[Git][security-tracker-team/security-tracker][master] Reserve DLA-2703-1 for ieee-data
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 934535c0 by Utkarsh Gupta at 2021-07-05T02:42:07+05:30 Reserve DLA-2703-1 for ieee-data - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[05 Jul 2021] DLA-2703-1 ieee-data - crash fix + [stretch] - ieee-data 20160613.1+deb9u1 [03 Jul 2021] DLA-2702-1 djvulibre - security update {CVE-2021-3630} [stretch] - djvulibre 3.5.27.1-7+deb9u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934535c012cc6e6c5d34ffb86a30e318a69dbb49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934535c012cc6e6c5d34ffb86a30e318a69dbb49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2020-35980 as no-dsa as well for buster
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f1cb43f by Salvatore Bonaccorso at 2021-07-04T22:33:38+02:00 Mark CVE-2020-35980 as no-dsa as well for buster - - - - - 8b9f55eb by Salvatore Bonaccorso at 2021-07-04T22:38:46+02:00 Add Debian bug reference for yet unfixed CVE for gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34778,8 +34778,9 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i NOTE: https://github.com/gpac/gpac/commit/dae9900580a969481cd72035408091edb11b NOTE: https://github.com/gpac/gpac/issues/1659 CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...) - - gpac (bug #987374) + - gpac (bug #987374; bug #990691) [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a NOTE: https://github.com/gpac/gpac/issues/1661 CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/077f4a69a01d54bf164c8982ba7deb4f21e81309...8b9f55eb4f1427a7c3a22a3443d38d3eb02e9303 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/077f4a69a01d54bf164c8982ba7deb4f21e81309...8b9f55eb4f1427a7c3a22a3443d38d3eb02e9303 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 077f4a69 by Thorsten Alteholz at 2021-07-04T21:13:29+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -56,7 +56,7 @@ golang-1.7 NOTE: 20210624: Need further checks whether any issues are important to solve or not. -- gpac (Thorsten Alteholz) - NOTE: 20210620: WIP + NOTE: 20210704: WIP -- intel-microcode NOTE: 20210621: pinged maintainer, collaborating on the update. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/077f4a69a01d54bf164c8982ba7deb4f21e81309 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/077f4a69a01d54bf164c8982ba7deb4f21e81309 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add libuv1 to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d353fefc by Salvatore Bonaccorso at 2021-07-04T21:11:21+02:00 Add libuv1 to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -21,6 +21,9 @@ chromium -- djvulibre -- +libuv1 + jmm asked maintainers to prepare update, pending +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d353fefc6bcd569f005b432e19920e55b973ae10 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d353fefc6bcd569f005b432e19920e55b973ae10 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: cab3b117 by Anton Gladky at 2021-07-04T20:43:28+02:00 LTS: status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -48,7 +48,7 @@ ffmpeg (Anton Gladky) NOTE: 20210607: going forward. There is a 3.4.x release branch, for example, NOTE: 20210607: but unclear on the compatibility as well as whether this one NOTE: 20210607: won't just be dropped too, etc. etc. (lamby) - NOTE: 20210621: WIP + NOTE: 20210704: WIP -- firmware-nonfree -- @@ -118,6 +118,7 @@ salt -- scilab (Anton Gladky) NOTE: 20210615: vulnerability in embedded ezXML.(abhijith) + NOTE: 20210704: WIP -- shiro (Roberto C. Sánchez) NOTE: 20200920: WIP @@ -129,5 +130,5 @@ shiro (Roberto C. Sánchez) sogo (Anton Gladky) NOTE: 20210603: maybe mention in announcement the recommendation to invalidate user NOTE: 20210603: sessions (see upstream blog). (pochu) - NOTE: 20210621: WIP + NOTE: 20210704: WIP -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cab3b117344580b4707a3751769548affa23f302 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cab3b117344580b4707a3751769548affa23f302 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug references for CVE-2021-33813
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7614f056 by Salvatore Bonaccorso at 2021-07-04T14:43:34+02:00 Add Debian bug references for CVE-2021-33813 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5157,9 +5157,9 @@ CVE-2021-33814 RESERVED CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...) {DLA-2696-1} - - libjdom2-intellij-java - - libjdom2-java - - libjdom1-java + - libjdom2-intellij-java (bug #990673) + - libjdom2-java (bug #990671) + - libjdom1-java (bug #990672) NOTE: https://github.com/hunterhacker/jdom/pull/188 NOTE: https://alephsecurity.com/vulns/aleph-2021003 NOTE: Fixed by: https://github.com/hunterhacker/jdom/commit/bd3ab78370098491911d7fe9d7a43b97144a234e View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7614f05674ba56b151ba21bc82a2001fed15896c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7614f05674ba56b151ba21bc82a2001fed15896c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additonal commits for libjdom{1,2}-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 231668ea by Salvatore Bonaccorso at 2021-07-04T14:28:07+02:00 Add additonal commits for libjdom{1,2}-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5162,6 +5162,10 @@ CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attacker - libjdom1-java NOTE: https://github.com/hunterhacker/jdom/pull/188 NOTE: https://alephsecurity.com/vulns/aleph-2021003 + NOTE: Fixed by: https://github.com/hunterhacker/jdom/commit/bd3ab78370098491911d7fe9d7a43b97144a234e + NOTE: Possible regression impact: https://github.com/hunterhacker/jdom/pull/188#issuecomment-872685011 + NOTE: Improved regression with: https://github.com/hunterhacker/jdom/commit/dd4f3c2fc7893edd914954c73eb577f925a7d361 + NOTE: https://github.com/hunterhacker/jdom/commit/07f316957b59d305f04c7bdb26292852bcbc2eb5 CVE-2021-33812 RESERVED CVE-2021-33811 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/231668ea6013becb10a9e125ef0788403552accc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/231668ea6013becb10a9e125ef0788403552accc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2021-22918/libuv1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4293e605 by Salvatore Bonaccorso at 2021-07-04T11:09:15+02:00 Track fixed version via unstable for CVE-2021-22918/libuv1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31210,7 +31210,7 @@ CVE-2021-22919 RESERVED CVE-2021-22918 RESERVED - - libuv1 (bug #990561) + - libuv1 1.40.0-2 (bug #990561) NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ NOTE: https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d971631829 CVE-2021-22917 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4293e605f684187124201c7b51b27916a7e83db3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4293e605f684187124201c7b51b27916a7e83db3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits