[Git][security-tracker-team/security-tracker][master] tinyxml fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e50ab6fd by Moritz Muehlenhoff at 2021-12-13T08:55:24+01:00 tinyxml fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9778,7 +9778,7 @@ CVE-2021-42262 CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...) NOT-FOR-US: Revisor Video Management System (VMS) CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...) - - tinyxml + - tinyxml 2.6.2-6 [bullseye] - tinyxml (Minor issue) [buster] - tinyxml (Minor issue) [stretch] - tinyxml (Minor issue; can be fixed with the next DLA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e50ab6fd06220932e7c522558dee0294ab187b8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e50ab6fd06220932e7c522558dee0294ab187b8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f6a07c3 by Thorsten Alteholz at 2021-12-12T23:42:04+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -69,7 +69,7 @@ nvidia-graphics-drivers (Markus Koschany) NOTE: mailing list tomorrow (apo) -- pgbouncer (Thorsten Alteholz) - NOTE: 20211128: also help with other releases + NOTE: 20211212: sync with maintainer -- rustc (Roberto C. Sánchez) NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f6a07c3377fabfa5f99c2aaceea0175023ac2ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f6a07c3377fabfa5f99c2aaceea0175023ac2ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2843-1 for linux
Ben Hutchings pushed to branch master at Debian Security Tracker / security-tracker Commits: 12f7f744 by Ben Hutchings at 2021-12-12T23:39:55+01:00 Reserve DLA-2843-1 for linux - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Dec 2021] DLA-2843-1 linux - security update + {CVE-2020-3702 CVE-2020-16119 CVE-2021-0920 CVE-2021-3612 CVE-2021-3653 CVE-2021-3655 CVE-2021-3679 CVE-2021-3732 CVE-2021-3753 CVE-2021-3760 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322 CVE-2021-22543 CVE-2021-37159 CVE-2021-38160 CVE-2021-38198 CVE-2021-38199 CVE-2021-38204 CVE-2021-38205 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389} + [stretch] - linux 4.9.290-1 [12 Dec 2021] DLA-2842-1 apache-log4j2 - security update {CVE-2021-44228} [stretch] - apache-log4j2 2.7-2+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12f7f7449451621b9731216675bd191e1d666506 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12f7f7449451621b9731216675bd191e1d666506 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20d0b305 by security tracker role at 2021-12-12T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1709,7 +1709,7 @@ CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Wind CVE-2021-44229 RESERVED CVE-2021-44228 (Apache Log4j2 =2.14.1 JNDI features used in configuration, log mes ...) - {DSA-5020-1} + {DSA-5020-1 DLA-2842-1} - apache-log4j2 2.15.0-1 (bug #1001478) - apache-log4j1.2 (Vulnerable code not present) NOTE: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d0b3055156e8a7ce40161c6dd1da827641ef82 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d0b3055156e8a7ce40161c6dd1da827641ef82 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 33bf646a by Anton Gladky at 2021-12-12T20:47:47+01:00 LTS: Status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -81,6 +81,7 @@ rustc (Roberto C. Sánchez) -- samba (Anton) NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ + NOTE: 20211212: Fix is too large, coordination with ELTS-upload -- thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bf646aa3fc603dc34fc43cf8cd56c5db150169 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bf646aa3fc603dc34fc43cf8cd56c5db150169 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add commit reference for CVE-2021-43808
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01bf32fd by Salvatore Bonaccorso at 2021-12-12T20:36:18+01:00 Add commit reference for CVE-2021-43808 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2971,6 +2971,7 @@ CVE-2021-43809 (`Bundler` is a package for managing application dependencies in CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...) - php-laravel-framework (bug #1001333) NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw + NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42) CVE-2021-43807 RESERVED CVE-2021-43806 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01bf32fd93556664837688131dc16adb5eb30c9a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01bf32fd93556664837688131dc16adb5eb30c9a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-43808/php-laravel-framework
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2a3cdd8 by Salvatore Bonaccorso at 2021-12-12T20:31:30+01:00 Add CVE-2021-43808/php-laravel-framework - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2969,7 +2969,8 @@ CVE-2021-43810 (Admidio is a free open source user management system for website CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby. ...) TODO: check CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...) - TODO: check + - php-laravel-framework (bug #1001333) + NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw CVE-2021-43807 RESERVED CVE-2021-43806 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2a3cdd8fdd8fa094b9dd37deba4cac76439c8fd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2a3cdd8fdd8fa094b9dd37deba4cac76439c8fd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-11724/libmobi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 344f664f by Salvatore Bonaccorso at 2021-12-12T16:07:25+01:00 Update status for CVE-2018-11724/libmobi - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -224778,9 +224778,9 @@ CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3 al NOTE: https://seclists.org/fulldisclosure/2018/May/48 NOTE: https://github.com/bfabiszewski/libmobi/commit/c625698e297ac877eb4bc0d35cd0e605253c33e5 (v0.4) CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows re ...) - - libmobi + - libmobi (Fixed before initial upload to Debian) NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian + NOTE: https://github.com/bfabiszewski/libmobi/commit/b5657d7e2357782147a80a4d63a4b5fb7c05305f (v0.4) CVE-2018-11723 (** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff ...) - libpff 20180714-1 (low; bug #901967) [stretch] - libpff (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/344f664fb54f47d3c88dad4a909545243dfc4ad2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/344f664fb54f47d3c88dad4a909545243dfc4ad2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-11725/libmobi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 788e6665 by Salvatore Bonaccorso at 2021-12-12T16:05:32+01:00 