[Git][security-tracker-team/security-tracker][master] Add nova into the dla-needed.txt
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 83635025 by Anton Gladky at 2022-09-12T07:09:02+02:00 Add nova into the dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -84,6 +84,13 @@ nodejs (Sylvain Beucler) NOTE: 20220801: Programming language: JavaScript, C/C++, Python. NOTE: 20220801: one of the upstream fixes doesn't address the security issue (jmm) -- +nova + NOTE: 20220912: Programming language: Python. + NOTE: 20220912: VCS: https://salsa.debian.org/openstack-team/services/nova + NOTE: 20220912: Maintainer notes: Contact original maintainer: zigo. + NOTE: 20220912: Please see: https://lists.debian.org/debian-lts/2022/09/msg00030.html. + NOTE: 20220912: Current branch to package: https://salsa.debian.org/openstack-team/services/nova/-/tree/debian/rocky/nova +-- openexr NOTE: 20220904: Programming language: C++. NOTE: 20220904: Should be synced with Stretch. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8363502520a11e51b30c6cfe2a2bf1f066f15b67 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8363502520a11e51b30c6cfe2a2bf1f066f15b67 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Added zabbix to dla-needed with the motivation that some CVE was fixed in stretch.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 553b006f by Ola Lundqvist at 2022-09-12T00:01:36+02:00 Added zabbix to dla-needed with the motivation that some CVE was fixed in stretch. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -48870,6 +48870,7 @@ CVE-2022-23134 (After the initial setup process, some steps of setup.php file ar NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2) CVE-2022-23133 (An authenticated user can create a hosts group from the configuration ...) - zabbix 1:6.0.7+dfsg-2 + [buster] - zabbix (Vulnerable code introduced later, and reverted with the fix) [stretch] - zabbix (Vulnerable code introduced later, and reverted with the fix) NOTE: https://support.zabbix.com/browse/ZBX-20388 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/74b8716a73c324e6cdbdda1de434e7872740a908 (5.0.19rc1) = data/dla-needed.txt = @@ -185,6 +185,9 @@ wordpress NOTE: 20220911: Programming language: PHP NOTE: 20220911: Further investigation needed to see what parts of 6.0.2 update that applies to buster. -- +zabbix + NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too. +-- zlib (Emilio) NOTE: 20220813: Programming language: C. NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/553b006f1afb594c01aecb8ce64cc1807e7b7338 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/553b006f1afb594c01aecb8ce64cc1807e7b7338 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Added ruby-sinatra to dla-needed.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 138c6f71 by Ola Lundqvist at 2022-09-11T23:50:42+02:00 Added ruby-sinatra to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -132,6 +132,9 @@ ruby-nokogiri NOTE: 20220911: Programming language: ruby NOTE: 20220911: CVE-2022-24836 was fixed in stretch so it should be fixed in buster too. -- +ruby-sinatra + NOTE: 20220911: Programming language: ruby +-- runc NOTE: 20220905: Programming language: Go. NOTE: 20220905: Special attention: Sync with Bullseye. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/138c6f7161450e0312369d87631e01a6a9ab1f53 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/138c6f7161450e0312369d87631e01a6a9ab1f53 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Added ruby-nokogiri to dla-needed with the motivation that the package was fixed in stretch.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 6983a3cc by Ola Lundqvist at 2022-09-11T23:45:19+02:00 Added ruby-nokogiri to dla-needed with the motivation that the package was fixed in stretch. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -128,6 +128,10 @@ rails (Abhijith PA) NOTE: 20220909: https://lists.debian.org/debian-lts/2022/09/msg4.html (abhijith) NOTE: 20220909: upstream report https://github.com/rails/rails/issues/45590 (abhijith) -- +ruby-nokogiri + NOTE: 20220911: Programming language: ruby + NOTE: 20220911: CVE-2022-24836 was fixed in stretch so it should be fixed in buster too. +-- runc NOTE: 20220905: Programming language: Go. NOTE: 20220905: Special attention: Sync with Bullseye. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6983a3cc64858b8cce4b05ac67e503f3c8d6df7a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6983a3cc64858b8cce4b05ac67e503f3c8d6df7a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Added python-django to dla-needed with the motivatioon that some issues was...
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 35f425ae by Ola Lundqvist at 2022-09-11T23:35:20+02:00 Added python-django to dla-needed with the motivatioon that some issues was fixed in stretch so it should be fixed for buster too. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -114,6 +114,11 @@ phpseclib poppler (Markus Koschany) NOTE: 20220904: Programming language: C. -- +python-django + NOTE: 20220911: Programming language: Python + NOTE: 20220911: There are many minors issues that should be done in a point release. No further point releases for buster. + NOTE: 20220911: Some issue was fixed in stretch so it should also be fixed for buster. +-- python-oslo.utils (Chris Lamb) NOTE: 20220904: Programming language: Python. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f425ae51bb117ed15e01c600cf750c1f94238b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f425ae51bb117ed15e01c600cf750c1f94238b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 7834b9ee by Thorsten Alteholz at 2022-09-11T23:33:16+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -160,6 +160,7 @@ unzip upx-ucl (Thorsten Alteholz) NOTE: 20220820: Programming language: C. NOTE: 20220820: CVE-2020-27787 may be not-affected. (Chris Lamb) + NOTE: 20220911: testing package -- vim NOTE: 20220904: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7834b9ee2f4b0cdd8a55e50ecfeb4b14b0131faa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7834b9ee2f4b0cdd8a55e50ecfeb4b14b0131faa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Added mako to dla-needed.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: a901342b by Ola Lundqvist at 2022-09-11T23:17:21+02:00 Added mako to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -59,6 +59,9 @@ libraw -- linux (Ben Hutchings) -- +mako + NOTE: 20220911: Programming language: Python +-- mariadb-10.3 NOTE: 20220909: Programming language: C. NOTE: 20220909: Could not find any urgent issues but the share volume of issues should warrant a security update. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a901342bdd89c71b78442d57598d364e5912f345 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a901342bdd89c71b78442d57598d364e5912f345 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Added openvswitch to dla-needed. There is no known fix for the problem. The...
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: ee918a8d by Ola Lundqvist at 2022-09-11T22:50:24+02:00 Added openvswitch to dla-needed. There is no known fix for the problem. The paper suggest a short term workaround to be implemented and long term to change to an alternative algorithm. Both seems complicated. - - - - - 6f515f11 by Ola Lundqvist at 2022-09-11T22:50:24+02:00 Added wordpress to dla-needed with a note that further work is needed to figure out what parts of 6.0.2 release applies to buster. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -187,6 +187,9 @@ CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x throu - openvswitch NOTE: https://arxiv.org/abs/2011.09107 NOTE: https://sites.google.com/view/tuple-space-explosion + NOTE: https://dl.acm.org/doi/10.1145/3359989.3365431 + NOTE: https://www.youtube.com/watch?v=5cHpzVK0D28 + NOTE: https://www.youtube.com/watch?v=DSC3m-Bww64 CVE-2022-40237 RESERVED CVE-2022-40236 = data/dla-needed.txt = @@ -85,6 +85,9 @@ openexr NOTE: 20220904: Programming language: C++. NOTE: 20220904: Should be synced with Stretch. (apo) -- +openvswitch + NOTE: 20220911: No known patch for this problem. +-- paramiko (Chris Lamb) NOTE: 20220909: Programming language: Python. -- @@ -162,6 +165,10 @@ vim wkhtmltopdf NOTE: 20220904: Programming language: C++. -- +wordpress + NOTE: 20220911: Programming language: PHP + NOTE: 20220911: Further investigation needed to see what parts of 6.0.2 update that applies to buster. +-- zlib (Emilio) NOTE: 20220813: Programming language: C. NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57351ceab2760a3f77d826a4fb4213292299052d...6f515f119791a74b12a113e20fed8cbe50079758 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57351ceab2760a3f77d826a4fb4213292299052d...6f515f119791a74b12a113e20fed8cbe50079758 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57351cea by security tracker role at 2022-09-11T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -2603,8 +2603,7 @@ CVE-2022-39137
RESERVED
CVE-2022-39136
RESERVED
-CVE-2022-39135
- RESERVED
+CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators
EXISTS_NOD ...)
NOT-FOR-US: Apache Calcite
CVE-2022-39134
RESERVED
@@ -8400,7 +8399,7 @@ CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager
Plus, OpManager MSP, Netw
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2588
RESERVED
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE:
https://lore.kernel.org/netdev/20220809170518.164662-1-casca...@canonical.com/T/#u
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/6
@@ -8408,14 +8407,14 @@ CVE-2022-2587 (Out of bounds write in Chrome OS Audio
Server in Google Chrome on
- chromium (Chrome on Chrome OS)
CVE-2022-2586
RESERVED
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE:
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-casca...@canonical.com/T/#t
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/5
NOTE: https://www.openwall.com/lists/oss-security/2022/08/29/5
CVE-2022-2585
RESERVED
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
[buster] - linux (Vulnerable code introduced later)
NOTE:
https://lore.kernel.org/lkml/20220809170751.164716-1-casca...@canonical.com/T/#u
@@ -8678,7 +8677,7 @@ CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS
attack can occur. This
CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer
through 7 ...)
NOT-FOR-US: FastStone Image Viewer
CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux
kernel th ...)
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE: https://marc.info/?l=netfilter-devel=165883202007292=2
NOTE: Fixed by:
https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
@@ -8871,7 +8870,7 @@ CVE-2022-36881 (Jenkins Git client Plugin 3.11.0 and
earlier does not perform SS
CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850
allows ...)
NOT-FOR-US: Webmin module
CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14.
xfrm_expa ...)
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE:
https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901
(v5.19-rc8)
CVE-2022-36878 (Exposure of Sensitive Information in Find My Mobile prior to
version 7 ...)
@@ -9812,6 +9811,7 @@ CVE-2022-2527
- gitlab
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a
heap-based buf ...)
+ {DSA-5228-1}
- gdk-pixbuf 2.42.8+dfsg-1
[buster] - gdk-pixbuf (Vulnerable code not present; GIF
animation support added later)
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190
@@ -25948,7 +25948,7 @@ CVE-2022-26844 (Insufficiently protected credentials in
the installation binarie
CVE-2022-26374 (Uncontrolled search path in the installation binaries for
Intel(R) SEA ...)
NOT-FOR-US: Intel
CVE-2022-26373 (Non-transparent sharing of return predictor targets between
contexts i ...)
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.16-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html
NOTE:
https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3
@@ -27821,13 +27821,13 @@ CVE-2022-29902
CVE-2022-1526 (A vulnerability, which was classified as problematic, was found
in Eml ...)
NOT-FOR-US: Emlog Pro
CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new
Spectre ...)
- {DSA-5207-1}
+ {DSA-5207-1 DLA-3102-1}
- linux 5.18.14-1
NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
CVE-2022-29900 (Mis-trained branch predictions for return instructions may
allow arbit ...)
- {DSA-5207-1 DSA-5184-1}
+ {DSA-5207-1 DSA-5184-1 DLA-3102-1}
- linux 5.18.14-1
- xen 4.16.2-1
[buster] - xen (DSA 4677-1)
@@ -39109,8 +39109,8 @@ CVE-2022-26060
RESERVED
CVE-2022-26050
RESERVED
-CVE-2022-26049
-
[Git][security-tracker-team/security-tracker][master] Mark lxd-issues as not-affected.
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc352c6c by Anton Gladky at 2022-09-11T22:08:02+02:00
Mark lxd-issues as not-affected.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -394864,9 +394864,9 @@ CVE-2016-1583 (The ecryptfs_privileged_open function
in fs/ecryptfs/kthread.c in
{DSA-3607-1 DLA-516-1}
- linux 4.6.2-1
CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when
switching an u ...)
- - lxd (bug #768073)
+ - lxd (Fixed before initial upload to Debian)
CVE-2016-1581 (LXD before 2.0.2 uses world-readable permissions for
/var/lib/lxd/zfs. ...)
- - lxd (bug #768073)
+ - lxd (Fixed before initial upload to Debian)
CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher
packag ...)
NOT-FOR-US: ubuntu-core-launcher
CVE-2016-1579 (UDM provides support for running commands after a download is
complete ...)
@@ -400798,7 +400798,7 @@ CVE-2015-8224 (Huawei P8 before GRA-CL00C92B210,
before GRA-L09C432B200, before
CVE-2015-8223 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and
P7-L09C92B85, and P ...)
NOT-FOR-US: Huawei
CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package
before ...)
- - lxd (bug #768073)
+ - lxd (Fixed before initial upload to Debian)
CVE-2015-8221 (Integer overflow in Google Picasa before 3.9.140 Build 259
allows remo ...)
NOT-FOR-US: Google Picasa
CVE-2015-8220 (Stack-based buffer overflow in the URI handler in DWRCC.exe in
SolarWi ...)
@@ -420872,7 +420872,7 @@ CVE-2015-1342 (LXCFS before 0.12 does not properly
enforce directory escapes, wh
CVE-2015-1341 (Any Python module in sys.path can be imported if the command
line of t ...)
NOT-FOR-US: Apport
CVE-2015-1340 (LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has
an unsa ...)
- - lxd (bug #768073)
+ - lxd (Fixed before initial upload to Debian)
CVE-2015-1339 (Memory leak in the cuse_channel_release function in
fs/fuse/cuse.c in ...)
- linux 4.4.2-1
[jessie] - linux (Vulnerable code introduced in v4.2-rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc352c6c236346f8c79c384da94455c6340afec9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc352c6c236346f8c79c384da94455c6340afec9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 4b5038351aeeacc8b716c865a78abda120c0515a failed
The error message was: data/CVE/list:394866: ITPed package lxd is in the archive data/CVE/list:394868: ITPed package lxd is in the archive data/CVE/list:400800: ITPed package lxd is in the archive data/CVE/list:420874: ITPed package lxd is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 4053740f09dc75c762cb9dfdf9e83a77c4e566b7 failed
The error message was: data/CVE/list:394866: ITPed package lxd is in the archive data/CVE/list:394868: ITPed package lxd is in the archive data/CVE/list:400800: ITPed package lxd is in the archive data/CVE/list:420874: ITPed package lxd is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Fis formatting in dla-needed.txt
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: c70e639d by Anton Gladky at 2022-09-11T21:38:07+02:00 Fis formatting in dla-needed.txt - - - - - 4b503835 by Anton Gladky at 2022-09-11T21:39:15+02:00 Fix merge conflicts - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -141,11 +141,12 @@ sox (Abhijith PA) NOTE: 20220818: Requires some investigation; see #1012138 etc. -- sqlite3 (Chris Lamb) - NOTE: 20220905: Programming language: C + NOTE: 20220905: Programming language: C. + NOTE: 20220905: VCS: https://salsa.debian.org/lts-team/packages/sqlite3.git NOTE: 20220905: The three remaining issues seems to be simple enough to warrant a fix. -- trafficserver - NOTE: 20220905: Programming language: C + NOTE: 20220905: Programming language: C. -- unzip NOTE: 20220904: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4053740f09dc75c762cb9dfdf9e83a77c4e566b7...4b5038351aeeacc8b716c865a78abda120c0515a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4053740f09dc75c762cb9dfdf9e83a77c4e566b7...4b5038351aeeacc8b716c865a78abda120c0515a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 4053740f09dc75c762cb9dfdf9e83a77c4e566b7 failed
The error message was: data/CVE/list:394866: ITPed package lxd is in the archive data/CVE/list:394868: ITPed package lxd is in the archive data/CVE/list:400800: ITPed package lxd is in the archive data/CVE/list:420874: ITPed package lxd is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3102-1 for linux-5.10
Ben Hutchings pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4053740f by Ben Hutchings at 2022-09-11T21:10:50+02:00
Reserve DLA-3102-1 for linux-5.10
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[11 Sep 2022] DLA-3102-1 linux-5.10 - new package
+ {CVE-2022-2585 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373
CVE-2022-29900 CVE-2022-29901 CVE-2022-36879 CVE-2022-36946}
+ [buster] - linux-5.10 5.10.136-1~deb10u1
[09 Sep 2022] DLA-3101-1 libxslt - security update
{CVE-2019-5815 CVE-2021-30560}
[buster] - libxslt 1.1.32-2.2~deb10u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4053740f09dc75c762cb9dfdf9e83a77c4e566b7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4053740f09dc75c762cb9dfdf9e83a77c4e566b7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing e8aafa8f3d2147b167d2585dbbc5a4fa8ada356a failed
The error message was: data/CVE/list:394866: ITPed package lxd is in the archive data/CVE/list:394868: ITPed package lxd is in the archive data/CVE/list:400800: ITPed package lxd is in the archive data/CVE/list:420874: ITPed package lxd is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2022-37186/lemonldap-ng as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8aafa8f by Salvatore Bonaccorso at 2022-09-11T20:59:32+02:00 Mark CVE-2022-37186/lemonldap-ng as no-dsa - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -8041,6 +8041,7 @@ CVE-2022-37187 CVE-2022-37186 [Session destroyed on portal but still valid on handlers] RESERVED - lemonldap-ng 2.0.15+ds-1 + [bullseye] - lemonldap-ng (Minor issue; user activity tracking by handles disabled by default) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4 (v2.0.15) CVE-2022-37185 (SQL injection vulnerability exists in the school information query int ...) = data/next-point-update.txt = @@ -20,3 +20,5 @@ CVE-2021-24119 [bullseye] - mbedtls 2.16.12-0+deb11u1 CVE-2021-44732 [bullseye] - mbedtls 2.16.12-0+deb11u1 +CVE-2022-37186 + [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8aafa8f3d2147b167d2585dbbc5a4fa8ada356a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8aafa8f3d2147b167d2585dbbc5a4fa8ada356a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 457a30f516d100392200542b61eb824f31d4566d failed
The error message was: data/CVE/list:394865: ITPed package lxd is in the archive data/CVE/list:394867: ITPed package lxd is in the archive data/CVE/list:400799: ITPed package lxd is in the archive data/CVE/list:420873: ITPed package lxd is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 457a30f516d100392200542b61eb824f31d4566d failed
