z CVE-2019-17666/linux fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5892,7 +5892,7 @@ CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices allow unlock operations vi CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML inj ...) NOT-FOR-US: Comtech H8 Heights Remote Gateway devices CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Lin ...) - - linux + - linux 5.3.9-1 NOTE: https://lkml.org/lkml/2019/10/16/1226 CVE-2019-17665 (NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it load ...) - ghidra (bug #923851) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/504c464f2c496292844fb4db1bcac1e7ad689c9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/504c464f2c496292844fb4db1bcac1e7ad689c9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-18397/fribidi via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2cb18882 by Salvatore Bonaccorso at 2019-11-10T10:02:57Z Add fixed version for CVE-2019-18397/fribidi via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3402,7 +3402,7 @@ CVE-2019-18398 CVE-2019-18397 RESERVED {DSA-4561-1} - - fribidi (bug #944327) + - fribidi 1.0.7-1.1 (bug #944327) [stretch] - fribidi (Vulnerable code not present) [jessie] - fribidi (Vulnerable code not present) NOTE: Fixed by: https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2cb18882cbd136d427bc1ce89ff3e8e455e9ee42 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2cb18882cbd136d427bc1ce89ff3e8e455e9ee42 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1987-1 for firefox-esr
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b2ee5e9 by Emilio Pozuelo Monfort at 2019-11-10T09:47:35Z Reserve DLA-1987-1 for firefox-esr - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[10 Nov 2019] DLA-1987-1 firefox-esr - security update + {CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903} + [jessie] - firefox-esr 68.2.0esr-1~deb8u1 [09 Nov 2019] DLA-1986-1 ruby-haml - security update {CVE-2017-1002201} [jessie] - ruby-haml 4.0.5-2+deb8u1 = data/dla-needed.txt = @@ -25,9 +25,6 @@ ansible (Brian May) NOTE: CVE-2019-14846 should be an easy fix. NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102) -- -firefox-esr (Emilio) - NOTE: 20191105: toolchain almost ready (waiting for NEW) --- freeimage (Hugo Lefeuvre) NOTE: Maintainer will take care of the update. NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b2ee5e9f8d0d492678ebd043bbe35e590340d5c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b2ee5e9f8d0d492678ebd043bbe35e590340d5c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-15903 as unimportant for chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2876c2c0 by Salvatore Bonaccorso at 2019-11-10T08:15:50Z Mark CVE-2019-15903 as unimportant for chromium - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10669,7 +10669,7 @@ CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parse - expat 2.2.7-2 (bug #939394) - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - - chromium (uses system expat library) + - chromium (unimportant) - thunderbird 1:68.2.1-1 NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 NOTE: https://github.com/libexpat/libexpat/issues/317 @@ -10677,6 +10677,7 @@ CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parse NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-15903 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-15903 + NOTE: src:hromium uses the system expat library. CVE-2019-15902 (A backporting error was discovered in the Linux stable/longterm kernel ...) {DSA-4531-1 DLA-1940-1} - linux View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2876c2c0db1bb513fa59e1d5914bd020f086728e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2876c2c0db1bb513fa59e1d5914bd020f086728e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4011de0 by security tracker role at 2019-11-10T08:10:34Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17460,94 +17460,123 @@ CVE-2019-13722 RESERVED CVE-2019-13721 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13720 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13719 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13718 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13717 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13716 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13715 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13714 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13713 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13712 RESERVED CVE-2019-13711 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13710 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13709 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13708 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13707 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13706 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13705 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13704 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13703 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13702 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13701 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13700 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13699 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13698 RESERVED CVE-2019-13697 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13696 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13695 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13694 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13693 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13692 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13691 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13690 RESERVED @@ -17555,91 +17584,119 @@ CVE-2019-13689 RESERVED CVE-2019-13688 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13687 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13686 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13685 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13684 RESERVED CVE-2019-13683 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13682 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13681 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13680 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13679 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13678 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13677 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13676 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13675 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13674 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13673 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13672 RESERVED CVE-2019-13671 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13670 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13669 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13668 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13667 RESERVED + {DSA-4562-1} - chromium 78.0.3904.87-1 CVE-2019-13666 RESERVED + {DSA-4562-1} - chromium 78.
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker / security-tracker Commits: e9a0a53e by Michael Gilbert at 2019-11-10T08:14:31Z chromium dsa - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -10669,7 +10669,7 @@ CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parse - expat 2.2.7-2 (bug #939394) - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - - chromium + - chromium (uses system expat library) - thunderbird 1:68.2.1-1 NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 NOTE: https://github.com/libexpat/libexpat/issues/317 = data/DSA/list = @@ -1,3 +1,6 @@ +[10 Nov 2019] DSA-4562-1 chromium - security update + {CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721} + [buster] - chromium 78.0.3904.97-1~deb10u1 [08 Nov 2019] DSA-4561-1 fribidi - security update {CVE-2019-18397} [buster] - fribidi 1.0.5-3.1+deb10u1 = data/dsa-needed.txt = @@ -17,8 +17,6 @@ If needed, specify the release by adding a slash after the name of the source pa -- cacti (hle) -- -chromium --- curl (ghedo) -- evince/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9a0a53e86880149c35576e38fb1be24ce3cb6fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9a0a53e86880149c35576e38fb1be24ce3cb6fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits