date:20201018

[Git][security-tracker-team/security-tracker][master] Update status for CVE-2017-16837/tboot

2020-10-18 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
01beda9d by Salvatore Bonaccorso at 2020-10-19T06:52:56+02:00
Update status for CVE-2017-16837/tboot

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -178356,7 +178356,7 @@ CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 
allows local users to stea
 CVE-2017-16838
RESERVED
 CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 
1.9.6 are no ...)
-   - tboot 
+   - tboot  (Fixed with first upload to Debian)
NOTE: 
https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/
 CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 
10.0.59.SIP.PC2 ...)
NOT-FOR-US: Arris TG1682G devices



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01beda9d775d906a4ad84960ffc56f8eaed041ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01beda9d775d906a4ad84960ffc56f8eaed041ad
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2017-16837/tboot

2020-10-18 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
47e52ce1 by Salvatore Bonaccorso at 2020-10-19T06:50:33+02:00
Add reference for CVE-2017-16837/tboot

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -178357,6 +178357,7 @@ CVE-2017-16838
RESERVED
 CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 
1.9.6 are no ...)
- tboot 
+   NOTE: 
https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/
 CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 
10.0.59.SIP.PC2 ...)
NOT-FOR-US: Arris TG1682G devices
 CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for 
Android has a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e52ce18a5e667da6f78f69d5c3be70d50ec70d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e52ce18a5e667da6f78f69d5c3be70d50ec70d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] src:rubygems has been re-introduced into the archive

2020-10-18 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
252f0e58 by Salvatore Bonaccorso at 2020-10-19T06:47:18+02:00
src:rubygems has been re-introduced into the archive

The initial upload states:

 - Upstream bundler source code is now hosted in the same git repository as
   rubygems, due to that this new source package is introduced and it will
   provide the binaries previously provided by src:bundler (ruby-bundler
   and bundler). src:bundler will be removed after src:rubygems is accepted.

We need to recheck if any of this previously unfixed issues are still
unfixed or now adressed with this initial first re-upload.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -100054,7 +100054,7 @@ CVE-2019-8325 (An issue was discovered in RubyGems 
2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 
- ruby2.1 
-   - rubygems 
+   - rubygems 
- jruby 9.1.17.0-3 (bug #925987)
NOTE: 
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: 
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -100064,7 +100064,7 @@ CVE-2019-8324 (An issue was discovered in RubyGems 
2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 
- ruby2.1 
-   - rubygems 
+   - rubygems 
- jruby 9.1.17.0-3 (bug #925987)
NOTE: 
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: 
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -100074,7 +100074,7 @@ CVE-2019-8323 (An issue was discovered in RubyGems 
2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 
- ruby2.1 
-   - rubygems 
+   - rubygems 
- jruby 9.1.17.0-3 (bug #925987)
NOTE: 
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: 
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -100084,7 +100084,7 @@ CVE-2019-8322 (An issue was discovered in RubyGems 
2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 
- ruby2.1 
-   - rubygems 
+   - rubygems 
- jruby 9.1.17.0-3 (bug #925987)
NOTE: 
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: 
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -100095,7 +100095,7 @@ CVE-2019-8321 (An issue was discovered in RubyGems 
2.6 and later through 3.0.2.
- ruby2.3 
- ruby2.1 
[jessie] - ruby2.1  (Vulnerable code introduced later)
-   - rubygems 
+   - rubygems 
- jruby 9.1.17.0-3 (bug #925987)
NOTE: 
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: 
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -100105,7 +100105,7 @@ CVE-2019-8320 (A Directory Traversal issue was 
discovered in RubyGems 2.7.6 and
- ruby2.5 2.5.5-1
- ruby2.3 
- ruby2.1 
-   - rubygems 
+   - rubygems 
- jruby 9.1.17.0-3 (bug #925987)
[jessie] - jruby  (Vulnerable code introduced later)
NOTE: 
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
@@ -155706,7 +155706,7 @@ CVE-2018-179 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3
- ruby2.1 
- ruby1.9.1 
[wheezy] - ruby1.9.1  (Minor issue, too intrusive to backport)
-   - rubygems 
+   - rubygems 
[wheezy] - rubygems  (Vulnerable code not present)
- jruby 9.1.17.0-1 (bug #895778)
[jessie] - jruby  (Vulnerable code not present)
@@ -155720,7 +155720,7 @@ CVE-2018-178 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3
- ruby2.3 
- ruby2.1 
- ruby1.9.1 
-   - rubygems 
+   - rubygems 
- jruby 9.1.17.0-1 (bug #895778)
NOTE: 
https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE: 
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -155730,7 +155730,7 @@ CVE-2018-177 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3
- ruby2.3 
- ruby2.1 
- ruby1.9.1 
-   - rubygems 
+   - rubygems 
- jruby 9.1.17.0-1 (bug #895778)
NOTE: 
https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE: 
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -155740,7 +155740,7 @@ CVE-2018-176 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3
- ruby2.3 
- ruby2.1 
- ruby1.9.1 
-   - rubygems 
+   - rubygems 
- jruby

[Git][security-tracker-team/security-tracker][master] tboot entered the archive, move from itp status to unfixed for further checks

2020-10-18 Thread László Böszörményi



László Böszörményi pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e55bdc50 by Laszlo Boszormenyi (GCS) at 2020-10-19T00:04:42+02:00
tboot entered the archive, move from itp status to unfixed for further checks

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -178356,7 +178356,7 @@ CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 
allows local users to stea
 CVE-2017-16838
RESERVED
 CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 
1.9.6 are no ...)
-   - tboot  (bug #803180)
+   - tboot 
 CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 
10.0.59.SIP.PC2 ...)
NOT-FOR-US: Arris TG1682G devices
 CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for 
Android has a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e55bdc508e2e9f3eb67367a8d3d4dd1c8abde094

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e55bdc508e2e9f3eb67367a8d3d4dd1c8abde094
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Processing 1f2324ff6a8338a914e3e3c79e5621de2aa3d44b failed

2020-10-18 Thread security tracker role

The error message was:

data/CVE/list:178358: ITPed package tboot is in the archive
make: *** [Makefile:19: all] Error 1

___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] update note

2020-10-18 Thread Thorsten Alteholz



Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1f2324ff by Thorsten Alteholz at 2020-10-18T22:47:01+02:00
update note

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -51,6 +51,7 @@ cimg (Thorsten Alteholz)
   NOTE: 20200709: method (vs "load_network") but is still missing the argument
   NOTE: 20200709: sanitisation. (lamby)
   NOTE: 20201005: checking whether reverse dependencies still build/work
+  NOTE: 20201018: recovering from a broken computer :-(
 --
 condor
   NOTE: 20200502: Upstream has only released workarounds; complete fix is 
still embargoed (roberto)
@@ -135,6 +136,7 @@ pluxml
 --
 python3.5 (Thorsten Alteholz)
   NOTE: 20201011: testing package
+  NOTE: 20201018: recovering from a broken computer :-(
 --
 qtsvg-opensource-src (Adrian Bunk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f2324ff6a8338a914e3e3c79e5621de2aa3d44b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f2324ff6a8338a914e3e3c79e5621de2aa3d44b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2020-10-18 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c96cf128 by security tracker role at 2020-10-18T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -28865,8 +28865,8 @@ CVE-2020-13896 (The web interface of Maipu MP1800X-50 
7.5.3.14(R) devices allows
NOT-FOR-US: Maipu devices
 CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 
allows  ...)
NOT-FOR-US: DEXT5 Editor
-CVE-2020-13893
-   RESERVED
+CVE-2020-13893 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
Sage Eas ...)
+   TODO: check
 CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. 
...)
NOT-FOR-US: SportsPress plugin for WordPress
 CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 
1.31.2 on iOS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c96cf128da11d264bcc1e09d2d2969d5f84fb0af