The error message was: data/CVE/list:394865: ITPed package lxd is in the archive data/CVE/list:394867: ITPed package lxd is in the archive data/CVE/list:400799: ITPed package lxd is in the archive data/CVE/list:420873: ITPed package lxd is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 457a30f516d100392200542b61eb824f31d4566d failed
The error message was: data/CVE/list:394865: ITPed package lxd is in the archive data/CVE/list:394867: ITPed package lxd is in the archive data/CVE/list:400799: ITPed package lxd is in the archive data/CVE/list:420873: ITPed package lxd is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-37186/lemonldap-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 457a30f5 by Salvatore Bonaccorso at 2022-09-11T16:30:32+02:00 Update information for CVE-2022-37186/lemonldap-ng - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8038,9 +8038,11 @@ CVE-2022-37188 RESERVED CVE-2022-37187 RESERVED -CVE-2022-37186 +CVE-2022-37186 [Session destroyed on portal but still valid on handlers] RESERVED - lemonldap-ng 2.0.15+ds-1 + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758 + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4 (v2.0.15) CVE-2022-37185 (SQL injection vulnerability exists in the school information query int ...) TODO: check CVE-2022-37184 (The application manage_website.php on Garage Management System 1.0 is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/457a30f516d100392200542b61eb824f31d4566d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/457a30f516d100392200542b61eb824f31d4566d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-37186/lemonldap-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 718327ea by Salvatore Bonaccorso at 2022-09-11T16:19:32+02:00 Add CVE-2022-37186/lemonldap-ng - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8040,6 +8040,7 @@ CVE-2022-37187 RESERVED CVE-2022-37186 RESERVED + - lemonldap-ng 2.0.15+ds-1 CVE-2022-37185 (SQL injection vulnerability exists in the school information query int ...) TODO: check CVE-2022-37184 (The application manage_website.php on Garage Management System 1.0 is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/718327ea38ea36e49ed9cb8e19dc334079f89936 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/718327ea38ea36e49ed9cb8e19dc334079f89936 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for gdk-pixbuf update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e779390 by Salvatore Bonaccorso at 2022-09-11T16:02:17+02:00
Reserve DSA number for gdk-pixbuf update
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -57181,7 +57181,6 @@ CVE-2021-44649 (Django CMS 3.7.3 does not validate the
plugin_type parameter whi
- python-django-cms (bug #516183)
CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer
overflow vulner ...)
- gdk-pixbuf 2.42.9+dfsg-1 (bug #1014600)
- [bullseye] - gdk-pixbuf (Minor issue)
[buster] - gdk-pixbuf (Vulnerable code introduced later)
[stretch] - gdk-pixbuf (Vulnerable code introduced later)
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[11 Sep 2022] DSA-5228-1 gdk-pixbuf - security update
+ {CVE-2021-44648 CVE-2021-46829}
+ [bullseye] - gdk-pixbuf 2.42.2+dfsg-1+deb11u1
[07 Sep 2022] DSA-5227-1 libgoogle-gson-java - security update
{CVE-2022-25647}
[bullseye] - libgoogle-gson-java 2.8.6-1+deb11u1
=
data/dsa-needed.txt
=
@@ -20,8 +20,6 @@ connman (carnil)
--
freecad (aron)
--
-gdk-pixbuf (carnil)
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y versions
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e779390aba58cbb5e9a6afa59903cc1104a16ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e779390aba58cbb5e9a6afa59903cc1104a16ea
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Adjust tracking for kanboard landing in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81100da7 by Salvatore Bonaccorso at 2022-09-11T14:27:57+02:00 Adjust tracking for kanboard landing in unstable All issues were fixed in a version before the initial upload to Debian, and never an issue with the source in Debian. As such mark those as not-affected with our Fixed before initial upload to Debian reason. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -242966,7 +242966,7 @@ CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through NOTE: https://github.com/ZoneMinder/zoneminder/commit/99f1e23c5b115b46265ab78d57fd6548490c6802 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 does not ...) NOT-FOR-US: LightySoft LogMX CVE-2019-7322 @@ -323623,41 +323623,41 @@ CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allo CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenti ...) NOT-FOR-US: Flyspray CVE-2017-15212 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15211 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15210 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15209 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15208 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15207 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15206 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15205 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15204 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15203 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15202 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15201 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15200 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15199 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15198 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15197 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15196 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard (Fixed before initial upload to Debian) CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard 1.2.22+ds-1 (bug #790814) + - kanboard
[Git][security-tracker-team/security-tracker][master] Mark version 1.2.22+ds-1 of kanboard as fixed in unstable
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 741d50cc by Markus Koschany at 2022-09-11T13:10:52+02:00 Mark version 1.2.22+ds-1 of kanboard as fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -242966,7 +242966,7 @@ CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through NOTE: https://github.com/ZoneMinder/zoneminder/commit/99f1e23c5b115b46265ab78d57fd6548490c6802 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 does not ...) NOT-FOR-US: LightySoft LogMX CVE-2019-7322 @@ -323623,41 +323623,41 @@ CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allo CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenti ...) NOT-FOR-US: Flyspray CVE-2017-15212 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15211 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15210 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15209 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15208 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15207 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15206 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15205 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15204 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15203 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15202 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15201 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15200 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15199 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15198 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15197 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15196 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector cou ...) - wireshark 2.4.2-1 (low) [jessie] - wireshark (Vulnerable code not present) @@ -331043,9 +331043,9 @@ CVE-2017-12852 (The numpy.pad function in Numpy 1.13.1 and older versions is mis NOTE: https://github.com/numpy/numpy/issues/9560#issuecomment-322395292 NOTE: Negligible security impact CVE-2017-12851 (An authenticated standard user could reset the password of the admin b ...) - - kanboard (bug #790814) + - kanboard 1.2.22+ds-1 (bug #790814) CVE-2017-12850 (An authenticated standard user could reset the password of
Processing 398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4 failed
The error message was: data/CVE/list:242968: ITPed package kanboard is in the archive data/CVE/list:323625: ITPed package kanboard is in the archive data/CVE/list:323627: ITPed package kanboard is in the archive data/CVE/list:323629: ITPed package kanboard is in the archive data/CVE/list:323631: ITPed package kanboard is in the archive data/CVE/list:323633: ITPed package kanboard is in the archive data/CVE/list:323635: ITPed package kanboard is in the archive data/CVE/list:323637: ITPed package kanboard is in the archive data/CVE/list:323639: ITPed package kanboard is in the archive data/CVE/list:323641: ITPed package kanboard is in the archive data/CVE/list:323643: ITPed package kanboard is in the archive data/CVE/list:323645: ITPed package kanboard is in the archive data/CVE/list:323647: ITPed package kanboard is in the archive data/CVE/list:323649: ITPed package kanboard is in the archive data/CVE/list:323651: ITPed package kanboard is in the archive data/CVE/list:323653: ITPed package kanboard is in the archive data/CVE/list:323655: ITPed package kanboard is in the archive data/CVE/list:323657: ITPed package kanboard is in the archive data/CVE/list:323659: ITPed package kanboard is in the archive data/CVE/list:331045: ITPed package kanboard is in the archive data/CVE/list:331047: ITPed package kanboard is in the archive data/CVE/list:439377: ITPed package kanboard is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4 failed