Update status for CVE-2018-11725/libmobi - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -224774,9 +224774,9 @@ CVE-2018-11726 (The mobi_decode_font_resource function in util.c in Libmobi 0.3 NOTE: https://seclists.org/fulldisclosure/2018/May/48 NOTE: https://github.com/bfabiszewski/libmobi/commit/6904ebc247f01b5fe27d58c5dbb27e38af8449fb (v0.4) CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows r ...) - - libmobi + - libmobi (Fixed before initial upload to Debian) NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian + NOTE: https://github.com/bfabiszewski/libmobi/commit/c625698e297ac877eb4bc0d35cd0e605253c33e5 (v0.4) CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows re ...) - libmobi NOTE: https://seclists.org/fulldisclosure/2018/May/48 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/788e6665a22e114b2c1b329682d58fe2ec4501d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/788e6665a22e114b2c1b329682d58fe2ec4501d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-11726/libmobi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6183e24b by Salvatore Bonaccorso at 2021-12-12T16:03:14+01:00 Update status for CVE-2018-11726/libmobi - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -224770,9 +224770,9 @@ CVE-2018-11727 (** DISPUTED ** The libfsntfs_attribute_read_from_mft function in NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad NOTE: Negligable/questionable security impact CVE-2018-11726 (The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows ...) - - libmobi + - libmobi (Fixed before initial upload to Debian) NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian + NOTE: https://github.com/bfabiszewski/libmobi/commit/6904ebc247f01b5fe27d58c5dbb27e38af8449fb (v0.4) CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows r ...) - libmobi NOTE: https://seclists.org/fulldisclosure/2018/May/48 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6183e24bdd46632522754bc1a0e3a8b780eb82e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6183e24bdd46632522754bc1a0e3a8b780eb82e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2842-1 for apache-log4j2
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: fe344981 by Markus Koschany at 2021-12-12T15:16:13+01:00 Reserve DLA-2842-1 for apache-log4j2 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Dec 2021] DLA-2842-1 apache-log4j2 - security update + {CVE-2021-44228} + [stretch] - apache-log4j2 2.7-2+deb9u1 [08 Dec 2021] DLA-2836-2 nss - regression update [stretch] - nss 2:3.26.2-1.1+deb9u4 [06 Dec 2021] DLA-2841-1 runc - security update = data/dla-needed.txt = @@ -18,8 +18,6 @@ ansible (Lee Garrett) NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -apache-log4j2 (Markus Koschany) --- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe344981a6164e7f2089f18e44024008e08f8896 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe344981a6164e7f2089f18e44024008e08f8896 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-4041/ansible-runner via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7bb82cea by Salvatore Bonaccorso at 2021-12-12T11:10:48+01:00 Track fixed version for CVE-2021-4041/ansible-runner via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -948,7 +948,7 @@ CVE-2021-4042 RESERVED CVE-2021-4041 [Improper shell escaping in ansible-runner] RESERVED - - ansible-runner + - ansible-runner 2.1.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028074 NOTE: https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd (2.1.0) CVE-2021-4040 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bb82cea66604587b2cf0857d66ae743486ff4bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bb82cea66604587b2cf0857d66ae743486ff4bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add reference to upstream commit for CVE-2021-4041/ansible-runner
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 236d97eb by Salvatore Bonaccorso at 2021-12-12T11:09:48+01:00 Add reference to upstream commit for CVE-2021-4041/ansible-runner - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -950,6 +950,7 @@ CVE-2021-4041 [Improper shell escaping in ansible-runner] RESERVED - ansible-runner NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028074 + NOTE: https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd (2.1.0) CVE-2021-4040 RESERVED NOT-FOR-US: Red Hat AMQ Broker View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/236d97eb44e38ca7a0b43031f6c09653e727c237 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/236d97eb44e38ca7a0b43031f6c09653e727c237 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed mailman update via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3697b178 by Salvatore Bonaccorso at 2021-12-12T10:49:33+01:00 Track proposed mailman update via buster-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -92,6 +92,8 @@ CVE-2021-43331 [buster] - mailman 1:2.1.29-1+deb10u3 CVE-2021-43332 [buster] - mailman 1:2.1.29-1+deb10u3 +CVE-2021-44227 + [buster] - mailman 1:2.1.29-1+deb10u4 CVE-2019-14462 [buster] - libmodbus 3.1.4-2+deb10u1 CVE-2019-14463 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3697b178600cfee0a8905d086550d4caf9e04cc6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3697b178600cfee0a8905d086550d4caf9e04cc6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f4b93a0 by security tracker role at 2021-12-12T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...) + TODO: check +CVE-2021-4103 + RESERVED CVE-2021-44832 RESERVED CVE-2022-21832 @@ -102,8 +106,8 @@ CVE-2021-4099 RESERVED CVE-2021-4098 RESERVED -CVE-2021-4097 - RESERVED +CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...) + TODO: check CVE-2021-4096 RESERVED CVE-2022-21822 @@ -961,9 +965,9 @@ CVE-2021-44517 RESERVED CVE-2021-44516 RESERVED -CVE-2021-44515 - RESERVED -CVE-2021-44514 (ManageEngine's OpUtils 12.5.556 and prior allow access to a few audit ...) +CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authentication bypa ...) + TODO: check +CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...) NOT-FOR-US: ManageEngine CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...) - tmate-ssh-server (bug #1001225) @@ -10882,8 +10886,8 @@ CVE-2021-41807 RESERVED CVE-2021-41806 RESERVED -CVE-2021-41805 - RESERVED +CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...) + TODO: check CVE-2021-41804 RESERVED CVE-2021-41803 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4b93a0e40ba24be42513fef21ea7fc6d25a18c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4b93a0e40ba24be42513fef21ea7fc6d25a18c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits