[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: a73970c8 by Abhijith PA at 2020-04-20T10:19:32+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,6 +46,7 @@ linux-4.9 (Ben Hutchings) mumble (Abhijith PA) NOTE: 20200325: Regression in last upload, forgot to follow up. NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith) + NOTE: 20200420: Upstream patch is incomplete. Version in stretch is also vulnerable (abhijith) -- nginx (Mike Gabriel) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73970c8c4782a24e69f345838ac78d5eca4c8fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73970c8c4782a24e69f345838ac78d5eca4c8fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: cb768cff by Adrian Bunk at 2020-04-20T07:33:38+03:00 dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,7 +32,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20200406: work is ongoing + NOTE: 20200420: work is ongoing -- libntlm (Anton Gladky) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb768cff2c7a0f91ed83c918be7bc9f68fb3c4ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb768cff2c7a0f91ed83c918be7bc9f68fb3c4ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add awl to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6598864a by Salvatore Bonaccorso at 2020-04-20T05:40:39+02:00 Add awl to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,9 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +awl + Maintainer proposed update -- chromium -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6598864a07b35e4414db18ab0f812faa6923757e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6598864a07b35e4414db18ab0f812faa6923757e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-11647/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad5a9cd5 by Salvatore Bonaccorso at 2020-04-20T05:37:22+02:00 Add fixed version for CVE-2020-11647/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -907,7 +907,7 @@ CVE-2020-11649 CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) - - wireshark (low; bug #958213) + - wireshark 3.2.3-1 (low; bug #958213) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5a9cd50f70721a9f7e794b9ff65a39ae2b5bde -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5a9cd50f70721a9f7e794b9ff65a39ae2b5bde You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] crawl bug filed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bdbd830b by Moritz Muehlenhoff at 2020-04-19T23:21:00+02:00 crawl bug filed various no-dsa/postponed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -68,10 +68,14 @@ CVE-2020-11881 RESERVED CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...) - kmail (bug #958054) + [buster] - kmail (Minor issue) - kdepim + [stretch] - kdepim (Minor issue) NOTE: https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1 CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...) - evolution 3.36.0-1 + [buster] - evolution (Minor issue) + [stretch] - evolution (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/784 NOTE: https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7 CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...) @@ -720,7 +724,9 @@ CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the L CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...) NOT-FOR-US: Cellebrite UFED CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) - - crawl + - crawl (bug #958232) + [buster] - crawl (Minor issue) + [stretch] - crawl (Minor issue) NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 @@ -901,7 +907,9 @@ CVE-2020-11649 CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) - - wireshark (bug #958213) + - wireshark (low; bug #958213) + [buster] - wireshark (Can be fixed along in next 3.0.x DSA) + [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdbd830bd74a3fc1f573e0c5bc7bf165b7b31925 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdbd830bd74a3fc1f573e0c5bc7bf165b7b31925 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e79ce484 by security tracker role at 2020-04-19T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2020-11914 + RESERVED +CVE-2020-11913 + RESERVED +CVE-2020-11912 + RESERVED +CVE-2020-11911 + RESERVED +CVE-2020-11910 + RESERVED +CVE-2020-11909 + RESERVED +CVE-2020-11908 + RESERVED +CVE-2020-11907 + RESERVED +CVE-2020-11906 + RESERVED +CVE-2020-11905 + RESERVED +CVE-2020-11904 + RESERVED +CVE-2020-11903 + RESERVED +CVE-2020-11902 + RESERVED +CVE-2020-11901 + RESERVED +CVE-2020-11900 + RESERVED +CVE-2020-11899 + RESERVED +CVE-2020-11898 + RESERVED +CVE-2020-11897 + RESERVED +CVE-2020-11896 + RESERVED +CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...) + TODO: check +CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) i ...) + TODO: check +CVE-2020-11893 + RESERVED +CVE-2020-11892 + RESERVED +CVE-2020-11891 + RESERVED +CVE-2020-11890 + RESERVED +CVE-2020-11889 + RESERVED CVE-2020-11888 RESERVED CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...) @@ -25181,6 +25233,7 @@ CVE-2020-1959 CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0, callers of ...) - druid (bug #825797) CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...) + {DLA-2181-1} - shiro (bug #955018) NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79ce484f73502ebe528f92f64fe678d7dcb3ab8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79ce484f73502ebe528f92f64fe678d7dcb3ab8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-11647/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7ab47e1 by Salvatore Bonaccorso at 2020-04-19T21:14:45+02:00 Add Debian bug reference for CVE-2020-11647/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -849,7 +849,7 @@ CVE-2020-11649 CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) - - wireshark + - wireshark (bug #958213) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ab47e1b78e45c2cbb36e86fab52f58049b59c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ab47e1b78e45c2cbb36e86fab52f58049b59c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] node-mqtt n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d1c3220 by Moritz Muehlenhoff at 2020-04-19T19:34:11+02:00 node-mqtt n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -159661,7 +159661,7 @@ CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attacker CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execut ...) NOT-FOR-US: IrfanView CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may le ...) - - node-mqtt + - node-mqtt (Fixed before initial upload) CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...) NOT-FOR-US: Music Center for PC CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d1c322023c8baabe5fc07ac39806439a55b943c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d1c322023c8baabe5fc07ac39806439a55b943c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] node-mqtt entered the archive, move from itp status to unfixed for further checks