The error message was: data/CVE/list:242968: ITPed package kanboard is in the archive data/CVE/list:323625: ITPed package kanboard is in the archive data/CVE/list:323627: ITPed package kanboard is in the archive data/CVE/list:323629: ITPed package kanboard is in the archive data/CVE/list:323631: ITPed package kanboard is in the archive data/CVE/list:323633: ITPed package kanboard is in the archive data/CVE/list:323635: ITPed package kanboard is in the archive data/CVE/list:323637: ITPed package kanboard is in the archive data/CVE/list:323639: ITPed package kanboard is in the archive data/CVE/list:323641: ITPed package kanboard is in the archive data/CVE/list:323643: ITPed package kanboard is in the archive data/CVE/list:323645: ITPed package kanboard is in the archive data/CVE/list:323647: ITPed package kanboard is in the archive data/CVE/list:323649: ITPed package kanboard is in the archive data/CVE/list:323651: ITPed package kanboard is in the archive data/CVE/list:323653: ITPed package kanboard is in the archive data/CVE/list:323655: ITPed package kanboard is in the archive data/CVE/list:323657: ITPed package kanboard is in the archive data/CVE/list:323659: ITPed package kanboard is in the archive data/CVE/list:331045: ITPed package kanboard is in the archive data/CVE/list:331047: ITPed package kanboard is in the archive data/CVE/list:439377: ITPed package kanboard is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4 failed
The error message was: data/CVE/list:242968: ITPed package kanboard is in the archive data/CVE/list:323625: ITPed package kanboard is in the archive data/CVE/list:323627: ITPed package kanboard is in the archive data/CVE/list:323629: ITPed package kanboard is in the archive data/CVE/list:323631: ITPed package kanboard is in the archive data/CVE/list:323633: ITPed package kanboard is in the archive data/CVE/list:323635: ITPed package kanboard is in the archive data/CVE/list:323637: ITPed package kanboard is in the archive data/CVE/list:323639: ITPed package kanboard is in the archive data/CVE/list:323641: ITPed package kanboard is in the archive data/CVE/list:323643: ITPed package kanboard is in the archive data/CVE/list:323645: ITPed package kanboard is in the archive data/CVE/list:323647: ITPed package kanboard is in the archive data/CVE/list:323649: ITPed package kanboard is in the archive data/CVE/list:323651: ITPed package kanboard is in the archive data/CVE/list:323653: ITPed package kanboard is in the archive data/CVE/list:323655: ITPed package kanboard is in the archive data/CVE/list:323657: ITPed package kanboard is in the archive data/CVE/list:323659: ITPed package kanboard is in the archive data/CVE/list:331045: ITPed package kanboard is in the archive data/CVE/list:331047: ITPed package kanboard is in the archive data/CVE/list:439377: ITPed package kanboard is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 398135e8 by Henri Salo at 2022-09-11T12:21:13+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2605,6 +2605,7 @@ CVE-2022-39136 RESERVED CVE-2022-39135 RESERVED + NOT-FOR-US: Apache Calcite CVE-2022-39134 RESERVED CVE-2022-39133 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398135e89207ea51a4d372d9d8e4bfa0ab6cfbc4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 8a31b51c927184c2c29bffe5ec6c1240875b113d failed
The error message was: data/CVE/list:242967: ITPed package kanboard is in the archive data/CVE/list:323624: ITPed package kanboard is in the archive data/CVE/list:323626: ITPed package kanboard is in the archive data/CVE/list:323628: ITPed package kanboard is in the archive data/CVE/list:323630: ITPed package kanboard is in the archive data/CVE/list:323632: ITPed package kanboard is in the archive data/CVE/list:323634: ITPed package kanboard is in the archive data/CVE/list:323636: ITPed package kanboard is in the archive data/CVE/list:323638: ITPed package kanboard is in the archive data/CVE/list:323640: ITPed package kanboard is in the archive data/CVE/list:323642: ITPed package kanboard is in the archive data/CVE/list:323644: ITPed package kanboard is in the archive data/CVE/list:323646: ITPed package kanboard is in the archive data/CVE/list:323648: ITPed package kanboard is in the archive data/CVE/list:323650: ITPed package kanboard is in the archive data/CVE/list:323652: ITPed package kanboard is in the archive data/CVE/list:323654: ITPed package kanboard is in the archive data/CVE/list:323656: ITPed package kanboard is in the archive data/CVE/list:323658: ITPed package kanboard is in the archive data/CVE/list:331044: ITPed package kanboard is in the archive data/CVE/list:331046: ITPed package kanboard is in the archive data/CVE/list:439376: ITPed package kanboard is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 4c1a30abb4a7210a520f0adc6acce54b3f1b2046 failed
The error message was: data/CVE/list:242967: ITPed package kanboard is in the archive data/CVE/list:323624: ITPed package kanboard is in the archive data/CVE/list:323626: ITPed package kanboard is in the archive data/CVE/list:323628: ITPed package kanboard is in the archive data/CVE/list:323630: ITPed package kanboard is in the archive data/CVE/list:323632: ITPed package kanboard is in the archive data/CVE/list:323634: ITPed package kanboard is in the archive data/CVE/list:323636: ITPed package kanboard is in the archive data/CVE/list:323638: ITPed package kanboard is in the archive data/CVE/list:323640: ITPed package kanboard is in the archive data/CVE/list:323642: ITPed package kanboard is in the archive data/CVE/list:323644: ITPed package kanboard is in the archive data/CVE/list:323646: ITPed package kanboard is in the archive data/CVE/list:323648: ITPed package kanboard is in the archive data/CVE/list:323650: ITPed package kanboard is in the archive data/CVE/list:323652: ITPed package kanboard is in the archive data/CVE/list:323654: ITPed package kanboard is in the archive data/CVE/list:323656: ITPed package kanboard is in the archive data/CVE/list:323658: ITPed package kanboard is in the archive data/CVE/list:331044: ITPed package kanboard is in the archive data/CVE/list:331046: ITPed package kanboard is in the archive data/CVE/list:439376: ITPed package kanboard is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Correct ordering
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: a46275c6 by Chris Lamb at 2022-09-11T09:39:18+01:00 data/dla-needed.txt: Correct ordering - - - - - 8a31b51c by Chris Lamb at 2022-09-11T09:40:07+01:00 data/dla-needed.txt: Claim paramiko. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -85,7 +85,7 @@ openexr NOTE: 20220904: Programming language: C++. NOTE: 20220904: Should be synced with Stretch. (apo) -- -paramiko +paramiko (Chris Lamb) NOTE: 20220909: Programming language: Python. -- pcs (Valentin Vidic) @@ -97,11 +97,11 @@ pcs (Valentin Vidic) NOTE: 20220908: CVE-2022-2735 not-affected: Vulnerable code not present, see #1018930. NOTE: 20220908: CVE-2022-1049 vulnerable -- -phpseclib +php-phpseclib NOTE: 20220909: Programming language: PHP. NOTE: 20220909: Note the discussion whether 2.0 is in fact affected by the CVE or not. It looks like it is affected by a small part of it that is best to fix.. -- -php-phpseclib +phpseclib NOTE: 20220909: Programming language: PHP. NOTE: 20220909: Note the discussion whether 2.0 is in fact affected by the CVE or not. It looks like it is affected by a small part of it that is best to fix.. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4c1a30abb4a7210a520f0adc6acce54b3f1b2046...8a31b51c927184c2c29bffe5ec6c1240875b113d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4c1a30abb4a7210a520f0adc6acce54b3f1b2046...8a31b51c927184c2c29bffe5ec6c1240875b113d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 4c1a30abb4a7210a520f0adc6acce54b3f1b2046 failed
The error message was: data/CVE/list:242967: ITPed package kanboard is in the archive data/CVE/list:323624: ITPed package kanboard is in the archive data/CVE/list:323626: ITPed package kanboard is in the archive data/CVE/list:323628: ITPed package kanboard is in the archive data/CVE/list:323630: ITPed package kanboard is in the archive data/CVE/list:323632: ITPed package kanboard is in the archive data/CVE/list:323634: ITPed package kanboard is in the archive data/CVE/list:323636: ITPed package kanboard is in the archive data/CVE/list:323638: ITPed package kanboard is in the archive data/CVE/list:323640: ITPed package kanboard is in the archive data/CVE/list:323642: ITPed package kanboard is in the archive data/CVE/list:323644: ITPed package kanboard is in the archive data/CVE/list:323646: ITPed package kanboard is in the archive data/CVE/list:323648: ITPed package kanboard is in the archive data/CVE/list:323650: ITPed package kanboard is in the archive data/CVE/list:323652: ITPed package kanboard is in the archive data/CVE/list:323654: ITPed package kanboard is in the archive data/CVE/list:323656: ITPed package kanboard is in the archive data/CVE/list:323658: ITPed package kanboard is in the archive data/CVE/list:331044: ITPed package kanboard is in the archive data/CVE/list:331046: ITPed package kanboard is in the archive data/CVE/list:439376: ITPed package kanboard is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 4c1a30abb4a7210a520f0adc6acce54b3f1b2046 failed
The error message was: data/CVE/list:242967: ITPed package kanboard is in the archive data/CVE/list:323624: ITPed package kanboard is in the archive data/CVE/list:323626: ITPed package kanboard is in the archive data/CVE/list:323628: ITPed package kanboard is in the archive data/CVE/list:323630: ITPed package kanboard is in the archive data/CVE/list:323632: ITPed package kanboard is in the archive data/CVE/list:323634: ITPed package kanboard is in the archive data/CVE/list:323636: ITPed package kanboard is in the archive data/CVE/list:323638: ITPed package kanboard is in the archive data/CVE/list:323640: ITPed package kanboard is in the archive data/CVE/list:323642: ITPed package kanboard is in the archive data/CVE/list:323644: ITPed package kanboard is in the archive data/CVE/list:323646: ITPed package kanboard is in the archive data/CVE/list:323648: ITPed package kanboard is in the archive data/CVE/list:323650: ITPed package kanboard is in the archive data/CVE/list:323652: ITPed package kanboard is in the archive data/CVE/list:323654: ITPed package kanboard is in the archive data/CVE/list:323656: ITPed package kanboard is in the archive data/CVE/list:323658: ITPed package kanboard is in the archive data/CVE/list:331044: ITPed package kanboard is in the archive data/CVE/list:331046: ITPed package kanboard is in the archive data/CVE/list:439376: ITPed package kanboard is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
