[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4508{5,6,7,8}/epiphany-browser
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d0e66ac9 by Salvatore Bonaccorso at 2021-12-20T07:25:55+01:00 Add CVE-2021-4508{5,6,7,8}/epiphany-browser - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -100,13 +100,21 @@ CVE-2021-45090 CVE-2021-45089 RESERVED CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) - TODO: check + - epiphany-browser 41.2-1 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) - TODO: check + - epiphany-browser 41.2-1 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) - TODO: check + - epiphany-browser 41.2-1 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) - TODO: check + - epiphany-browser 41.2-1 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45084 RESERVED CVE-2021-45083 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0e66ac91edf653203db6b1ac25dd023d749860f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0e66ac91edf653203db6b1ac25dd023d749860f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: dla: take libextractor
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 43d23183 by Adrian Bunk at 2021-12-20T05:06:09+02:00 dla: take libextractor - - - - - 25237f00 by Adrian Bunk at 2021-12-20T05:09:55+02:00 dla: take libpcap - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,6 +47,8 @@ gpac (Roberto C. Sánchez) -- libarchive (Thorsten Alteholz) -- +libextractor (Adrian Bunk) +-- libgit2 (Utkarsh) NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch @@ -57,6 +59,8 @@ libgit2 (Utkarsh) NOTE: 20211129: readied up everything, using pygit and other wrappers NOTE: 20211129: around which the code changed. will upload in the next 2 days. (utkarsh) -- +libpcap (Adrian Bunk) +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00649565985083bf6ce6523f0e1318a292f440c7...25237f001e424f4c32447a5db220feac2901f1a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00649565985083bf6ce6523f0e1318a292f440c7...25237f001e424f4c32447a5db220feac2901f1a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 00649565 by Thorsten Alteholz at 2021-12-20T00:04:38+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -72,8 +72,8 @@ nvidia-graphics-drivers (Markus Koschany) NOTE: nvidia-graphics-drivers-legacy-390xx but will ask for more testing on the lts NOTE: mailing list tomorrow (apo) -- -pgbouncer (Thorsten Alteholz) - NOTE: 20211212: sync with maintainer +pgbouncer (Christoph Berg) + NOTE: 20211220: maintainer might want to upload fixed version -- ruby2.3 (Utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00649565985083bf6ce6523f0e1318a292f440c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00649565985083bf6ce6523f0e1318a292f440c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-31566/libarchive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83c04459 by Salvatore Bonaccorso at 2021-12-19T21:20:20+01:00 Add Debian bug reference for CVE-2021-31566/libarchive - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34,7 +34,7 @@ CVE-2021-45105 [Certain strings can cause infinite recursion] NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230 CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive] RESERVED - - libarchive + - libarchive (bug #1001990) NOTE: https://github.com/libarchive/libarchive/issues/1566 NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2) NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c0445992e4bba4e5f4cb24d5819de58877c0f1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c0445992e4bba4e5f4cb24d5819de58877c0f1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8017c166 by security tracker role at 2021-12-19T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1427,6 +1427,7 @@ CVE-2021-4077 RESERVED CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()] RESERVED + {DSA-5025-1} - tang 11-1 [buster] - tang (Vulnerable code introduced later) NOTE: https://github.com/latchset/tang/pull/81 @@ -5478,6 +5479,7 @@ CVE-2021-43548 CVE-2021-43547 RESERVED CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...) + {DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -5485,6 +5487,7 @@ CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks aga NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546 CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...) + {DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -5495,6 +5498,7 @@ CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have s - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544 CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...) + {DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -5502,6 +5506,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escap NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543 CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...) + {DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -5509,6 +5514,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installe NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542 CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...) + {DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -5519,6 +5525,7 @@ CVE-2021-43540 (WebExtensions with the correct permissions were able to create a - firefox 95.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540 CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...) + {DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -5526,6 +5533,7 @@ CVE-2021-43539 (Failure to correctly record the location of live pointers across NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539 CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...) + {DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -5533,6 +5541,7 @@ CVE-2021-43538 (By misusing a race in our notification code, an attacker could h NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538 CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...) + {DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -5540,6 +5549,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit intege NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537 CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...) + {DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -5547,6 +5557,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous functions could have c NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536 NOTE:
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-23177/libarchive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f10c4c7d by Salvatore Bonaccorso at 2021-12-19T21:04:55+01:00 Add Debian bug reference for CVE-2021-23177/libarchive - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40,7 +40,7 @@ CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2) CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target] RESERVED - - libarchive + - libarchive (bug #1001986) NOTE: https://github.com/libarchive/libarchive/issues/1565 NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2) CVE-2022-21943 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10c4c7d8a0e5b59381723417619271b122460ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10c4c7d8a0e5b59381723417619271b122460ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim lxml
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: e7fcdbfb by Utkarsh Gupta at 2021-12-19T22:59:44+05:30 Claim lxml - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -61,7 +61,7 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -lxml +lxml (Utkarsh) -- nvidia-graphics-drivers (Markus Koschany) NOTE: package is in non-free but also in packages-to-support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7fcdbfbe499fae4c8a77f27033abe8e2a05f5dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7fcdbfbe499fae4c8a77f27033abe8e2a05f5dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: add ruby2.3
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2410d43a by Thorsten Alteholz at 2021-12-19T18:05:56+01:00 add ruby2.3 - - - - - b2e6c5cc by Thorsten Alteholz at 2021-12-19T18:10:39+01:00 add lxml - - - - - 961523b2 by Thorsten Alteholz at 2021-12-19T18:11:05+01:00 add libarchive - - - - - bd85ecff by Thorsten Alteholz at 2021-12-19T18:13:13+01:00 add spip - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -45,6 +45,8 @@ gpac (Roberto C. Sánchez) NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) -- +libarchive (Thorsten Alteholz) +-- libgit2 (Utkarsh) NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch @@ -59,6 +61,8 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- +lxml +-- nvidia-graphics-drivers (Markus Koschany) NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 @@ -71,12 +75,17 @@ nvidia-graphics-drivers (Markus Koschany) pgbouncer (Thorsten Alteholz) NOTE: 20211212: sync with maintainer -- +ruby2.3 (Utkarsh) +-- samba (Anton) NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ NOTE: 20211212: Fix is too large, coordination with ELTS-upload -- sphinxsearch (Thorsten Alteholz) -- +spip + NOTE: probably someone who understands French better can have a look whether Stretch is affected +-- thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) NOTE: 20211206: progressing on the toolchain front (pochu) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6a79abd78e0f38ef0d120ff9fd67dc5f1c17e5b...bd85ecff6e16d3fd698544a86024b149cd277264 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6a79abd78e0f38ef0d120ff9fd67dc5f1c17e5b...bd85ecff6e16d3fd698544a86024b149cd277264 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add reference for log4j issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f6a79abd by Moritz Mühlenhoff at 2021-12-19T16:54:23+01:00 add reference for log4j issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -951,6 +951,7 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untr NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1 NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2 CVE-2021-4103 RESERVED CVE-2021-44832 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6a79abd78e0f38ef0d120ff9fd67dc5f1c17e5b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6a79abd78e0f38ef0d120ff9fd67dc5f1c17e5b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim spip
Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker Commits: 05653fb5 by Sébastien Delafond at 2021-12-19T16:45:49+01:00 Claim spip - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -51,7 +51,7 @@ runc sogo (jmm) Maintainer preparing updates -- -spip +spip (seb) Maintainer proposed updates -- thunderbird (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05653fb595622e7f471a9c21d0f21e3c68b00437 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05653fb595622e7f471a9c21d0f21e3c68b00437 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add spip to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27b37059 by Salvatore Bonaccorso at 2021-12-19T16:37:32+01:00 Add spip to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -51,6 +51,9 @@ runc sogo (jmm) Maintainer preparing updates -- +spip + Maintainer proposed updates +-- thunderbird (jmm) Rust toolchain updates needed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b3705975d01a201c2ad16763445ab602be1fa5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b3705975d01a201c2ad16763445ab602be1fa5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add temporary entry for spip issues (no CVEs assigned)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eba5f13d by Salvatore Bonaccorso at 2021-12-19T16:36:01+01:00 Add temporary entry for spip issues (no CVEs assigned) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2021- [several SQL injection, remote code execution, XSS issues] + - spip 3.2.12-1 + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html CVE-2021- [Fix possible privilege escalation] - glewlwyd 2.6.1-1 [bullseye] - glewlwyd (Minor issue; can be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eba5f13de3e2f126481651d330069f37f33981d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eba5f13de3e2f126481651d330069f37f33981d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-43820/seafile-server, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9696dfcf by Salvatore Bonaccorso at 2021-12-19T16:13:31+01:00 Add CVE-2021-43820/seafile-server, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3963,7 +3963,9 @@ CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content CVE-2021-43821 (Opencast is an Open Source Lecture Capture Video Management for ...) TODO: check CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...) - TODO: check + - seafile-server (bug #865830) + NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8 + NOTE: https://github.com/haiwen/seafile-server/pull/520 CVE-2021-43819 RESERVED CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9696dfcf8ac2d928f30e6bb9c851e75083a04223 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9696dfcf8ac2d928f30e6bb9c851e75083a04223 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] amend CVE list
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fd71a331 by Moritz Mühlenhoff at 2021-12-19T16:06:23+01:00 amend CVE list - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,4 +1,5 @@ [19 Dec 2021] DSA-5026-1 firefox-esr - security update + {CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503} [bullseye] - firefox-esr 91.4.1esr-1~deb11u1 [19 Dec 2021] DSA-5025-1 tang - security update {CVE-2021-4076} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd71a33117d08c945f43b698378d799b4e2c397b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd71a33117d08c945f43b698378d799b4e2c397b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] firefox DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c1df6ef by Moritz Mühlenhoff at 2021-12-19T16:04:29+01:00 firefox DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,5 @@ +[19 Dec 2021] DSA-5026-1 firefox-esr - security update + [bullseye] - firefox-esr 91.4.1esr-1~deb11u1 [19 Dec 2021] DSA-5025-1 tang - security update {CVE-2021-4076} [bullseye] - tang 8-3+deb11u1 = data/dsa-needed.txt = @@ -23,9 +23,6 @@ djvulibre -- faad2/oldstable (jmm) -- -firefox-esr (jmm) - Rust toolchain updates needed --- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c1df6ef1ab062dec7bc6ab38948c361dd46f6a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c1df6ef1ab062dec7bc6ab38948c361dd46f6a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for tang update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96f14b73 by Salvatore Bonaccorso at 2021-12-19T09:44:11+01:00 Reserve DSA number for tang update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[19 Dec 2021] DSA-5025-1 tang - security update + {CVE-2021-4076} + [bullseye] - tang 8-3+deb11u1 [18 Dec 2021] DSA-5024-1 apache-log4j2 - security update {CVE-2021-45105} [buster] - apache-log4j2 2.17.0-1~deb10u1 = data/dsa-needed.txt = @@ -54,9 +54,6 @@ runc sogo (jmm) Maintainer preparing updates -- -tang (carnil) - Maintainer preparing updates --- thunderbird (jmm) Rust toolchain updates needed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f14b73772af2165c3d1049872f086fb56233e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f14b73772af2165c3d1049872f086fb56233e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa2693bc by security tracker role at 2021-12-19T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,6 +25,7 @@ CVE-2022-21944 RESERVED CVE-2021-45105 [Certain strings can cause infinite recursion] RESERVED + {DSA-5024-1} - apache-log4j2 2.17.0-1 (bug #1001891) NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105 NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2693bc9218b18fe0740e0837c033b4e866957a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2693bc9218b18fe0740e0837c033b4e866957a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits