[Git][security-tracker-team/security-tracker][master] chromium dsa

[Michael Gilbert]

Michael Gilbert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2b2754f2 by Michael Gilbert at 2021-05-04T02:59:20+00:00
chromium dsa

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[03 May 2021] DSA-4911-1 chromium - security update
+   {CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 
CVE-2021-21231 CVE-2021-21232 CVE-2021-21233}
+   [buster] - chromium 90.0.4430.93-1~deb10u1
 [02 May 2021] DSA-4910-1 libimage-exiftool-perl - security update
{CVE-2021-22204}
[buster] - libimage-exiftool-perl 11.16-1+deb10u1


=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source 
package.
 
---
-chromium
 --
 condor
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b2754f2c5a86c2870ec9faaa6dcf8a1bde2b057

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b2754f2c5a86c2870ec9faaa6dcf8a1bde2b057
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2646-1 for subversion

[Anton Gladky]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b22e0d56 by Anton Gladky at 2021-05-03T22:33:05+02:00
Reserve DLA-2646-1 for subversion

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[03 May 2021] DLA-2646-1 subversion - security update
+   {CVE-2020-17525}
+   [stretch] - subversion 1.9.5-1+deb9u6
 [29 Apr 2021] DLA-2645-1 edk2 - security update
{CVE-2019-0161 CVE-2019-14558 CVE-2019-14559 CVE-2019-14562 
CVE-2019-14563 CVE-2019-14575 CVE-2019-14584 CVE-2019-14586 CVE-2019-14587 
CVE-2021-28210 CVE-2021-28211}
[stretch] - edk2 0~20161202.7bbe0b3e-1+deb9u2


=
data/dla-needed.txt
=
@@ -148,11 +148,6 @@ spotweb
   NOTE: 20210122: Upstream fix trivially bypassed, reported under CVE-2021-3286
   NOTE: 20210127: Upstream says "we can fix this but it may take some time", 
revisit later (Beuc)
 --
-subversion (Anton Gladky)
-  NOTE: 20210322: have a look at #985556 and #948834
-  NOTE: 20210425: almost ready
-  NOTE: 20210502: Upload is planned for CW19/2021
---
 xmlbeans
   NOTE: 20210222: Affected code changed significantly from 2.6.0 to 3.0.0 (the
   NOTE: 20210222: upstream release with the fix).  Trying to determine how to



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22e0d563af94e12739c08219f4a1ab8e4f0ab16

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22e0d563af94e12739c08219f4a1ab8e4f0ab16
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-15153/ampache

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5b8763af by Salvatore Bonaccorso at 2021-05-03T22:20:42+02:00
Add CVE-2020-15153/ampache

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -67700,7 +67700,7 @@ CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected 
by Cross Site Scripting (
 CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting 
(XSS) v ...)
NOT-FOR-US: baserCMS
 CVE-2020-15153 (Ampache before version 4.2.2 allows unauthenticated users to 
perform S ...)
-   TODO: check
+   - ampache 
 CVE-2020-15152 (ftp-srv is an npm package which is a modern and extensible FTP 
server  ...)
NOT-FOR-US: Node ftp-srv
 CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows 
attackers to cir ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8763af5d4d76baf64662cadcce42c9bf2b1b87

