[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2021-0003
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker Commits: 09170430 by Alberto Garcia at 2021-03-30T00:27:25+02:00 webkit2gtk upstream advisory WSA-2021-0003 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25309,6 +25309,10 @@ CVE-2021-1872 RESERVED CVE-2021-1871 RESERVED +- webkit2gtk + [stretch] - webkit2gtk (Not covered by security support in stretch) +- wpewebkit +NOTE: https://webkitgtk.org/security/WSA-2021-0003.html CVE-2021-1870 RESERVED {DSA-4877-1} @@ -25368,6 +25372,10 @@ CVE-2021-1845 RESERVED CVE-2021-1844 RESERVED +- webkit2gtk + [stretch] - webkit2gtk (Not covered by security support in stretch) +- wpewebkit +NOTE: https://webkitgtk.org/security/WSA-2021-0003.html CVE-2021-1843 RESERVED CVE-2021-1842 @@ -25495,6 +25503,10 @@ CVE-2021-1789 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2021-1788 RESERVED +- webkit2gtk + [stretch] - webkit2gtk (Not covered by security support in stretch) +- wpewebkit +NOTE: https://webkitgtk.org/security/WSA-2021-0003.html CVE-2021-1787 RESERVED CVE-2021-1786 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0917043011a486b5207c9ce43bd56c6471fe683c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0917043011a486b5207c9ce43bd56c6471fe683c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90f8ce4a by Salvatore Bonaccorso at 2021-03-29T22:14:56+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1064,9 +1064,9 @@ CVE-2021-28939 CVE-2021-28938 RESERVED CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...) - TODO: check + NOT-FOR-US: Acexy Wireless-N WiFi Repeater CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...) - TODO: check + NOT-FOR-US: Acexy Wireless-N WiFi Repeater CVE-2021-28935 RESERVED CVE-2021-28934 @@ -1600,13 +1600,13 @@ CVE-2021-28675 CVE-2021-28674 RESERVED CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...) - TODO: check + NOT-FOR-US: Xerox CVE-2021-28672 RESERVED CVE-2021-28671 RESERVED CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...) - TODO: check + NOT-FOR-US: Xerox CVE-2021-28669 RESERVED CVE-2021-28668 @@ -4673,7 +4673,7 @@ CVE-2021-27354 CVE-2021-27353 RESERVED CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...) - TODO: check + NOT-FOR-US: Ilch CMS CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...) - telegram-desktop 2.6.1-1 [buster] - telegram-desktop (Vulnerable code not present) @@ -10134,9 +10134,9 @@ CVE-2021-25146 CVE-2021-25145 RESERVED CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...) @@ -17447,7 +17447,7 @@ CVE-2021-21729 CVE-2021-21728 RESERVED CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...) - TODO: check + NOT-FOR-US: ZTE CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...) NOT-FOR-US: ZTE CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...) @@ -39733,9 +39733,9 @@ CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows NOTE: https://github.com/libproxy/libproxy/issues/134 NOTE: https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0 CVE-2020-25218 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...) - TODO: check + NOT-FOR-US: Grandstream GRP261x VoIP phone CVE-2020-25217 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...) - TODO: check + NOT-FOR-US: Grandstream GRP261x VoIP phone CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...) NOT-FOR-US: yWorks yEd Desktop CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...) @@ -41048,7 +41048,7 @@ CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for a CVE-2020-24636 RESERVED CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...) NOT-FOR-US: Aruba CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to ...) @@ -81941,7 +81941,7 @@ CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered whe