[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2021-0003

[Alberto Garcia]

Alberto Garcia pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
09170430 by Alberto Garcia at 2021-03-30T00:27:25+02:00
webkit2gtk upstream advisory WSA-2021-0003

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -25309,6 +25309,10 @@ CVE-2021-1872
RESERVED
 CVE-2021-1871
RESERVED
+- webkit2gtk 
+   [stretch] - webkit2gtk  (Not covered by security support in 
stretch)
+- wpewebkit 
+NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
 CVE-2021-1870
RESERVED
{DSA-4877-1}
@@ -25368,6 +25372,10 @@ CVE-2021-1845
RESERVED
 CVE-2021-1844
RESERVED
+- webkit2gtk 
+   [stretch] - webkit2gtk  (Not covered by security support in 
stretch)
+- wpewebkit 
+NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
 CVE-2021-1843
RESERVED
 CVE-2021-1842
@@ -25495,6 +25503,10 @@ CVE-2021-1789
NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2021-1788
RESERVED
+- webkit2gtk 
+   [stretch] - webkit2gtk  (Not covered by security support in 
stretch)
+- wpewebkit 
+NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
 CVE-2021-1787
RESERVED
 CVE-2021-1786



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0917043011a486b5207c9ce43bd56c6471fe683c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0917043011a486b5207c9ce43bd56c6471fe683c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some new NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
90f8ce4a by Salvatore Bonaccorso at 2021-03-29T22:14:56+02:00
Process some new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1064,9 +1064,9 @@ CVE-2021-28939
 CVE-2021-28938
RESERVED
 CVE-2021-28937 (The /password.html page of the Web management interface of the 
Acexy W ...)
-   TODO: check
+   NOT-FOR-US: Acexy Wireless-N WiFi Repeater
 CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web 
management ...)
-   TODO: check
+   NOT-FOR-US: Acexy Wireless-N WiFi Repeater
 CVE-2021-28935
RESERVED
 CVE-2021-28934
@@ -1600,13 +1600,13 @@ CVE-2021-28675
 CVE-2021-28674
RESERVED
 CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), 
WorkCentre 65 ...)
-   TODO: check
+   NOT-FOR-US: Xerox
 CVE-2021-28672
RESERVED
 CVE-2021-28671
RESERVED
 CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, 
C8030/C8035 befor ...)
-   TODO: check
+   NOT-FOR-US: Xerox
 CVE-2021-28669
RESERVED
 CVE-2021-28668
@@ -4673,7 +4673,7 @@ CVE-2021-27354
 CVE-2021-27353
RESERVED
 CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 
allows attac ...)
-   TODO: check
+   NOT-FOR-US: Ilch CMS
 CVE-2021-27351 (The Terminate Session feature in the Telegram application 
through 7.2. ...)
- telegram-desktop 2.6.1-1
[buster] - telegram-desktop  (Vulnerable code not present)
@@ -10134,9 +10134,9 @@ CVE-2021-25146
 CVE-2021-25145
RESERVED
 CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some 
Aruba In ...)
-   TODO: check
+   NOT-FOR-US: Aruba
 CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered 
in some  ...)
-   TODO: check
+   NOT-FOR-US: Aruba
 CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE 
Apollo 70 Sy ...)
NOT-FOR-US: HPE
 CVE-2021-25141 (A security vulnerability has been identified in in certain HPE 
and Aru ...)
@@ -17447,7 +17447,7 @@ CVE-2021-21729
 CVE-2021-21728
RESERVED
 CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can 
amplify t ...)
-   TODO: check
+   NOT-FOR-US: ZTE
 CVE-2021-21726 (Some ZTE products have an input verification vulnerability in 
the diag ...)
NOT-FOR-US: ZTE
 CVE-2021-21725 (A ZTE product has an information leak vulnerability. An 
attacker with  ...)
@@ -39733,9 +39733,9 @@ CVE-2020-25219 (url::recvline in url.cpp in libproxy 
0.4.x through 0.4.15 allows
NOTE: https://github.com/libproxy/libproxy/issues/134
NOTE: 
https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0
 CVE-2020-25218 (Grandstream GRP261x VoIP phone running firmware version 
1.0.3.6 (Base) ...)
-   TODO: check
+   NOT-FOR-US: Grandstream GRP261x VoIP phone
 CVE-2020-25217 (Grandstream GRP261x VoIP phone running firmware version 
1.0.3.6 (Base) ...)
-   TODO: check
+   NOT-FOR-US: Grandstream GRP261x VoIP phone
 CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an 
XSL Tran ...)
NOT-FOR-US: yWorks yEd Desktop
 CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML 
or Grap ...)
@@ -41048,7 +41048,7 @@ CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 
implementation allows for a
 CVE-2020-24636
RESERVED
 CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was 
discovered  ...)
-   TODO: check
+   NOT-FOR-US: Aruba
 CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by 
sending e ...)
NOT-FOR-US: Aruba
 CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could 
lead to  ...)
@@ -81941,7 +81941,7 @@ CVE-2020-7852 (DaviewIndy has a Heap-based overflow 
vulnerability, triggered whe
 CVE-2020-7851
RESERVED
 CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a 
vulnerabilit ...)
-   TODO: check
+   NOT-FOR-US: NBBDownloader.ocx ActiveX Control in Groupware
 CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) 
could a ...)
NOT-FOR-US: uPrism.io CURIX
 CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command 
Injection vulne ...)
@@ -144157,7 +144157,7 @@ CVE-2019-5319
 CVE-2019-5318
RESERVED
 CVE-2019-5317 (A local authentication bypass vulnerability was discovered in 
some Aru ...)
-   TODO: check
+   NOT-FOR-US: Aruba
 CVE-2019-5316
RESERVED
 CVE-2019-5315 (A command injection vulnerability is present in the web 
management int ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90f8ce4af37faeb6b4f672c798ee4a4525e6f5af

-- 
View it on 

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0edb38b6 by security tracker role at 2021-03-29T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,25 @@
+CVE-2021-3473
+   RESERVED
+CVE-2021-3472
+   RESERVED
+CVE-2021-29422
+   RESERVED
+CVE-2021-29421
+   RESERVED
+CVE-2021-29420
+   RESERVED
+CVE-2021-29419
+   RESERVED
+CVE-2021-29418
+   RESERVED
+CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute 
arbitrary co ...)
+   TODO: check
+CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 
2021.2. Durin ...)
+   TODO: check
+CVE-2021-29415
+   RESERVED
+CVE-2021-29414
+   RESERVED
 CVE-2021-29413
RESERVED
 CVE-2021-29412
@@ -296,8 +318,8 @@ CVE-2021-29269
RESERVED
 CVE-2021-29268
RESERVED
-CVE-2021-29267
-   RESERVED
+CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site 
Scripting (XS ...)
+   TODO: check
 CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. 
drivers/vho ...)
- linux 5.10.26-1 (unimportant)
[buster] - linux  (Vulnerable code introduced later)
@@ -998,8 +1020,8 @@ CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables 
additional security chec
- openssl1.0  (Vulnerable code introduced in 1.1.1h)
NOTE: https://www.openssl.org/news/secadv/20210325.txt
NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
-CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute 
into defs.l ...)
-   {DLA-2606-1}
+CVE-2021-28957 (An XSS vulnerability was discovered in python-lxml's clean 
module vers ...)
+   {DSA-4880-1 DLA-2606-1}
- lxml 4.6.3-1 (bug #985643)
NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
NOTE: https://github.com/lxml/lxml/pull/316
@@ -1041,10 +1063,10 @@ CVE-2021-28939
RESERVED
 CVE-2021-28938
RESERVED
-CVE-2021-28937
-   RESERVED
-CVE-2021-28936
-   RESERVED
+CVE-2021-28937 (The /password.html page of the Web management interface of the 
Acexy W ...)
+   TODO: check
+CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web 
management ...)
+   TODO: check
 CVE-2021-28935
RESERVED
 CVE-2021-28934
@@ -1577,14 +1599,14 @@ CVE-2021-28675
RESERVED
 CVE-2021-28674
RESERVED
-CVE-2021-28673
-   RESERVED
+CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), 
WorkCentre 65 ...)
+   TODO: check
 CVE-2021-28672
RESERVED
 CVE-2021-28671
RESERVED
-CVE-2021-28670
-   RESERVED
+CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, 
C8030/C8035 befor ...)
+   TODO: check
 CVE-2021-28669
RESERVED
 CVE-2021-28668
@@ -1621,6 +1643,7 @@ CVE-2021-28687 [HVM soft-reset crashes toolstack]
[stretch] - xen  (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-368.html
 CVE-2021-28660 (rtw_wx_set_scan in 
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...)
+   {DLA-2610-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: 
https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7
@@ -2782,6 +2805,7 @@ CVE-2021-3429
NOTE: 
https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668
 CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
RESERVED
+   {DLA-2610-1}
- linux 5.8.7-1
[buster] - linux 4.19.181-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
@@ -3296,7 +3320,7 @@ CVE-2021-28039 (An issue was discovered in the Linux 
kernel 5.9.x through 5.11.3
[stretch] - linux  (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-369.html
 CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as 
used wi ...)
-   {DLA-2586-1}
+   {DLA-2610-1 DLA-2586-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://xenbits.xen.org/xsa/advisory-367.html
@@ -3348,7 +3372,7 @@ CVE-2021-27928 (A remote code execution issue was 
discovered in MariaDB 10.2 bef
- mariadb-10.1 
NOTE: https://jira.mariadb.org/browse/MDEV-25179
NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27
-CVE-2021-27927 (In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 
5.2.x befor ...)
+CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 
5.0.10rc1, 5 ...)
- zabbix 1:5.0.8+dfsg-1
[stretch] - zabbix  (minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-18942
@@ -4611,18 +4635,18 @@ CVE-2021-27367 
(Controller/Backend/FileEditController.php and Controller/Backend
 

[Git][security-tracker-team/security-tracker][master] Track proposed update for freediameter via buster-pu

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a305fa4f by Salvatore Bonaccorso at 2021-03-29T22:03:28+02:00
Track proposed update for freediameter via buster-pu

- - - - -


1 changed file:

- data/next-point-update.txt


Changes:

=
data/next-point-update.txt
=
@@ -40,3 +40,5 @@ CVE-2021-27218
[buster] - glib2.0 2.58.3-2+deb10u3
 CVE-2020-35459
[buster] - crmsh 4.0.0~git20190108.3d56538-3+deb10u1
+CVE-2020-6098
+   [buster] - freediameter 1.2.1-7+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a305fa4f31925838d267107cc808092228689547

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a305fa4f31925838d267107cc808092228689547
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2021-26919/druid

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
97ea8193 by Salvatore Bonaccorso at 2021-03-29T21:43:32+02:00
Add CVE-2021-26919/druid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5642,6 +5642,7 @@ CVE-2021-26920
RESERVED
 CVE-2021-26919
RESERVED
+   - druid  (bug #825797)
 CVE-2021-26918 (** DISPUTED ** The ProBot bot through 2021-02-08 for Discord 
might all ...)
NOT-FOR-US: ProBot bot
 CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers 
to write  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97ea819317b75ac2d7851a4420fd76ec52e70902

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97ea819317b75ac2d7851a4420fd76ec52e70902
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2021-29274/redmine

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4b28d6ea by Salvatore Bonaccorso at 2021-03-29T20:31:39+02:00
Add CVE-2021-29274/redmine

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -277,7 +277,8 @@ CVE-2021-29276
 CVE-2021-29275
RESERVED
 CVE-2021-29274 (Redmine 4.1.x before 4.1.2 allows XSS because an issue's 
subject is mi ...)
-   TODO: check
+   - redmine  (Vulnerable code introduced in 4.1.0)
+   NOTE: https://www.redmine.org/issues/33846
 CVE-2021- [first_boot: Use session to verify first boot welcome step]
- freedombox 21.4.2
- plinth 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b28d6eaefc7cb92d3e009a1f9389adffbe71d32