László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker Commits: b4d54a85 by Laszlo Boszormenyi (GCS) at 2020-04-19T16:04:02+00:00 node-mqtt entered the archive, move from itp status to unfixed for further checks - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -159661,7 +159661,7 @@ CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attacker CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execut ...) NOT-FOR-US: IrfanView CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may le ...) - - node-mqtt (bug #816028) + - node-mqtt CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...) NOT-FOR-US: Music Center for PC CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d54a851ff50c2c8c35a392542bc2432fb2fb96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d54a851ff50c2c8c35a392542bc2432fb2fb96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 40c161df3c3745c138fbdb0b698549b61b1947bc failed
The error message was: data/CVE/list:159663: ITPed package node-mqtt is in the archive make: *** [Makefile:34: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add and claim libntlm
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 40c161df by Anton Gladky at 2020-04-19T14:23:17+02:00 Add and claim libntlm - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -34,6 +34,8 @@ libmatio (Adrian Bunk) NOTE: 20190428: older changes seem to also be required for them NOTE: 20200406: work is ongoing -- +libntlm (Anton Gladky) +-- libsixel (Dylan Aïssi) NOTE: 20200416 minor issue(s), not patch(es), yet. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40c161df3c3745c138fbdb0b698549b61b1947bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40c161df3c3745c138fbdb0b698549b61b1947bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-7067/PHP
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b5025eb5 by Salvatore Bonaccorso at 2020-04-19T13:05:32+02:00 Add CVE-2020-7067/PHP - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11785,8 +11785,14 @@ CVE-2020-7069 RESERVED CVE-2020-7068 RESERVED -CVE-2020-7067 +CVE-2020-7067 [OOB Read in urldecode()] RESERVED + - php7.4 7.4.5-1 + - php7.3 + - php7.0 + - php5 + NOTE: Fixed in PHP 7.4.5, 7.3.17 + NOTE: PHP Bug: https://bugs.php.net/79465 CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) - php7.4 7.4.5-1 - php7.3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5025eb50729b57356e56ed8df2223c92d3b6ca1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5025eb50729b57356e56ed8df2223c92d3b6ca1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-706{4,5,6}/php7.4 fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4aa4a0be by Salvatore Bonaccorso at 2020-04-19T13:02:46+02:00 CVE-2020-706{4,5,6}/php7.4 fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11788,21 +11788,21 @@ CVE-2020-7068 CVE-2020-7067 RESERVED CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) - - php7.4 + - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79329 CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using ...) - - php7.4 + - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16 NOTE: PHP Bug: https://bugs.php.net/79371 CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) - - php7.4 + - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa4a0be1d3983199c3c6997634769630eacfd9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa4a0be1d3983199c3c6997634769630eacfd9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream commit reference for CVE-2019-17455/libntlm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e9af9106 by Salvatore Bonaccorso at 2020-04-19T12:58:21+02:00 Add upstream commit reference for CVE-2019-17455/libntlm - - - - - 272ef87f by Salvatore Bonaccorso at 2020-04-19T13:00:02+02:00 Track fixed version for CVE-2019-17455/libntlm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34596,11 +34596,12 @@ CVE-2019-17457 CVE-2019-17456 RESERVED CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequ ...) - - libntlm (bug #942145) + - libntlm 1.6-1 (bug #942145) [buster] - libntlm (Minor issue) [stretch] - libntlm (Minor issue) [jessie] - libntlm (Minor issue) NOTE: https://gitlab.com/jas/libntlm/issues/2 + NOTE: https://gitlab.com/jas/libntlm/-/commit/b967886873fcf19f816b9c0868465f2d9e5df85e CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTa ...) NOT-FOR-US: Bento4 CVE-2019-17453 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWri ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb1041b0133242cfc3660efb016a2ff6d7e5b721...272ef87fc74d209c9f289577a0a6f9e1e3caaf43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bb1041b0133242cfc3660efb016a2ff6d7e5b721...272ef87fc74d209c9f289577a0a6f9e1e3caaf43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2181-1 for shiro
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: bb1041b0 by Chris Lamb at 2020-04-19T10:29:36+01:00 Reserve DLA-2181-1 for shiro - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[19 Apr 2020] DLA-2181-1 shiro - security update + {CVE-2020-1957} + [jessie] - shiro 1.2.3-1+deb8u1 [18 Apr 2020] DLA-2180-1 file-roller - security update {CVE-2020-11736} [jessie] - file-roller 3.14.1-1+deb8u2 = data/dla-needed.txt = @@ -63,14 +63,6 @@ ruby-rack NOTE: slight possibility of this patch inducing a backdoor on its own. (utkarsh2102) NOTE: 20200216: Discussion ongoing on -lts list. (lamby) -- -shiro (Chris Lamb) - NOTE: 20200329: https://github.com/apache/shiro/pull/203 (lamby) - NOTE: 20200329: See 53dc30bf6823c98 in this repo. (lamby) - NOTE: 20200402: Prepared a package but difficult running tests. Have asked - NOTE: 20200402: the Debian maintainer at https://bugs.debian.org/955018#12 - NOTE: 20200411: Pinged maintainer and LTS list. (lamby) - NOTE: 20200415: Further work with another ping to bug. (lamby) --- sqlite3 (Mike Gabriel) -- squid3 (Markus Koschany) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb1041b0133242cfc3660efb016a2ff6d7e5b721 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb1041b0133242cfc3660efb016a2ff6d7e5b721 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits