date:20200920

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2377-1 for qt4-x11

2020-09-20 Thread Adrian Bunk



Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a474ed1b by Adrian Bunk at 2020-09-21T07:37:53+03:00
Reserve DLA-2377-1 for qt4-x11

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[21 Sep 2020] DLA-2377-1 qt4-x11 - security update
+   {CVE-2018-15518 CVE-2018-19869 CVE-2018-19870 CVE-2018-19871 
CVE-2018-19872 CVE-2018-19873 CVE-2020-17507}
+   [stretch] - qt4-x11 4:4.8.7+dfsg-11+deb9u1
 [21 Sep 2020] DLA-2376-1 qtbase-opensource-src - security update
{CVE-2018-19872 CVE-2020-17507}
[stretch] - qtbase-opensource-src 5.7.1+dfsg-3+deb9u3


=
data/dla-needed.txt
=
@@ -133,11 +133,6 @@ php-horde-trean (Mike Gabriel)
 puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --
-qt4-x11 (Adrian Bunk)
-  NOTE: 20200815: Minor issue, but easy to fix (CVE-2020-17507). Low prio.
-  NOTE: 20200815: One could possibly look at the other  issues and 
decide whether they are worth fixing along. (sunweaver)
-  NOTE: 20200906: packages are being tested (bunk)
---
 rails
 --
 reel



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a474ed1bd9545b64b076d899453eb40349468322

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a474ed1bd9545b64b076d899453eb40349468322
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2376-1 for qtbase-opensource-src

2020-09-20 Thread Adrian Bunk



Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3435200d by Adrian Bunk at 2020-09-21T07:35:35+03:00
Reserve DLA-2376-1 for qtbase-opensource-src

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[21 Sep 2020] DLA-2376-1 qtbase-opensource-src - security update
+   {CVE-2018-19872 CVE-2020-17507}
+   [stretch] - qtbase-opensource-src 5.7.1+dfsg-3+deb9u3
 [19 Sep 2020] DLA-2375-1 inspircd - security update
{CVE-2019-20917 CVE-2020-25269}
[stretch] - inspircd 2.0.23-2+deb9u1


=
data/dla-needed.txt
=
@@ -138,11 +138,6 @@ qt4-x11 (Adrian Bunk)
   NOTE: 20200815: One could possibly look at the other  issues and 
decide whether they are worth fixing along. (sunweaver)
   NOTE: 20200906: packages are being tested (bunk)
 --
-qtbase-opensource-src (Adrian Bunk)
-  NOTE: 20200815: Minor issue, but easy to fix (CVE-2020-17507). Low prio.
-  NOTE: 20200815: One could possibly look at the other  issues and 
decide whether they are worth fixing along. (sunweaver)
-  NOTE: 20200906: packages are being tested (bunk)
---
 rails
 --
 reel



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3435200dbc4ce17d0523d1a81dfd2cc456932333

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3435200dbc4ce17d0523d1a81dfd2cc456932333
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] sleuthkit spu, record upload to unstable

2020-09-20 Thread Moritz Muehlenhoff



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
385eb65f by Moritz Muehlenhoff at 2020-09-20T22:40:01+02:00
sleuthkit spu, record upload to unstable

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=
data/CVE/list
=
@@ -36518,8 +36518,7 @@ CVE-2020-10233 (In version 4.8.0 and earlier of The 
Sleuth Kit (TSK), there is a
NOTE: Crash in CLI tool, no security impact
 CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is 
a stack ...)
{DLA-2137-1}
-   [experimental] - sleuthkit 4.9.0+dfsg-1
-   - sleuthkit  (low; bug #953976)
+   - sleuthkit 4.9.0+dfsg-2 (low; bug #953976)
[buster] - sleuthkit  (Minor issue)
[stretch] - sleuthkit  (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836


=
data/next-point-update.txt
=
@@ -147,3 +147,5 @@ CVE-2020-14983
[buster] - chocolate-doom 3.0.0-4+deb10u1
 CVE-2020-10188
[buster] - inetutils 2:1.9.4-7+deb10u1
+CVE-2020-10232
+   [buster] - sleuthkit 4.6.5-1+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/385eb65ff2d7804b296cf482e06b84ce1b083555

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/385eb65ff2d7804b296cf482e06b84ce1b083555
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: update notes (gnutls28, shiro)

2020-09-20 Thread Roberto C . Sánchez



Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9967aac8 by Roberto C. Sánchez at 2020-09-20T16:37:50-04:00
LTS: update notes (gnutls28, shiro)