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c96cf128da11d264bcc1e09d2d2969d5f84fb0af
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-12761/pyxdg

2020-10-18 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7d6c6c2e by Salvatore Bonaccorso at 2020-10-18T15:03:11+02:00
Add fixed version via unstable for CVE-2019-12761/pyxdg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -86525,7 +86525,7 @@ CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow 
attackers to trigger touchscreen
NOT-FOR-US: Xiaomi Mi 5s Plus devices
 CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via 
crafted ...)
{DLA-1819-1}
-   - pyxdg  (low; bug #930099)
+   - pyxdg 0.26-1 (low; bug #930099)
[buster] - pyxdg  (Minor issue)
[stretch] - pyxdg  (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6c6c2edbb2a8ef59c033f47984b9e71222183c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6c6c2edbb2a8ef59c033f47984b9e71222183c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track upstream commit for CVE-2019-12761/pyxdg

2020-10-18 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1cdcbc5a by Salvatore Bonaccorso at 2020-10-18T15:02:10+02:00
Track upstream commit for CVE-2019-12761/pyxdg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -86529,6 +86529,7 @@ CVE-2019-12761 (A code injection issue was discovered 
in PyXDG before 0.26 via c
[buster] - pyxdg  (Minor issue)
[stretch] - pyxdg  (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
+   NOTE: 
https://gitlab.freedesktop.org/xdg/pyxdg/-/commit/aa4ce1bbc59def6975c9dd1598aafb3ef3fea681
 (rel-0.26)
NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/issues/14
 CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the 
way parso ...)
- parso 0.5.1-0.1 (unimportant; bug #930356)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cdcbc5a5a6404867f01d7e2706f9958d84c5b3b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cdcbc5a5a6404867f01d7e2706f9958d84c5b3b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage CVE-2020-26682 in libass for stretch LTS.

2020-10-18 Thread Chris Lamb



Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b6e724c1 by Chris Lamb at 2020-10-18T11:15:07+01:00
Triage CVE-2020-26682 in libass for stretch LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1051,6 +1051,7 @@ CVE-2020-26683
RESERVED
 CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to 
`outline_strok ...)
- libass 
+   [stretch] - libass  (Vulnerable code not present)
NOTE: https://github.com/libass/libass/issues/431
NOTE: https://github.com/libass/libass/pull/432
 CVE-2020-26681



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6e724c196b987023b20fc0b5374aa2ab58630e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6e724c196b987023b20fc0b5374aa2ab58630e2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2020-10-18 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
54bffe3d by security tracker role at 2020-10-18T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,9 @@
+CVE-2020-27199
+   RESERVED
+CVE-2020-27198
+   RESERVED
+CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in 
EclecticIQ O ...)
+   TODO: check
 CVE-2020-27196
RESERVED
 CVE-2020-27195



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54bffe3d2a041ab4851ce39b11ccd8a09087e8f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54bffe3d2a041ab4851ce39b11ccd8a09087e8f2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update status for CVE-2017-16837/tboot

[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2017-16837/tboot

[Git][security-tracker-team/security-tracker][master] src:rubygems has been re-introduced into the archive

[Git][security-tracker-team/security-tracker][master] tboot entered the archive, move from itp status to unfixed for further checks

Processing 1f2324ff6a8338a914e3e3c79e5621de2aa3d44b failed

[Git][security-tracker-team/security-tracker][master] update note

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-12761/pyxdg

[Git][security-tracker-team/security-tracker][master] Track upstream commit for CVE-2019-12761/pyxdg

[Git][security-tracker-team/security-tracker][master] Triage CVE-2020-26682 in libass for stretch LTS.

[Git][security-tracker-team/security-tracker][master] automatic update

11 matches

Site Navigation

Mail list logo

Footer information