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b28d6eaefc7cb92d3e009a1f9389adffbe71d32
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA-4880-1 for lxml

[Sebastien Delafond]

Sebastien Delafond pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1ccf19a4 by Sébastien Delafond at 2021-03-29T18:10:11+02:00
Reserve DSA-4880-1 for lxml

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[29 Mar 2021] DSA-4880-1 lxml - security update
+   {CVE-2021-28957}
+   [buster] - lxml 4.3.2-1+deb10u3
 [27 Mar 2021] DSA-4879-1 spamassassin - security update
{CVE-2020-1946}
[buster] - spamassassin 3.4.2-1+deb10u3


=
data/dsa-needed.txt
=
@@ -28,9 +28,6 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.
 --
-lxml (seb)
-  Thorsten Altehotz proposed a debdiff
---
 netty
   Markus Koschany prepared update ready for review
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ccf19a42ffe66c08009a592ddc2e4e454755977

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ccf19a42ffe66c08009a592ddc2e4e454755977
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2610-1 for linux-4.19

[Ben Hutchings]

Ben Hutchings pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fd4e45b9 by Ben Hutchings at 2021-03-29T17:50:12+02:00
Reserve DLA-2610-1 for linux-4.19

- - - - -


1 changed file:

- data/DLA/list


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[29 Mar 2021] DLA-2610-1 linux-4.19 - security update
+   {CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428 
CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 
CVE-2021-27365 CVE-2021-28038 CVE-2021-28660}
+   [stretch] - linux-4.19 4.19.181-1~deb9u1
 [26 Mar 2021] DLA-2609-1 thunderbird - security update
{CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987}
[stretch] - thunderbird 1:78.9.0-1~deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd4e45b9eab8da3829d2c949cd6b2d6f6499a428

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd4e45b9eab8da3829d2c949cd6b2d6f6499a428
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update note for netty in dsa-needed list

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a750dc7 by Salvatore Bonaccorso at 2021-03-29T13:50:44+02:00
Update note for netty in dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -32,7 +32,7 @@ lxml (seb)
   Thorsten Altehotz proposed a debdiff
 --
 netty
-  Markus Koschany possibly can prepare update
+  Markus Koschany prepared update ready for review
 --
 openjpeg2 (jmm)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a750dc708a97fd829058bcc3cc7edda8e80f5a1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a750dc708a97fd829058bcc3cc7edda8e80f5a1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Drop openssl from dla-needed

[Utkarsh Gupta]

Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
30418c8c by Utkarsh Gupta at 2021-03-29T17:12:54+05:30
Drop openssl from dla-needed

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -88,9 +88,6 @@ opendmarc
   NOTE: 20201217: patch for CVE-2020-12460 has become available (roberto)
   NOTE: 20210104: wait for other CVEs (abhijith)
 --
-openssl (Utkarsh)
-  NOTE: according to the advisory: "The impact of these issues on OpenSSL 
1.1.0 has not been analysed.
---
 php-pear
 --
 pillow (Abhijith PA)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30418c8ca53044c8ab403898eceaee1acb963a19

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30418c8ca53044c8ab403898eceaee1acb963a19
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-3449/openssl as not-affected for stretch

[Utkarsh Gupta]

Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eab39750 by Utkarsh Gupta at 2021-03-29T17:11:05+05:30
Mark CVE-2021-3449/openssl as not-affected for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1605,6 +1605,7 @@ CVE-2021-28661
 CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted 
renegoti ...)
{DSA-4875-1}
- openssl 1.1.1k-1
+   [stretch] - openssl  (Vulnerable code introduced later)
- openssl1.0  (Vulnerability does not impact 1.0.2 series)
NOTE: https://www.openssl.org/news/secadv/20210325.txt
NOTE: Introduced by: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c589c34e619c8700ab16b152dd9c8ee58356b319
 (OpenSSL_1_1_1-pre1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab3975023599424237dae7da18374077b3969be

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab3975023599424237dae7da18374077b3969be
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity

[Holger Levsen]

Holger Levsen pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2ec2a1e3 by Holger Levsen at 2021-03-29T12:06:33+02:00
semi-automatic unclaim after 2 weeks of inactivity

Signed-off-by: Holger Levsen hol...@layer-acht.org

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -161,7 +161,7 @@ spotweb
 subversion (Emilio)
   NOTE: 20210322: have a look at #985556 and #948834
 --
-xmlbeans (Roberto C. Sánchez)
+xmlbeans
   NOTE: 20210222: Affected code changed significantly from 2.6.0 to 3.0.0 (the
   NOTE: 20210222: upstream release with the fix).  Trying to determine how to
   NOTE: 20210222: implement the changes without introducing too much new code. 
(roberto)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec2a1e3b1b10b919128fb6987cdc8c9b8429412

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec2a1e3b1b10b919128fb6987cdc8c9b8429412
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2e04a394 by security tracker role at 2021-03-29T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,283 @@
+CVE-2021-29413
+   RESERVED
+CVE-2021-29412
+   RESERVED
+CVE-2021-29411
+   RESERVED
+CVE-2021-29410
+   RESERVED
+CVE-2021-29409
+   RESERVED
+CVE-2021-29408
+   RESERVED
+CVE-2021-29407
+   RESERVED
+CVE-2021-29406
+   RESERVED
+CVE-2021-29405
+   RESERVED
+CVE-2021-29404
+   RESERVED
+CVE-2021-29403
+   RESERVED
+CVE-2021-29402
+   RESERVED
+CVE-2021-29401
+   RESERVED
+CVE-2021-29400
+   RESERVED
+CVE-2021-29399
+   RESERVED
+CVE-2021-29398
+   RESERVED
+CVE-2021-29397
+   RESERVED
+CVE-2021-29396
+   RESERVED
+CVE-2021-29395
+   RESERVED
+CVE-2021-29394
+   RESERVED
+CVE-2021-29393
+   RESERVED
+CVE-2021-29392
+   RESERVED
+CVE-2021-29391
+   RESERVED
+CVE-2021-29390
+   RESERVED
+CVE-2021-29389
+   RESERVED
+CVE-2021-29388
+   RESERVED
+CVE-2021-29387
+   RESERVED
+CVE-2021-29386
+   RESERVED
+CVE-2021-29385
+   RESERVED
+CVE-2021-29384
+   RESERVED
+CVE-2021-29383
+   RESERVED
+CVE-2021-29382
+   RESERVED
+CVE-2021-29381
+   RESERVED
+CVE-2021-29380
+   RESERVED
+CVE-2021-29379
+   RESERVED
+CVE-2021-29378
+   RESERVED
+CVE-2021-29377
+   RESERVED
+CVE-2021-29376
+   RESERVED
+CVE-2021-29375
+   RESERVED
+CVE-2021-29374
+   RESERVED
+CVE-2021-29373
+   RESERVED
+CVE-2021-29372
+   RESERVED
+CVE-2021-29371
+   RESERVED
+CVE-2021-29370
+   RESERVED
+CVE-2021-29369
+   RESERVED
+CVE-2021-29368
+   RESERVED
+CVE-2021-29367
+   RESERVED
+CVE-2021-29366
+   RESERVED
+CVE-2021-29365
+   RESERVED
+CVE-2021-29364
+   RESERVED
+CVE-2021-29363
+   RESERVED
+CVE-2021-29362
+   RESERVED
+CVE-2021-29361
+   RESERVED
+CVE-2021-29360
+   RESERVED
+CVE-2021-29359
+   RESERVED
+CVE-2021-29358
+   RESERVED
+CVE-2021-29357
+   RESERVED
+CVE-2021-29356
+   RESERVED
+CVE-2021-29355
+   RESERVED
+CVE-2021-29354
+   RESERVED
+CVE-2021-29353
+   RESERVED
+CVE-2021-29352
+   RESERVED
+CVE-2021-29351
+   RESERVED
+CVE-2021-29350
+   RESERVED
+CVE-2021-29349
+   RESERVED
+CVE-2021-29348
+   RESERVED
+CVE-2021-29347
+   RESERVED
+CVE-2021-29346
+   RESERVED
+CVE-2021-29345
+   RESERVED
+CVE-2021-29344
+   RESERVED
+CVE-2021-29343
+   RESERVED
+CVE-2021-29342
+   RESERVED
+CVE-2021-29341
+   RESERVED
+CVE-2021-29340
+   RESERVED
+CVE-2021-29339
+   RESERVED
+CVE-2021-29338
+   RESERVED
+CVE-2021-29337
+   RESERVED
+CVE-2021-29336
+   RESERVED
+CVE-2021-29335
+   RESERVED
+CVE-2021-29334
+   RESERVED
+CVE-2021-29333
+   RESERVED
+CVE-2021-29332
+   RESERVED
+CVE-2021-29331
+   RESERVED
+CVE-2021-29330
+   RESERVED
+CVE-2021-29329
+   RESERVED
+CVE-2021-29328
+   RESERVED
+CVE-2021-29327
+   RESERVED
+CVE-2021-29326
+   RESERVED
+CVE-2021-29325
+   RESERVED
+CVE-2021-29324
+   RESERVED
+CVE-2021-29323
+   RESERVED
+CVE-2021-29322
+   RESERVED
+CVE-2021-29321
+   RESERVED
+CVE-2021-29320
+   RESERVED
+CVE-2021-29319
+   RESERVED
+CVE-2021-29318
+   RESERVED
+CVE-2021-29317
+   RESERVED
+CVE-2021-29316
+   RESERVED
+CVE-2021-29315
+   RESERVED
+CVE-2021-29314
+   RESERVED
+CVE-2021-29313
+   RESERVED
+CVE-2021-29312
+   RESERVED
+CVE-2021-29311
+   RESERVED
+CVE-2021-29310
+   RESERVED
+CVE-2021-29309
+   RESERVED
+CVE-2021-29308
+   RESERVED
+CVE-2021-29307
+   RESERVED
+CVE-2021-29306
+   RESERVED
+CVE-2021-29305
+   RESERVED
+CVE-2021-29304
+   RESERVED
+CVE-2021-29303
+   RESERVED
+CVE-2021-29302
+   RESERVED
+CVE-2021-29301
+   RESERVED
+CVE-2021-29300
+   RESERVED
+CVE-2021-29299
+   RESERVED
+CVE-2021-29298
+   RESERVED
+CVE-2021-29297
+   RESERVED
+CVE-2021-29296
+   RESERVED
+CVE-2021-29295
+   RESERVED
+CVE-2021-29294
+   RESERVED
+CVE-2021-29293
+   RESERVED
+CVE-2021-29292
+   RESERVED
+CVE-2021-29291
+   RESERVED
+CVE-2021-29290
+   RESERVED
+CVE-2021-29289
+   RESERVED
+CVE-2021-29288
+   RESERVED
+CVE-2021-29287
+   RESERVED
+CVE-2021-29286
+   RESERVED
+CVE-2021-29285
+   RESERVED
+CVE-2021-29284
+   RESERVED
+CVE-2021-29283
+   RESERVED
+CVE-2021-29282
+   RESERVED
+CVE-2021-29281
+   RESERVED
+CVE-2021-29280
+   RESERVED
+CVE-2021-29279
+   RESERVED
+CVE-2021-29278
+   RESERVED
+CVE-2021-29277
+   RESERVED
+CVE-2021-29276
+   RESERVED
+CVE-2021-29275
+   RESERVED
+CVE-2021-29274 (Redmine 4.1.x before 4.1.2 allows XSS