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -74,6 +74,7 @@ fossil
 freerdp
 --
 gnutls28 (Roberto C. Sánchez)
+  NOTE: 20200920: WIP
 --
 golang-1.7
 --
@@ -184,6 +185,7 @@ samba (Mike Gabriel)
   NOTE: 20200903: As discussed internally, I will look into Samba AD CVEs and 
revisit the risk assessment, plus fix the more severe issues (sunweaver)
 --
 shiro (Roberto C. Sánchez)
+  NOTE: 20200920: WIP
 --
 slirp
   NOTE: Upstream patch for CVE-2020-8608 requires patches for



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9967aac85ba054b406820657e1d6a60f2af4e085

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9967aac85ba054b406820657e1d6a60f2af4e085
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] update note

2020-09-20 Thread Thorsten Alteholz



Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
41d53197 by Thorsten Alteholz at 2020-09-20T19:03:11+02:00
update note

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -54,7 +54,7 @@ condor
   NOTE: 20200727: Waiting on maintainer feedback: 
https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
 --
 curl (Thorsten Alteholz)
-  NOTE: 20200907: testing package (thorsten)
+  NOTE: 20202007: testing package, not yet satisfied with the results  
(thorsten)
 --
 eclipse-wtp
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41d53197675842ed2afe175b1b3880cc7dd76dcc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41d53197675842ed2afe175b1b3880cc7dd76dcc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for tt-rss issues

2020-09-20 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
869130f3 by Salvatore Bonaccorso at 2020-09-20T16:04:45+02:00
Add Debian bug reference for tt-rss issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,15 +1,15 @@
 CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to 
upload  ...)
NOT-FOR-US: Typesetter CMS
 CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
-   - tt-rss 
+   - tt-rss  (bug #970633)
NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60
 CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
-   - tt-rss 
+   - tt-rss  (bug #970633)
NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
-   - tt-rss 
+   - tt-rss  (bug #970633)
NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link 
DIR-816L  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/869130f357c6c6b4b64aa3f30c78ee6df9cb323b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/869130f357c6c6b4b64aa3f30c78ee6df9cb323b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFU

2020-09-20 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
06242b04 by Salvatore Bonaccorso at 2020-09-20T10:49:33+02:00
Process NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13,7 +13,7 @@ CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka 
tt-rss) before 202
NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link 
DIR-816L  ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2020-25785
RESERVED
 CVE-2020-25784



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06242b04f07793b82c234eb53ea6c9d4b4ba9164

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06242b04f07793b82c234eb53ea6c9d4b4ba9164
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add three tt-rss issues

2020-09-20 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
545217a9 by Salvatore Bonaccorso at 2020-09-20T10:47:05+02:00
Add three tt-rss issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,11 +1,17 @@
 CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to 
upload  ...)
NOT-FOR-US: Typesetter CMS
 CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
-   TODO: check
+   - tt-rss 
+   NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
+   NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60
 CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
-   TODO: check
+   - tt-rss 
+   NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
+   NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
-   TODO: check
+   - tt-rss 
+   NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
+   NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link 
DIR-816L  ...)
TODO: check
 CVE-2020-25785



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545217a9b1ba083e0054e75b565d32bba61cd703

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545217a9b1ba083e0054e75b565d32bba61cd703
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process one NFU

2020-09-20 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
05dcb068 by Salvatore Bonaccorso at 2020-09-20T10:42:14+02:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,5 @@
 CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to 
upload  ...)
-   TODO: check
+   NOT-FOR-US: Typesetter CMS
 CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
TODO: check
 CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05dcb068f320f657351ceab060d6ec56900864b3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05dcb068f320f657351ceab060d6ec56900864b3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2020-09-20 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6b57e7b2 by security tracker role at 2020-09-20T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,13 @@
+CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to 
upload  ...)
+   TODO: check
+CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
+   TODO: check
+CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
+   TODO: check
+CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
+   TODO: check
+CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link 
DIR-816L  ...)
+   TODO: check
 CVE-2020-25785
RESERVED
 CVE-2020-25784
@@ -8,27 +18,27 @@ CVE-2020-25782
RESERVED
 CVE-2020-25781
RESERVED
-CVE-2020-25796
+CVE-2020-25796 (An issue was discovered in the sized-chunks crate through 
0.6.2 for Ru ...)
- rust-sized-chunks  (bug #970586)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
NOTE: https://github.com/bodil/sized-chunks/issues/11
-CVE-2020-25795
+CVE-2020-25795 (An issue was discovered in the sized-chunks crate through 
0.6.2 for Ru ...)
- rust-sized-chunks  (bug #970586)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
NOTE: https://github.com/bodil/sized-chunks/issues/11
-CVE-2020-25794
+CVE-2020-25794 (An issue was discovered in the sized-chunks crate through 
0.6.2 for Ru ...)
- rust-sized-chunks  (bug #970586)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
NOTE: https://github.com/bodil/sized-chunks/issues/11
-CVE-2020-25793
+CVE-2020-25793 (An issue was discovered in the sized-chunks crate through 
0.6.2 for Ru ...)
- rust-sized-chunks  (bug #970586)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
NOTE: https://github.com/bodil/sized-chunks/issues/11
-CVE-2020-25792
+CVE-2020-25792 (An issue was discovered in the sized-chunks crate through 
0.6.2 for Ru ...)
- rust-sized-chunks  (bug #970586)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
NOTE: https://github.com/bodil/sized-chunks/issues/11
-CVE-2020-25791
+CVE-2020-25791 (An issue was discovered in the sized-chunks crate through 
0.6.2 for Ru ...)
- rust-sized-chunks  (bug #970586)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
NOTE: https://github.com/bodil/sized-chunks/issues/11



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b57e7b26ce5aaa3bccd5fe74de74a20c3c266d2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b57e7b26ce5aaa3bccd5fe74de74a20c3c266d2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for libjackson-json-java issues

2020-09-20 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd48819f by Salvatore Bonaccorso at 2020-09-20T10:07:20+02:00
Track fixed version for libjackson-json-java issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -90264,7 +90264,7 @@ CVE-2019-10173 (It was found that xstream API version 
1.4.10 before 1.4.11 intro
NOTE: Regression introduced and present only in 1.4.10.
 CVE-2019-10172 (A flaw was found in 
org.codehaus.jackson:jackson-mapper-asl:1.9.x libr ...)
{DLA-2342-1 DLA-2091-1}
-   - libjackson-json-java 
+   - libjackson-json-java 1.9.13-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1715075
NOTE: 
https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721
NOTE: https://github.com/FasterXML/jackson-1/pull/1
@@ -180109,7 +180109,7 @@ CVE-2017-15096 (A flaw was found in GlusterFS in 
versions prior to 3.10. A null
 CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind 
in versi ...)
{DSA-4037-1 DLA-2342-1 DLA-2091-1}
- jackson-databind 2.9.1-1
-   - libjackson-json-java 
+   - libjackson-json-java 1.9.13-2
NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie 
(2.4.2-2+deb8u1)
NOTE: misses the further sets of blacklists, in particular as well
NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835
@@ -203312,7 +203312,7 @@ CVE-2017-7526 (libgcrypt before version 1.7.8 is 
vulnerable to a cache side-chan
 CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, 
version ...)
{DSA-4004-1 DLA-2342-1 DLA-2091-1}
- jackson-databind 2.9.1-1 (bug #870848)
-   - libjackson-json-java 
+   - libjackson-json-java 1.9.13-2
NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
NOTE: For libjackson-json-java:
NOTE: 
https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd48819fa85856b7814f4c4658052946f5eaea49

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd48819fa85856b7814f4c4658052946f5eaea49
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add tracking for RUSTSEC-2020-0041, CVE-2020-2579{1,2,3,4,5,6}

2020-09-20 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c1f71ace by Salvatore Bonaccorso at 2020-09-20T09:14:57+02:00
Add tracking for RUSTSEC-2020-0041, CVE-2020-2579{1,2,3,4,5,6}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -8,7 +8,27 @@ CVE-2020-25782
RESERVED
 CVE-2020-25781
RESERVED
-CVE-2020- [RUSTSEC-2020-0041: sized-chunks: Multiple soundness issues in 
Chunk and InlineArray]
+CVE-2020-25796
+   - rust-sized-chunks  (bug #970586)
+   NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+   NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25795
+   - rust-sized-chunks  (bug #970586)
+   NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+   NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25794
+   - rust-sized-chunks  (bug #970586)
+   NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+   NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25793
+   - rust-sized-chunks  (bug #970586)
+   NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+   NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25792
+   - rust-sized-chunks  (bug #970586)
+   NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+   NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25791
- rust-sized-chunks  (bug #970586)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
NOTE: https://github.com/bodil/sized-chunks/issues/11



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1f71aceed7257afe9e3f85efd4f4eaa750c1960

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1f71aceed7257afe9e3f85efd4f4eaa750c1960
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2377-1 for qt4-x11

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2376-1 for qtbase-opensource-src

[Git][security-tracker-team/security-tracker][master] sleuthkit spu, record upload to unstable

[Git][security-tracker-team/security-tracker][master] LTS: update notes (gnutls28, shiro)

[Git][security-tracker-team/security-tracker][master] update note

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for tt-rss issues

[Git][security-tracker-team/security-tracker][master] Process NFU

[Git][security-tracker-team/security-tracker][master] Add three tt-rss issues

[Git][security-tracker-team/security-tracker][master] Process one NFU

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Track fixed version for libjackson-json-java issues

[Git][security-tracker-team/security-tracker][master] Add tracking for RUSTSEC-2020-0041, CVE-2020-2579{1,2,3,4,5,6}

12 matches

Site Navigation

Mail list logo

Footer information