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8763af5d4d76baf64662cadcce42c9bf2b1b87
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
738ec32a by Salvatore Bonaccorso at 2021-05-03T22:20:04+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6334,15 +6334,15 @@ CVE-2021-29244
 CVE-2021-29243
RESERVED
 CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper 
input vali ...)
-   TODO: check
+   NOT-FOR-US: CODESYS Control Runtime
 CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer 
dereference that  ...)
-   TODO: check
+   NOT-FOR-US: CODESYS Gateway 3
 CVE-2021-29240
RESERVED
 CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or 
executes mali ...)
-   TODO: check
+   NOT-FOR-US: CODESYS Development System 3
 CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site 
request forg ...)
-   TODO: check
+   NOT-FOR-US: CODESYS Automation Server
 CVE-2021-29237
RESERVED
 CVE-2021-29236
@@ -25942,7 +25942,7 @@ CVE-2021-21266 (openHAB is a vendor and technology 
agnostic open source automati
 CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based 
on the  ...)
NOT-FOR-US: October CMS
 CVE-2021-21264 (October is a free, open-source, self-hosted CMS platform based 
on the  ...)
-   TODO: check
+   NOT-FOR-US: October CMS
 CVE-2021-21262
RESERVED
 CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is 
a lean  ...)
@@ -56499,7 +56499,7 @@ CVE-2020-20249
 CVE-2020-20248
RESERVED
 CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a 
memory co ...)
-   TODO: check
+   NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20246
RESERVED
 CVE-2020-20245
@@ -56557,7 +56557,7 @@ CVE-2020-20220
 CVE-2020-20219
RESERVED
 CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a 
memory corrup ...)
-   TODO: check
+   NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20217
RESERVED
 CVE-2020-20216



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/738ec32ac1c427b15c7cbb6d566829a44a6b3cb5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/738ec32ac1c427b15c7cbb6d566829a44a6b3cb5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-3504/hivex

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0a90c27b by Salvatore Bonaccorso at 2021-05-03T22:13:50+02:00
Add Debian bug reference for CVE-2021-3504/hivex

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1175,7 +1175,7 @@ CVE-2021-3505 (A flaw was found in libtpms in versions 
before 0.8.0. The TPM 2 i
NOTE: 
https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b
 (v0.8.0)
 CVE-2021-3504
RESERVED
-   - hivex 
+   - hivex  (bug #988024)
NOTE: 
https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html
NOTE: 
https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
 CVE-2021-3503



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a90c27b3d076c3e8e34f6968efd9bf80e1e8d38

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a90c27b3d076c3e8e34f6968efd9bf80e1e8d38
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
74d67e27 by security tracker role at 2021-05-03T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,29 @@
+CVE-2021-3532
+   RESERVED
+CVE-2021-3531
+   RESERVED
+CVE-2021-3530
+   RESERVED
+CVE-2021-32011
+   RESERVED
+CVE-2021-32010
+   RESERVED
+CVE-2021-32009
+   RESERVED
+CVE-2021-32008
+   RESERVED
+CVE-2021-32007
+   RESERVED
+CVE-2021-32006
+   RESERVED
+CVE-2021-32005
+   RESERVED
+CVE-2021-32004
+   RESERVED
+CVE-2021-32003
+   RESERVED
+CVE-2021-32002
+   RESERVED
 CVE-2021-32001
RESERVED
 CVE-2021-32000
@@ -6016,8 +6042,8 @@ CVE-2021-29371
RESERVED
 CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in 
Android 1. ...)
NOT-FOR-US: Thanos-Soft Cheetah Browser in Android
-CVE-2021-29369
-   RESERVED
+CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows 
code exe ...)
+   TODO: check
 CVE-2021-29368
RESERVED
 CVE-2021-29367
@@ -6307,16 +6333,16 @@ CVE-2021-29244
RESERVED
 CVE-2021-29243
RESERVED
-CVE-2021-29242
-   RESERVED
-CVE-2021-29241
-   RESERVED
+CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper 
input vali ...)
+   TODO: check
+CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer 
dereference that  ...)
+   TODO: check
 CVE-2021-29240
RESERVED
-CVE-2021-29239
-   RESERVED
-CVE-2021-29238
-   RESERVED
+CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or 
executes mali ...)
+   TODO: check
+CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site 
request forg ...)
+   TODO: check
 CVE-2021-29237
RESERVED
 CVE-2021-29236
@@ -7161,8 +7187,8 @@ CVE-2021-28862
RESERVED
 CVE-2021-28861
RESERVED
-CVE-2021-28860
-   RESERVED
+CVE-2021-28860 (Node.js mixme 0.5.0, an attacker can add or alter properties 
of an obj ...)
+   TODO: check
 CVE-2021-28859
RESERVED
 CVE-2021-28858
@@ -14997,8 +15023,7 @@ CVE-2021-25633
RESERVED
 CVE-2021-25632
RESERVED
-CVE-2021-25631
-   RESERVED
+CVE-2021-25631 (In the LibreOffice 7-1 series in versions prior to 7.1.2, and 
in the 7 ...)
- libreoffice  (Libreoffice on Windows)
NOTE: https://positive.security/blog/url-open-rce#open-libreoffice
 CVE-2021-25630 ("loolforkit" is a privileged program that is supposed to be 
run by a s ...)
@@ -25916,8 +25941,8 @@ CVE-2021-21266 (openHAB is a vendor and technology 
agnostic open source automati
NOT-FOR-US: openHAB
 CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based 
on the  ...)
NOT-FOR-US: October CMS
-CVE-2021-21264
-   RESERVED
+CVE-2021-21264 (October is a free, open-source, self-hosted CMS platform based 
on the  ...)
+   TODO: check
 CVE-2021-21262
RESERVED
 CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is 
a lean  ...)
@@ -56473,8 +56498,8 @@ CVE-2020-20249
RESERVED
 CVE-2020-20248
RESERVED
-CVE-2020-20247
-   RESERVED
+CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a 
memory co ...)
+   TODO: check
 CVE-2020-20246
RESERVED
 CVE-2020-20245
@@ -56531,8 +56556,8 @@ CVE-2020-20220
RESERVED
 CVE-2020-20219
RESERVED
-CVE-2020-20218
-   RESERVED
+CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a 
memory corrup ...)
+   TODO: check
 CVE-2020-20217
RESERVED
 CVE-2020-20216
@@ -72937,7 +72962,7 @@ CVE-2020-13287 (A vulnerability was discovered in 
GitLab versions before 13.1.10
 CVE-2020-13286 (For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git 
configur ...)
- gitlab  (Only affects GitLab 12.7 and later)
NOTE: 
https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site 
scripting vulne ...)
+CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site 
scripting (XSS) ...)
- gitlab  (Only affects GitLab 12.9 and later)
NOTE: 
https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
 CVE-2020-13284 (A vulnerability was discovered in GitLab versions before 
13.1.10, 13.2 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d67e27ead056353a02b793af390cac79b19233

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d67e27ead056353a02b793af390cac79b19233
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits 

[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3504/hivex

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7ffd72fd by Salvatore Bonaccorso at 2021-05-03T22:07:05+02:00
Add CVE-2021-3504/hivex

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1149,6 +1149,9 @@ CVE-2021-3505 (A flaw was found in libtpms in versions 
before 0.8.0. The TPM 2 i
NOTE: 
https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b
 (v0.8.0)
 CVE-2021-3504
RESERVED
+   - hivex 
+   NOTE: 
https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html
+   NOTE: 
https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
 CVE-2021-3503
RESERVED
- wildfly  (bug #752018)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffd72fd841bbbe0e28dfb9524704595aea1c46b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffd72fd841bbbe0e28dfb9524704595aea1c46b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-7924/mongo-tools

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
974f45f8 by Salvatore Bonaccorso at 2021-05-03T21:58:37+02:00
Add Debian bug reference for CVE-2020-7924/mongo-tools

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -88203,7 +88203,7 @@ CVE-2020-7925 (Incorrect validation of user input in 
the role name parser may le
NOTE: 
https://github.com/mongodb/mongo/commit/8fbd1af03310704de68c22163900636f58f7eba8
 (v3.6.19)
NOTE: Introduced by: 
https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b
 (v3.6.18)
 CVE-2020-7924 (Usage of specific command line parameter in MongoDB Tools which 
was or ...)
-   - mongo-tools 
+   - mongo-tools  (bug #988021)
[buster] - mongo-tools  (Minor issue)
[stretch] - mongo-tools  (Minor issue)
NOTE: https://jira.mongodb.org/browse/TOOLS-2587