CVE-2020-7851 RESERVED CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...) - TODO: check + NOT-FOR-US: NBBDownloader.ocx ActiveX Control in Groupware CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...) NOT-FOR-US: uPrism.io CURIX CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...) @@ -144157,7 +144157,7 @@ CVE-2019-5319 CVE-2019-5318 RESERVED CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...) - TODO: check + NOT-FOR-US: Aruba CVE-2019-5316 RESERVED CVE-2019-5315 (A command injection vulnerability is present in the web management int ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90f8ce4af37faeb6b4f672c798ee4a4525e6f5af -- View it on
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0edb38b6 by security tracker role at 2021-03-29T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,25 @@ +CVE-2021-3473 + RESERVED +CVE-2021-3472 + RESERVED +CVE-2021-29422 + RESERVED +CVE-2021-29421 + RESERVED +CVE-2021-29420 + RESERVED +CVE-2021-29419 + RESERVED +CVE-2021-29418 + RESERVED +CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...) + TODO: check +CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...) + TODO: check +CVE-2021-29415 + RESERVED +CVE-2021-29414 + RESERVED CVE-2021-29413 RESERVED CVE-2021-29412 @@ -296,8 +318,8 @@ CVE-2021-29269 RESERVED CVE-2021-29268 RESERVED -CVE-2021-29267 - RESERVED +CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...) + TODO: check CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...) - linux 5.10.26-1 (unimportant) [buster] - linux (Vulnerable code introduced later) @@ -998,8 +1020,8 @@ CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security chec - openssl1.0 (Vulnerable code introduced in 1.1.1h) NOTE: https://www.openssl.org/news/secadv/20210325.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b -CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...) - {DLA-2606-1} +CVE-2021-28957 (An XSS vulnerability was discovered in python-lxml's clean module vers ...) + {DSA-4880-1 DLA-2606-1} - lxml 4.6.3-1 (bug #985643) NOTE: https://bugs.launchpad.net/lxml/+bug/1888153 NOTE: https://github.com/lxml/lxml/pull/316 @@ -1041,10 +1063,10 @@ CVE-2021-28939 RESERVED CVE-2021-28938 RESERVED -CVE-2021-28937 - RESERVED -CVE-2021-28936 - RESERVED +CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...) + TODO: check +CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...) + TODO: check CVE-2021-28935 RESERVED CVE-2021-28934 @@ -1577,14 +1599,14 @@ CVE-2021-28675 RESERVED CVE-2021-28674 RESERVED -CVE-2021-28673 - RESERVED +CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...) + TODO: check CVE-2021-28672 RESERVED CVE-2021-28671 RESERVED -CVE-2021-28670 - RESERVED +CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...) + TODO: check CVE-2021-28669 RESERVED CVE-2021-28668 @@ -1621,6 +1643,7 @@ CVE-2021-28687 [HVM soft-reset crashes toolstack] [stretch] - xen (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-368.html CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...) + {DLA-2610-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7 @@ -2782,6 +2805,7 @@ CVE-2021-3429 NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668 CVE-2021-3428 [integer overflow in ext4_es_cache_extent] RESERVED + {DLA-2610-1} - linux 5.8.7-1 [buster] - linux 4.19.181-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786 @@ -3296,7 +3320,7 @@ CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3 [stretch] - linux (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-369.html CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...) - {DLA-2586-1} + {DLA-2610-1 DLA-2586-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://xenbits.xen.org/xsa/advisory-367.html @@ -3348,7 +3372,7 @@ CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 bef - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-25179 NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27 -CVE-2021-27927 (In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x befor ...) +CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...) - zabbix 1:5.0.8+dfsg-1 [stretch] - zabbix (minor issue) NOTE: https://support.zabbix.com/browse/ZBX-18942 @@ -4611,18 +4635,18 @@ CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend
[Git][security-tracker-team/security-tracker][master] Track proposed update for freediameter via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a305fa4f by Salvatore Bonaccorso at 2021-03-29T22:03:28+02:00 Track proposed update for freediameter via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -40,3 +40,5 @@ CVE-2021-27218 [buster] - glib2.0 2.58.3-2+deb10u3 CVE-2020-35459 [buster] - crmsh 4.0.0~git20190108.3d56538-3+deb10u1 +CVE-2020-6098 + [buster] - freediameter 1.2.1-7+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a305fa4f31925838d267107cc808092228689547 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a305fa4f31925838d267107cc808092228689547 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-26919/druid
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 97ea8193 by Salvatore Bonaccorso at 2021-03-29T21:43:32+02:00 Add CVE-2021-26919/druid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5642,6 +5642,7 @@ CVE-2021-26920 RESERVED CVE-2021-26919 RESERVED + - druid (bug #825797) CVE-2021-26918 (** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might all ...) NOT-FOR-US: ProBot bot CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97ea819317b75ac2d7851a4420fd76ec52e70902 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97ea819317b75ac2d7851a4420fd76ec52e70902 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-29274/redmine
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b28d6ea by Salvatore Bonaccorso at 2021-03-29T20:31:39+02:00 Add CVE-2021-29274/redmine - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -277,7 +277,8 @@ CVE-2021-29276 CVE-2021-29275 RESERVED CVE-2021-29274 (Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mi ...) - TODO: check + - redmine (Vulnerable code introduced in 4.1.0) + NOTE: https://www.redmine.org/issues/33846 CVE-2021- [first_boot: Use session to verify first boot welcome step] - freedombox 21.4.2 - plinth View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b28d6eaefc7cb92d3e009a1f9389adffbe71d32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b28d6eaefc7cb92d3e009a1f9389adffbe71d32 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA-4880-1 for lxml
Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ccf19a4 by Sébastien Delafond at 2021-03-29T18:10:11+02:00 Reserve DSA-4880-1 for lxml - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[29 Mar 2021] DSA-4880-1 lxml - security update + {CVE-2021-28957} + [buster] - lxml 4.3.2-1+deb10u3 [27 Mar 2021] DSA-4879-1 spamassassin - security update {CVE-2020-1946} [buster] - spamassassin 3.4.2-1+deb10u3 = data/dsa-needed.txt = @@ -28,9 +28,6 @@ linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. -- -lxml (seb) - Thorsten Altehotz proposed a debdiff --- netty Markus Koschany prepared update ready for review -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ccf19a42ffe66c08009a592ddc2e4e454755977 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ccf19a42ffe66c08009a592ddc2e4e454755977 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2610-1 for linux-4.19
Ben Hutchings pushed to branch master at Debian Security Tracker / security-tracker Commits: fd4e45b9 by Ben Hutchings at 2021-03-29T17:50:12+02:00 Reserve DLA-2610-1 for linux-4.19 - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[29 Mar 2021] DLA-2610-1 linux-4.19 - security update + {CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660} + [stretch] - linux-4.19 4.19.181-1~deb9u1 [26 Mar 2021] DLA-2609-1 thunderbird - security update {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987} [stretch] - thunderbird 1:78.9.0-1~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd4e45b9eab8da3829d2c949cd6b2d6f6499a428 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd4e45b9eab8da3829d2c949cd6b2d6f6499a428 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for netty in dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a750dc7 by Salvatore Bonaccorso at 2021-03-29T13:50:44+02:00 Update note for netty in dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -32,7 +32,7 @@ lxml (seb) Thorsten Altehotz proposed a debdiff -- netty - Markus Koschany possibly can prepare update + Markus Koschany prepared update ready for review -- openjpeg2 (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a750dc708a97fd829058bcc3cc7edda8e80f5a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a750dc708a97fd829058bcc3cc7edda8e80f5a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop openssl from dla-needed
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 30418c8c by Utkarsh Gupta at 2021-03-29T17:12:54+05:30 Drop openssl from dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -88,9 +88,6 @@ opendmarc NOTE: 20201217: patch for CVE-2020-12460 has become available (roberto) NOTE: 20210104: wait for other CVEs (abhijith) -- -openssl (Utkarsh) - NOTE: according to the advisory: "The impact of these issues on OpenSSL 1.1.0 has not been analysed. --- php-pear -- pillow (Abhijith PA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30418c8ca53044c8ab403898eceaee1acb963a19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30418c8ca53044c8ab403898eceaee1acb963a19 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-3449/openssl as not-affected for stretch
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: eab39750 by Utkarsh Gupta at 2021-03-29T17:11:05+05:30 Mark CVE-2021-3449/openssl as not-affected for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1605,6 +1605,7 @@ CVE-2021-28661 CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...) {DSA-4875-1} - openssl 1.1.1k-1 + [stretch] - openssl (Vulnerable code introduced later) - openssl1.0 (Vulnerability does not impact 1.0.2 series) NOTE: https://www.openssl.org/news/secadv/20210325.txt NOTE: Introduced by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c589c34e619c8700ab16b152dd9c8ee58356b319 (OpenSSL_1_1_1-pre1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab3975023599424237dae7da18374077b3969be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab3975023599424237dae7da18374077b3969be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ec2a1e3 by Holger Levsen at 2021-03-29T12:06:33+02:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Holger Levsen hol...@layer-acht.org - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -161,7 +161,7 @@ spotweb subversion (Emilio) NOTE: 20210322: have a look at #985556 and #948834 -- -xmlbeans (Roberto C. Sánchez) +xmlbeans NOTE: 20210222: Affected code changed significantly from 2.6.0 to 3.0.0 (the NOTE: 20210222: upstream release with the fix). Trying to determine how to NOTE: 20210222: implement the changes without introducing too much new code. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec2a1e3b1b10b919128fb6987cdc8c9b8429412 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec2a1e3b1b10b919128fb6987cdc8c9b8429412 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e04a394 by security tracker role at 2021-03-29T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,283 @@ +CVE-2021-29413 + RESERVED +CVE-2021-29412 + RESERVED +CVE-2021-29411 + RESERVED +CVE-2021-29410 + RESERVED +CVE-2021-29409 + RESERVED +CVE-2021-29408 + RESERVED +CVE-2021-29407 + RESERVED +CVE-2021-29406 + RESERVED +CVE-2021-29405 + RESERVED +CVE-2021-29404 + RESERVED +CVE-2021-29403 + RESERVED +CVE-2021-29402 + RESERVED +CVE-2021-29401 + RESERVED +CVE-2021-29400 + RESERVED +CVE-2021-29399 + RESERVED +CVE-2021-29398 + RESERVED +CVE-2021-29397 + RESERVED +CVE-2021-29396 + RESERVED +CVE-2021-29395 + RESERVED +CVE-2021-29394 + RESERVED +CVE-2021-29393 + RESERVED +CVE-2021-29392 + RESERVED +CVE-2021-29391 + RESERVED +CVE-2021-29390 + RESERVED +CVE-2021-29389 + RESERVED +CVE-2021-29388 + RESERVED +CVE-2021-29387 + RESERVED +CVE-2021-29386 + RESERVED +CVE-2021-29385 + RESERVED +CVE-2021-29384 + RESERVED +CVE-2021-29383 + RESERVED +CVE-2021-29382 + RESERVED +CVE-2021-29381 + RESERVED +CVE-2021-29380 + RESERVED +CVE-2021-29379 + RESERVED +CVE-2021-29378 + RESERVED +CVE-2021-29377 + RESERVED +CVE-2021-29376 + RESERVED +CVE-2021-29375 + RESERVED +CVE-2021-29374 + RESERVED +CVE-2021-29373 + RESERVED +CVE-2021-29372 + RESERVED +CVE-2021-29371 + RESERVED +CVE-2021-29370 + RESERVED +CVE-2021-29369 + RESERVED +CVE-2021-29368 + RESERVED +CVE-2021-29367 + RESERVED +CVE-2021-29366 + RESERVED +CVE-2021-29365 + RESERVED +CVE-2021-29364 + RESERVED +CVE-2021-29363 + RESERVED +CVE-2021-29362 + RESERVED +CVE-2021-29361 + RESERVED +CVE-2021-29360 + RESERVED +CVE-2021-29359 + RESERVED +CVE-2021-29358 + RESERVED +CVE-2021-29357 + RESERVED +CVE-2021-29356 + RESERVED +CVE-2021-29355 + RESERVED +CVE-2021-29354 + RESERVED +CVE-2021-29353 + RESERVED +CVE-2021-29352 + RESERVED +CVE-2021-29351 + RESERVED +CVE-2021-29350 + RESERVED +CVE-2021-29349 + RESERVED +CVE-2021-29348 + RESERVED +CVE-2021-29347 + RESERVED +CVE-2021-29346 + RESERVED +CVE-2021-29345 + RESERVED +CVE-2021-29344 + RESERVED +CVE-2021-29343 + RESERVED +CVE-2021-29342 + RESERVED +CVE-2021-29341 + RESERVED +CVE-2021-29340 + RESERVED +CVE-2021-29339 + RESERVED +CVE-2021-29338 + RESERVED +CVE-2021-29337 + RESERVED +CVE-2021-29336 + RESERVED +CVE-2021-29335 + RESERVED +CVE-2021-29334 + RESERVED +CVE-2021-29333 + RESERVED +CVE-2021-29332 + RESERVED +CVE-2021-29331 + RESERVED +CVE-2021-29330 + RESERVED +CVE-2021-29329 + RESERVED +CVE-2021-29328 + RESERVED +CVE-2021-29327 + RESERVED +CVE-2021-29326 + RESERVED +CVE-2021-29325 + RESERVED +CVE-2021-29324 + RESERVED +CVE-2021-29323 + RESERVED +CVE-2021-29322 + RESERVED +CVE-2021-29321 + RESERVED +CVE-2021-29320 + RESERVED +CVE-2021-29319 + RESERVED +CVE-2021-29318 + RESERVED +CVE-2021-29317 + RESERVED +CVE-2021-29316 + RESERVED +CVE-2021-29315 + RESERVED +CVE-2021-29314 + RESERVED +CVE-2021-29313 + RESERVED +CVE-2021-29312 + RESERVED +CVE-2021-29311 + RESERVED +CVE-2021-29310 + RESERVED +CVE-2021-29309 + RESERVED +CVE-2021-29308 + RESERVED +CVE-2021-29307 + RESERVED +CVE-2021-29306 + RESERVED +CVE-2021-29305 + RESERVED +CVE-2021-29304 + RESERVED +CVE-2021-29303 + RESERVED +CVE-2021-29302 + RESERVED +CVE-2021-29301 + RESERVED +CVE-2021-29300 + RESERVED +CVE-2021-29299 + RESERVED +CVE-2021-29298 + RESERVED +CVE-2021-29297 + RESERVED +CVE-2021-29296 + RESERVED +CVE-2021-29295 + RESERVED +CVE-2021-29294 + RESERVED +CVE-2021-29293 + RESERVED +CVE-2021-29292 + RESERVED +CVE-2021-29291 + RESERVED +CVE-2021-29290 + RESERVED +CVE-2021-29289 + RESERVED +CVE-2021-29288 + RESERVED +CVE-2021-29287 + RESERVED +CVE-2021-29286 + RESERVED +CVE-2021-29285 + RESERVED +CVE-2021-29284 + RESERVED +CVE-2021-29283 + RESERVED +CVE-2021-29282 + RESERVED +CVE-2021-29281 + RESERVED +CVE-2021-29280 + RESERVED +CVE-2021-29279 + RESERVED +CVE-2021-29278 + RESERVED +CVE-2021-29277 + RESERVED +CVE-2021-29276 + RESERVED +CVE-2021-29275 + RESERVED +CVE-2021-29274 (Redmine 4.1.x before 4.1.2 allows XSS