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/974f45f88683df6c12180edaa23690633c0ea66d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/974f45f88683df6c12180edaa23690633c0ea66d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-18032

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7b91678a by Salvatore Bonaccorso at 2021-05-03T17:36:27+02:00
Add Debian bug reference for CVE-2020-18032

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -60916,7 +60916,7 @@ CVE-2020-18034
 CVE-2020-18033
RESERVED
 CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from 
commit ID f ...)
-   - graphviz 
+   - graphviz  (bug #988000)
NOTE: https://gitlab.com/graphviz/graphviz/-/issues/1700
NOTE: 
https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b
 CVE-2020-18031



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b91678ac689649e42796e8cd90da2a86ddfae57

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b91678ac689649e42796e8cd90da2a86ddfae57
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add upstream issue for CVE-2020-18032/graphviz

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c7b8b83 by Salvatore Bonaccorso at 2021-05-03T16:50:50+02:00
Add upstream issue for CVE-2020-18032/graphviz

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -60917,6 +60917,7 @@ CVE-2020-18033
RESERVED
 CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from 
commit ID f ...)
- graphviz 
+   NOTE: https://gitlab.com/graphviz/graphviz/-/issues/1700
NOTE: 
https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b
 CVE-2020-18031
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c7b8b833786f2d879b41857082c035088b8d031

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c7b8b833786f2d879b41857082c035088b8d031
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] md4c fixed in sid

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cd25a521 by Moritz Muehlenhoff at 2021-05-03T16:50:07+02:00
md4c fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4430,7 +4430,7 @@ CVE-2021-30029
 CVE-2021-30028
RESERVED
 CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to 
trigger us ...)
-   - md4c  (bug #987799)
+   - md4c 0.4.7-2 (bug #987799)
NOTE: https://github.com/mity/md4c/issues/155
NOTE: 
https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19
 CVE-2021-30026



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd25a5215778ad70e4bdafaf44466b3123e71471

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd25a5215778ad70e4bdafaf44466b3123e71471
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity

[Lynoure Braakman]

Lynoure Braakman pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
10c7f0c7 by Lynoure Braakman at 2021-05-03T16:05:49+02:00
semi-automatic unclaim after 2 weeks of inactivity

Signed-off-by: Lynoure Braakman lyno...@gmail.com

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -136,7 +136,7 @@ samba
 salt (Utkarsh)
   NOTE: 20210329: WIP (utkarsh)
 --
-shiro (Roberto C. Sánchez)
+shiro
   NOTE: 20200920: WIP
   NOTE: 20200928: Still awaiting reponse to request for assistance sent to 
upstream dev list. (roberto)
   NOTE: 20201004: Sent additional request to upstream dev list; stil no 
response. (roberto)
@@ -153,7 +153,7 @@ subversion (Anton Gladky)
   NOTE: 20210425: almost ready
   NOTE: 20210502: Upload is planned for CW19/2021
 --
-xmlbeans (Roberto C. Sánchez)
+xmlbeans
   NOTE: 20210222: Affected code changed significantly from 2.6.0 to 3.0.0 (the
   NOTE: 20210222: upstream release with the fix).  Trying to determine how to
   NOTE: 20210222: implement the changes without introducing too much new code. 
(roberto)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10c7f0c78dfce6879e53e49eb27762d38aef9acc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10c7f0c78dfce6879e53e49eb27762d38aef9acc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new graphviz issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd1ca29e by Moritz Muehlenhoff at 2021-05-03T14:15:01+02:00
new graphviz issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9,7 +9,7 @@ CVE-2021-31998
 CVE-2021-31997
RESERVED
 CVE-2021-31996 (An issue was discovered in the algorithmica crate through 
2021-03-07 f ...)
-   TODO: check
+   NOT-FOR-US: Rust crate algorithmica
 CVE-2021-3529
RESERVED
 CVE-2021-31995
@@ -5657,7 +5657,7 @@ CVE-2021-29488
 CVE-2021-29487
RESERVED
 CVE-2021-29486 (cumulative-distribution-function is an open source npm library 
used wh ...)
-   TODO: check
+   NOT-FOR-US: Node cumulative-distribution-function
 CVE-2021-29485
RESERVED
 CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the 
developmen ...)
@@ -11942,7 +11942,7 @@ CVE-2021-26809 (PHPGurukul Car Rental Project version 
2.0 suffers from a remote
 CVE-2021-26808
RESERVED
 CVE-2021-26807 (GalaxyClient version 2.0.28.9 loads unsigned DLLs such as 
zlib1.dll, l ...)
-   TODO: check
+   NOT-FOR-US: GOG Galaxy client
 CVE-2021-26806
RESERVED
 CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a 
Denial o ...)
@@ -49138,7 +49138,7 @@ CVE-2020-23909
 CVE-2020-23908
RESERVED
 CVE-2020-23907 (An issue was discovered in retdec v3.3. In function 
canSplitFunctionOn ...)
-   TODO: check
+   NOT-FOR-US: retdec
 CVE-2020-23906
RESERVED
 CVE-2020-23905
@@ -51336,9 +51336,9 @@ CVE-2020-22810
 CVE-2020-22809
RESERVED
 CVE-2020-22808 (An issue was found in yii2_fecshop 2.x. There is a reflected 
XSS vulne ...)
-   TODO: check
+   NOT-FOR-US: yii2_fecshop
 CVE-2020-22807 (An issue was dicovered in vtiger crm 7.2. Union sql injection 
in the c ...)
-   TODO: check
+   NOT-FOR-US: VTiger CRM
 CVE-2020-22806
RESERVED
 CVE-2020-22805
@@ -54053,7 +54053,7 @@ CVE-2020-21454
 CVE-2020-21453
RESERVED
 CVE-2020-21452 (An issue was discovered in uniview ISC2500-S. This is an 
upload vulner ...)
-   TODO: check
+   NOT-FOR-US: uniview ISC2500-S
 CVE-2020-21451
RESERVED
 CVE-2020-21450
@@ -54755,7 +54755,7 @@ CVE-2020-21103
 CVE-2020-21102
RESERVED
 CVE-2020-21101 (Cross Site Scriptiong vulnerabilityin Screenly screenly-ose 
all versio ...)
-   TODO: check
+   NOT-FOR-US: Screenly
 CVE-2020-21100
RESERVED
 CVE-2020-21099
@@ -60910,13 +60910,14 @@ CVE-2020-18037
 CVE-2020-18036
RESERVED
 CVE-2020-18035 (Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: Jeesns
 CVE-2020-18034
RESERVED
 CVE-2020-18033
RESERVED
 CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from 
commit ID f ...)
-   TODO: check
+   - graphviz 
+   NOTE: 
https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b
 CVE-2020-18031
RESERVED
 CVE-2020-18030



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd1ca29e7b3522b19bf681980e19956cf6fe3da6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd1ca29e7b3522b19bf681980e19956cf6fe3da6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: take bind9

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e728cf86 by Emilio Pozuelo Monfort at 2021-05-03T12:18:16+02:00
dla: take bind9

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -18,6 +18,8 @@ ansible (Markus Koschany)
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
+bind9 (Emilio)
+--
 ceph
   NOTE: 20200707: Vulnerable to at least CVE-2018-14662. (lamby)
   NOTE: 20200707: Some discussion regarding removal 
 (lamby)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e728cf86eec1112bf13ae37b78633275d2fe4c9e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e728cf86eec1112bf13ae37b78633275d2fe4c9e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-36327/bundler as also affecting rubygems

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
731bc5f0 by Emilio Pozuelo Monfort at 2021-05-03T12:16:52+02:00
Mark CVE-2020-36327/bundler as also affecting rubygems

bin:bundler is shipped as part of src:rubygems since bullseye.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -301,7 +301,8 @@ CVE-2021-31870 (An issue was discovered in klibc before 
2.0.9. Multiplication in
NOTE: 
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
 CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 
sometimes choos ...)
-   - bundler 
+   - bundler 
+   - rubygems 
NOTE: https://github.com/rubygems/rubygems/issues/3982
 CVE-2021-3521
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/731bc5f01cb469e3e49e9690ecd62aa3da510d24

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/731bc5f01cb469e3e49e9690ecd62aa3da510d24
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage samba for stretch

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fbb4bcf3 by Emilio Pozuelo Monfort at 2021-05-03T11:00:31+02:00
Triage samba for stretch

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -129,6 +129,8 @@ ruby-nokogiri
   NOTE: 20210403: CVE-2020-26247: Java-level API not included in stretch but 
CVE also affects C/Ruby-level APIs;
   NOTE: 20210403: check if default change (trust -> don't trust external 
schemas) possibly breaks compatibility (Beuc)
 --
+samba
+--
 salt (Utkarsh)
   NOTE: 20210329: WIP (utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbb4bcf332dec4b5aff3241178317d491ad15217

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbb4bcf332dec4b5aff3241178317d491ad15217
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage phpseclib and php-phpseclib for stretch

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
87a6e888 by Emilio Pozuelo Monfort at 2021-05-03T10:45:13+02:00
Triage phpseclib and php-phpseclib for stretch

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -88,6 +88,12 @@ nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in 
Stretch, no fix available for CVE-2021-1077
 --
+php-phpseclib
+  NOTE: 20210503: unclear if 2.x is affected, double check (pochu)
+--
+phpseclib
+  NOTE: 20210503: apparently 1.x is not affected, but double check (pochu)
+--
 ring (Thorsten Alteholz)
 --
 ruby-actionpack-page-caching



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87a6e88890884247f68e6ac3a35b508f8f698f7d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87a6e88890884247f68e6ac3a35b508f8f698f7d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e6b7f914 by security tracker role at 2021-05-03T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,15 @@
+CVE-2021-32001
+   RESERVED
+CVE-2021-32000
+   RESERVED
+CVE-2021-31999
+   RESERVED
+CVE-2021-31998
+   RESERVED
+CVE-2021-31997
+   RESERVED
+CVE-2021-31996 (An issue was discovered in the algorithmica crate through 
2021-03-07 f ...)
+   TODO: check
 CVE-2021-3529
RESERVED
 CVE-2021-31995



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6b7f914652cb9b8da876fafdbc4b117864f80bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6b7f914652cb9b8da876fafdbc4b117864f80bb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] some exiv2 issues n/a on buster & stretch

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f2e1fd09 by Emilio Pozuelo Monfort at 2021-05-03T10:00:54+02:00
some exiv2 issues n/a on buster  stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5682,7 +5682,8 @@ CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an 
open-source collaborat
NOT-FOR-US: HedgeDoc
 CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, 
write, dele ...)
- exiv2  (bug #987736)
-   [buster] - exiv2  (Minor issue)
+   [buster] - exiv2  (Vulnerable code introduced later)
+   [stretch] - exiv2  (Vulnerable code introduced later)
NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
NOTE: https://github.com/Exiv2/exiv2/pull/1587
NOTE: 
https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b
@@ -5718,10 +5719,14 @@ CVE-2021-29465 (Discord-Recon is a bot for the Discord 
chat service. Versions of
NOT-FOR-US: Discord-Recon
 CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, 
writing,  ...)
- exiv2 
+   [buster] - exiv2  (Vulnerable code introduced later)
+   [stretch] - exiv2  (Vulnerable code introduced later)
NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
NOTE: 
https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54
 CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, 
writing,  ...)
- exiv2 
+   [buster] - exiv2  (webp support introduced in 0.27)
+   [stretch] - exiv2  (webp support introduced in 0.27)
NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr
NOTE: 
https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b
 CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of 
UPnP de ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2e1fd099df6d52b4d04c5587557bb2899f89d4c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2e1fd099df6d52b4d04c5587557bb2899f89d4c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] lts: klibc no-dsa on stretch

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
94737654 by Emilio Pozuelo Monfort at 2021-05-03T09:08:21+02:00
lts: klibc no-dsa on stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -267,21 +267,25 @@ CVE-2021-31874
 CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in 
the malloc ...)
- klibc 2.0.8-6
[buster] - klibc  (Minor issue; only used in initramfs and not 
dealing with untrusted data)
+   [stretch] - klibc  (Minor issue; only used in initramfs and not 
dealing with untrusted data)
NOTE: 
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
 CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple 
possible integ ...)
- klibc 2.0.8-6
[buster] - klibc  (Minor issue; only used in initramfs and not 
dealing with untrusted data)
+   [stretch] - klibc  (Minor issue; only used in initramfs and not 
dealing with untrusted data)
NOTE: 
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
 CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer 
overflow in  ...)
- klibc 2.0.8-6
[buster] - klibc  (Minor issue; only used in initramfs and not 
dealing with untrusted data)
+   [stretch] - klibc  (Minor issue; only used in initramfs and not 
dealing with untrusted data)
NOTE: 
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
 CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication 
in the c ...)
- klibc 2.0.8-6
[buster] - klibc  (Minor issue; only used in initramfs and not 
dealing with untrusted data)
+   [stretch] - klibc  (Minor issue; only used in initramfs and not 
dealing with untrusted data)
NOTE: 
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
 CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 
sometimes choos ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94737654ab637af383bc428a40da7770695cdca3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94737654ab637af383bc428a40da7770695cdca3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] update note

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ee5c2d7c by Thorsten Alteholz at 2021-05-03T08:19:17+02:00
update note

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -51,9 +51,7 @@ firmware-nonfree
   NOTE: 20201207: wait for the update in buster and backport that (Emilio)
 --
 golang-github-appc-cni (Thorsten Alteholz)
-  NOTE: 20210221: also taking care of reverse dependencies
-  NOTE: 20210221: also taking care of other suites
-  NOTE: 20210418: still WIP, trying to automize golang updates
+  NOTE: 20210503: still WIP, trying to automize golang updates
 --
 golang-gogoprotobuf
   NOTE: 20210218: If you have any idea why this is called the "skippy peanut 
butter" issue, I would be mildly interested. (lamby)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5c2d7c27262a1aacef981fe6f822a3e8493835

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5c2d7c27262a1aacef981fe6f822a3e8493835
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] update note in dla-needed

[Abhijith PA]

Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d49db555 by Abhijith PA at 2021-05-03T11:44:04+05:30
update note in dla-needed

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -68,6 +68,7 @@ gpac (Thorsten Alteholz)
 --
 gsoap (Abhijith PA)
   NOTE: 20210420: upstream only responded with suggestion to upgrade (abhijith)
+  NOTE: 20210503: No reply from upstream dev yet (abhijith)
 --
 imagemagick (Anton Gladky)
   NOTE: 20210415: Tracker records as vulnerable to CVE-2021-20312, but parts of
@@ -83,6 +84,7 @@ linux-4.19 (Ben Hutchings)
 --
 mediawiki (Abhijith PA)
   NOTE: 20210412: Check ./extensions/SyntaxHighlight_GeSHi/pygments/pygmentize 
(lamby)
+  NOTE: 20210503: Working on update. (abhijith)
 --
 nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d49db55523f8c129301986f63d15677b17187b4e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d49db55523f8c129301986f63d15677b17187b4e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits