[Git][security-tracker-team/security-tracker][master] Reference fixes for libxml2 in sid

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bebdf42f by Aron Xu at 2024-05-25T15:20:46+08:00
Reference fixes for libxml2 in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6869,7 +6869,7 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help 
desk and shared mailbox. A
 CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability 
in URBAN ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 
2.11.8 and 2. ...)
-   - libxml2  (unimportant; bug #1071162)
+   - libxml2 2.12.7+dfsg-1 (bug #1071162)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145
 (v2.11.8)
NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce
 (v2.12.7)
@@ -36177,7 +36177,7 @@ CVE-2021-46902 (An issue was discovered in 
LTOS-Web-Interface in Meinberg LANTIM
NOT-FOR-US: Meinberg
 CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x 
before 2.1 ...)
[experimental] - libxml2 2.12.5+dfsg-0exp1
-   - libxml2  (bug #1063234)
+   - libxml2 2.12.7+dfsg-1 (bug #1063234)
[bookworm] - libxml2  (Minor issue)
[bullseye] - libxml2  (Minor issue)
[buster] - libxml2  (Minor issue)
@@ -58256,7 +58256,7 @@ CVE-2023-5182 (Sensitive data could be exposed in logs 
of subiquity version 23.0
NOT-FOR-US: Subiquity
 CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only 
occur after  ...)
[experimental] - libxml2 2.12.3+dfsg-0exp1
-   - libxml2  (bug #1053629)
+   - libxml2 2.12.7+dfsg-1 (bug #1053629)
[bookworm] - libxml2  (Minor issue)
[bullseye] - libxml2  (Minor issue)
[buster] - libxml2  (Minor issue, very hard/unlikely to 
trigger)
@@ -64190,7 +64190,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered 
to contain an invalid re
NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
 CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an 
out-of-bounds rea ...)
[experimental] - libxml2 2.12.3+dfsg-0exp1
-   - libxml2  (bug #1051230)
+   - libxml2 2.12.7+dfsg-1 (bug #1051230)
[bookworm] - libxml2  (Minor issue)
[bullseye] - libxml2  (Minor issue)
[buster] - libxml2  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bebdf42f2e6339facb3620ccbb3d1fc15440be9c

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bebdf42f2e6339facb3620ccbb3d1fc15440be9c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] claim nodejs in dsa-needed.txt

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
499dde51 by Aron Xu at 2024-05-21T17:10:09+08:00
claim nodejs in dsa-needed.txt

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -33,7 +33,7 @@ linux (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
-nodejs
+nodejs (aron)
 --
 opennds/stable
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499dde5119b912a38e0920af7168ae176926f281

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499dde5119b912a38e0920af7168ae176926f281
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA for tiff

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a428d686 by Aron Xu at 2023-11-27T12:24:34+08:00
Reserve DSA for tiff

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[27 Nov 2023] DSA-5567-1 tiff - security update
+   {CVE-2023-3576 CVE-2023-40745 CVE-2023-41175}
+   [bullseye] - tiff 4.2.0-1+deb11u5
+   [bookworm] - tiff 4.5.0-6+deb12u1
 [26 Nov 2023] DSA-5566-1 thunderbird - security update
{CVE-2023-6212 CVE-2023-6209 CVE-2023-6208 CVE-2023-6207 CVE-2023-6206 
CVE-2023-6205 CVE-2023-6204}
[bullseye] - thunderbird 1:115.5.0-1~deb11u1


=
data/dsa-needed.txt
=
@@ -81,8 +81,6 @@ samba/oldstable
 --
 squid
 --
-tiff (aron)
---
 xen (jmm)
 --
 zbar



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a428d686e12891c808d9d963ca379dd1e18acf82

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a428d686e12891c808d9d963ca379dd1e18acf82
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] claim tiff

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d335d95b by Aron Xu at 2023-09-14T16:09:19+08:00
claim tiff

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -80,7 +80,7 @@ salt/oldstable
 --
 samba/oldstable
 --
-tiff
+tiff (aron)
 --
 trafficserver
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d335d95b1eba294839d337f767ab10c30b90d0be

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d335d95b1eba294839d337f767ab10c30b90d0be
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA for frr

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f5a6c5d by Aron Xu at 2023-09-11T15:04:24+08:00
Reserve DSA for frr

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[11 Sep 2023] DSA-5495-1 frr - security update
+   {CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681 
CVE-2023-31490 CVE-2023-38802 CVE-2023-41358}
+   [bullseye] - frr 7.5.1-1.1+deb11u2
+   [bookworm] - frr 8.4.4-1.1~deb12u1
 [10 Sep 2023] DSA-5494-1 mutt - security update
{CVE-2023-4874 CVE-2023-4875}
[bullseye] - mutt 2.0.5-4.1+deb11u3


=
data/dsa-needed.txt
=
@@ -18,9 +18,6 @@ cinder/oldstable
 --
 flac/oldstable
 --
-frr (aron)
-  maintainer proposed to update to 8.4.4 for bookworm, which might be a good 
idea
---
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on 
bullseye-security backports
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f5a6c5de4f53346d3bed24dd91d2ac3e8ca53c7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f5a6c5de4f53346d3bed24dd91d2ac3e8ca53c7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage CVEs for frr

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d386daf by Aron Xu at 2023-09-01T12:23:06+08:00
Triage CVEs for frr

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -457,6 +457,8 @@ CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web 
management interface c
 CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow 
a remote ...)
- frr 
NOTE: 
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
+   NOTE: https://github.com/FRRouting/frr/pull/14290
+   NOTE: 
https://github.com/FRRouting/frr/pull/14290/commits/bcb6b58d9530173df41d3a3cbc4c600ee0b4b186
 CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data 
(length  ...)
- openbgpd 8.1-1
NOTE: 
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig
@@ -598,18 +600,21 @@ CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in 
UserSettingsController all
NOT-FOR-US: Cerebrate
 CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c 
does not ...)
- frr 
+   [bullseye] - frr  (The vulnerable code was introduced 
later)
NOTE: https://github.com/FRRouting/frr/pull/14241
NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840
NOTE: Backport for 9.0 branch: 
https://github.com/FRRouting/frr/pull/14250
NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e
 CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. 
bgpd/bgp_packet. ...)
- frr 
+   [bullseye] - frr  (The vulnerable code was introduced 
later)
NOTE: https://github.com/FRRouting/frr/pull/14245
NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702
NOTE: Backport for stable/8.5: 
https://github.com/FRRouting/frr/pull/14249
NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/3515178de4a56d66ed948a774efcbe4a854e1ca7
 CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is 
an out- ...)
- frr 
+   [bullseye] - frr  (The vulnerable code was introduced 
later)
NOTE: https://github.com/FRRouting/frr/pull/14232
NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/f96201e104892e18493f24cf67bb713678e8237b
NOTE: Backport for stable/8.5: 
https://github.com/FRRouting/frr/pull/14268
@@ -5670,6 +5675,7 @@ CVE-2023-3750 (A flaw was found in libvirt. The 
virStoragePoolObjListSearch func
NOTE: Fixed by: 
https://gitlab.com/libvirt/libvirt/-/commit/9a47442366fcf8a7b6d7422016d7bbb6764a1098
 (v9.6.0-rc1)
 CVE-2023-3748 (A flaw was found in FRRouting when parsing certain babeld 
unicast hell ...)
- frr  (bug #1042473)
+   [bullseye] - frr  (The vulnerable code was introduced 
later)
[buster] - frr  (The vulnerable code was introduced later)
NOTE: https://github.com/FRRouting/frr/issues/11808
NOTE: https://github.com/FRRouting/frr/pull/12950
@@ -13855,7 +13861,8 @@ CVE-2023-31490 (An issue found in Frrouting bgpd 
v.8.4.2 allows a remote attacke
NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/06431bfa7570f169637ebb5898f0b0cc3b010802
 CVE-2023-31489 (An issue found in Frrouting bgpd v.8.4.2 allows a remote 
attacker to c ...)
- frr 8.4.4-1 (bug #1036061)
-   [buster] - frr  (Minor issue)
+   [bullseye] - frr  (The vulnerable code was introduced 
later)
+   [buster] - frr  (The vulnerable code was introduced later)
NOTE: https://github.com/FRRouting/frr/issues/13098
NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/b1d33ec293e8e36fbb8766252f3b016d268e31ce
 CVE-2023-31476 (An issue was discovered on GL.iNet devices running firmware 
before 3.2 ...)
@@ -79538,7 +79545,6 @@ CVE-2022-36441 (An issue was discovered in Zebra 
Enterprise Home Screen 4.1.19.
NOT-FOR-US: Zebra Enterprise Home Screen
 CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in 
the pee ...)
- frr 8.4.1-1
-   [bullseye] - frr  (Minor issue, requires untrivial porting)
[buster] - frr  (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13202
NOTE: 
https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286 
(base_8.4)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d386daf1458ae2dc0d6df1ac8f044876dc23d98

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d386daf1458ae2dc0d6df1ac8f044876dc23d98
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list

[Git][security-tracker-team/security-tracker][master] Tag CVE-2022-36440 as ignored for frr

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
607af70e by Aron Xu at 2023-08-19T11:37:20+08:00
Tag CVE-2022-36440 as ignored for frr

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -77647,7 +77647,8 @@ CVE-2022-36441 (An issue was discovered in Zebra 
Enterprise Home Screen 4.1.19.
NOT-FOR-US: Zebra Enterprise Home Screen
 CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in 
the pee ...)
- frr 8.4.1-1
-   [buster] - frr  (Minor issue)
+   [bullseye] - frr  (Minor issue, requires untrivial porting)
+   [buster] - frr  (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13202
NOTE: 
https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286 
(base_8.4)
NOTE: https://github.com/spwpun/pocs/blob/main/frr-bgpd.md



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/607af70e1df9589cd77c801adc4ebc07c607a132

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/607af70e1df9589cd77c801adc4ebc07c607a132
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] claim frr

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff097dc8 by Aron Xu at 2023-07-31T15:14:58+08:00
claim frr

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -18,7 +18,7 @@ cjose
 --
 cinder/oldstable
 --
-frr
+frr (aron)
   maintainer proposed to update to 8.4.4 for bookworm, which might be a good 
idea
 --
 linux (carnil)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff097dc864d056ec5f9f8800a1890fd6057714b7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff097dc864d056ec5f9f8800a1890fd6057714b7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] fix comment

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59c0828c by Aron Xu at 2023-07-19T16:55:11+08:00
fix comment

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -23,7 +23,7 @@ cinder/oldstable
 curl
 --
 frr
-  maintainer proposed to update to 8.4.4 for bookworm-stable, which might be a 
good idea
+  maintainer proposed to update to 8.4.4 for bookworm, which might be a good 
idea
 --
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59c0828c04deeaffc1125e723d1499c619236cd1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59c0828c04deeaffc1125e723d1499c619236cd1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add comment for nodejs

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e495d440 by Aron Xu at 2023-07-19T16:52:36+08:00
add comment for nodejs

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -37,6 +37,7 @@ netatalk/oldstable
   See discussion on team mailing list.
 --
 nodejs
+  maintainer proposed to follow the upstream 18.x LTS branch
 --
 nova/oldstable
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e495d44056dd66ed05ced33ec13556b5ecb08299

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e495d44056dd66ed05ced33ec13556b5ecb08299
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA for iperf3

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
573516a4 by Aron Xu at 2023-07-17T21:56:51+08:00
Reserve DSA for iperf3

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[17 Jul 2023] DSA-5455-1 iperf3 - security update
+   [bullseye] - iperf3 3.9-1+deb11u1
+   [bookworm] - iperf3 3.12-1+deb12u1
 [16 Jul 2023] DSA-5454-1 kanboard - security update
{CVE-2023-36813}
[bookworm] - kanboard 1.2.26+ds-2+deb12u2


=
data/dsa-needed.txt
=
@@ -21,8 +21,6 @@ cinder/oldstable
 frr
   maintainer proposed to update to 8.4.4 for bookworm-stable, which might be a 
good idea
 --
-iperf3 (aron)
---
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y and 6.1.y versions



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/573516a4bf93db49dd7346fa0238ed62e1b0e0e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/573516a4bf93db49dd7346fa0238ed62e1b0e0e0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add iperf3

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56fb135f by Aron Xu at 2023-07-13T23:52:05+08:00
add iperf3

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -18,6 +18,8 @@ cinder/oldstable
 --
 gpac/oldstable (jmm)
 --
+iperf3 (aron)
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y and 6.1.y versions



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56fb135f880804cd995ed04655eb98823b05e9d3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56fb135f880804cd995ed04655eb98823b05e9d3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version of frr issues in unstable

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0f8de74 by Aron Xu at 2023-06-29T16:18:23+08:00
Track fixed version of frr issues in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -50502,7 +50502,7 @@ CVE-2022-43683
 CVE-2022-43682
RESERVED
 CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting 
FRR throug ...)
-   - frr  (bug #1035829)
+   - frr 8.4.1-1 (bug #1035829)
[buster] - frr  (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
NOTE: https://github.com/FRRouting/frr/issues/13480
@@ -59783,7 +59783,7 @@ CVE-2022-40320 (cfg_tilde_expand in confuse.c in 
libConfuse 3.3 has a heap-based
 CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to 
conduct Insec ...)
NOT-FOR-US: LISTSERV
 CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 
8.4. By cra ...)
-   - frr  (bug #1035829)
+   - frr 8.4.1-1 (bug #1035829)
[buster] - frr  (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
NOTE: https://github.com/FRRouting/frr/issues/13480
@@ -59853,7 +59853,7 @@ CVE-2022-40303 (An issue was discovered in libxml2 
before 2.10.3. When parsing a
NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
 (v2.10.3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336
 CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 
8.4. By cra ...)
-   - frr  (bug #1035829)
+   - frr 8.4.1-1 (bug #1035829)
[buster] - frr  (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
NOTE: https://github.com/FRRouting/frr/issues/13480



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0f8de747f10d7d00b3933eec3f8cca60bd590ab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0f8de747f10d7d00b3933eec3f8cca60bd590ab
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] reassign flask to jmm since it's already worked on

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d660aaf3 by Aron Xu at 2023-06-29T12:14:47+08:00
reassign flask to jmm since its already worked on

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -16,7 +16,7 @@ aom/oldstable
 --
 cinder/oldstable
 --
-flask/oldstable (aron)
+flask/oldstable (jmm)
 --
 ghostscript (carnil)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d660aaf37bb06eebdd9a41262b2ba29f03c85a50

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d660aaf37bb06eebdd9a41262b2ba29f03c85a50
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add flask/oldstable

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1eaaad9 by Aron Xu at 2023-06-29T11:07:28+08:00
add flask/oldstable

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -16,6 +16,8 @@ aom/oldstable
 --
 cinder/oldstable
 --
+flask/oldstable (aron)
+--
 ghostscript (carnil)
 --
 gpac/oldstable (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1eaaad959a7213ffe50f493e0f47059106bba0a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1eaaad959a7213ffe50f493e0f47059106bba0a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] maradns DSA

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff61117e by Aron Xu at 2023-06-29T10:20:19+08:00
maradns DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -87767,7 +87767,6 @@ CVE-2022-30257 (An issue was discovered in Technitium 
DNS Server through 8.0.2 t
 CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 
that allo ...)
{DLA-3457-1}
- maradns  (bug #1033252)
-   [bullseye] - maradns  (Minor issue)
NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256
NOTE: 
https://raw.githubusercontent.com/samboy/MaraDNS/73af12e71890055f1728c1b7ccd900401f2fdf03/deadwood-github/update/3.4.03/deadwood-3.4.02-manylabel-TTL.patch
NOTE: 
https://raw.githubusercontent.com/samboy/MaraDNS/73af12e71890055f1728c1b7ccd900401f2fdf03/deadwood-github/update/3.4.03/deadwood-3.4.02-cname-TTL.patch


=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[29 Jun 2023] DSA-5441-1 maradns - security update
+   {CVE-2022-30256 CVE-2023-31137}
+   [bullseye] - maradns 2.0.13-1.4+deb11u1
 [28 Jun 2023] DSA-5440-1 chromium - security update
{CVE-2023-3420 CVE-2023-3421 CVE-2023-3422}
[bullseye] - chromium 114.0.5735.198-1~deb11u1


=
data/dsa-needed.txt
=
@@ -27,8 +27,6 @@ linux (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
-maradns/oldstable (aron)
---
 netatalk/oldstable
   open regression with MacOS, tentative patch not yet merged upstream
   See discussion on team mailing list.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff61117e377b18943fcb43a9727f04f3d26ef594

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff61117e377b18943fcb43a9727f04f3d26ef594
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] claim maradns

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1026e61 by Aron Xu at 2023-06-27T14:27:34+08:00
claim maradns

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -27,7 +27,7 @@ linux (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
-maradns/oldstable
+maradns/oldstable (aron)
 --
 netatalk/oldstable
   open regression with MacOS, tentative patch not yet merged upstream



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1026e61bca2c44047cbb045f412e9334dd3064b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1026e61bca2c44047cbb045f412e9334dd3064b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA-5426-1 for owslib (oldstable)

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42567882 by Aron Xu at 2023-06-14T10:02:28+08:00
Reserve DSA-5426-1 for owslib (oldstable)

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[14 Jun 2023] DSA-5426-1 owslib - security update
+   {CVE-2023-27476}
+   [bullseye] - owslib 0.23.0-1+deb11u1
 [13 Jun 2023] DSA-5425-1 php8.2 - security update
[bookworm] - php8.2 8.2.7-1~deb12u1
 [13 Jun 2023] DSA-5424-1 php7.4 - security update


=
data/dsa-needed.txt
=
@@ -35,8 +35,6 @@ openjdk-11/oldstable (jmm)
 --
 openjdk-17 (jmm)
 --
-owslib/oldstable (aron)
---
 php-cas/oldstable
 --
 php-horde-mime-viewer/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/425678822a1a764bae34ce3559fa7b7bef5c25fa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/425678822a1a764bae34ce3559fa7b7bef5c25fa
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA-5422-1 for jupyter-core

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
caf292ae by Aron Xu at 2023-06-09T15:21:25+08:00
Reserve DSA-5422-1 for jupyter-core

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[09 Jun 2023] DSA-5422-1 jupyter-core - security update
+   {CVE-2022-39286}
+   [bullseye] - jupyter-core 4.7.1-1+deb11u1
 [07 Jun 2023] DSA-5421-1 firefox-esr - security update
{CVE-2023-34414 CVE-2023-34416}
[bullseye] - firefox-esr 102.12.0esr-1~deb11u1


=
data/dsa-needed.txt
=
@@ -16,9 +16,6 @@ asterisk
 --
 cinder
 --
-jupyter-core (aron)
-  Maintainer asked for availability to prepare updates
---
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y versions



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf292ae4854a46b82144188f35c979baf80b6b6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf292ae4854a46b82144188f35c979baf80b6b6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] claim owslib

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3207fe99 by Aron Xu at 2023-06-09T12:06:22+08:00
claim owslib

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -36,7 +36,7 @@ openjdk-11 (jmm)
 --
 openjdk-17 (jmm)
 --
-owslib
+owslib (aron)
 --
 php-cas
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3207fe997ee4d9a352c6bd7c1facbe2e49b4b506

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3207fe997ee4d9a352c6bd7c1facbe2e49b4b506
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Correct CVE mentioned in DSA-5419-1

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9b8a08a by Aron Xu at 2023-06-07T12:54:39+08:00
Correct CVE mentioned in DSA-5419-1

- - - - -


1 changed file:

- data/DSA/list


Changes:

=
data/DSA/list
=
@@ -1,5 +1,5 @@
 [07 Jun 2023] DSA-5419-1 c-ares - security update
-   {CVE-2022-4904 CVE-2023-31130 CVE-2023-32067}
+   {CVE-2023-31130 CVE-2023-32067}
[bullseye] - c-ares 1.17.1-1+deb11u3
 [03 Jun 2023] DSA-5418-1 chromium - security update
{CVE-2023-2929 CVE-2023-2930 CVE-2023-2931 CVE-2023-2932 CVE-2023-2933 
CVE-2023-2934 CVE-2023-2935 CVE-2023-2936 CVE-2023-2937 CVE-2023-2938 
CVE-2023-2939 CVE-2023-2940 CVE-2023-2941}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9b8a08a5f41859b7ca099bd5327e549703b7fca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9b8a08a5f41859b7ca099bd5327e549703b7fca
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA for c-ares

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c3e03b4 by Aron Xu at 2023-06-07T12:52:55+08:00
Reserve DSA for c-ares

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[07 Jun 2023] DSA-5419-1 c-ares - security update
+   {CVE-2022-4904 CVE-2023-31130 CVE-2023-32067}
+   [bullseye] - c-ares 1.17.1-1+deb11u3
 [03 Jun 2023] DSA-5418-1 chromium - security update
{CVE-2023-2929 CVE-2023-2930 CVE-2023-2931 CVE-2023-2932 CVE-2023-2933 
CVE-2023-2934 CVE-2023-2935 CVE-2023-2936 CVE-2023-2937 CVE-2023-2938 
CVE-2023-2939 CVE-2023-2940 CVE-2023-2941}
[bookworm] - chromium 114.0.5735.90-2~deb12u1


=
data/dsa-needed.txt
=
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 asterisk
 --
-c-ares (aron)
---
 chromium
 --
 cinder



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c3e03b47c116042037d29dfbe7dec3cfd3bfe69

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c3e03b47c116042037d29dfbe7dec3cfd3bfe69
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] claim jupyter-core

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17843949 by Aron Xu at 2023-05-31T14:44:06+08:00
claim jupyter-core

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -20,7 +20,7 @@ chromium
 --
 cinder
 --
-jupyter-core
+jupyter-core (aron)
   Maintainer asked for availability to prepare updates
 --
 linux (carnil)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17843949b2cceba3ee2e5c153d85eb6bd388c5b3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17843949b2cceba3ee2e5c153d85eb6bd388c5b3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dsa-needed: claim c-ares

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a6e1068 by Aron Xu at 2023-05-31T01:35:22+08:00
dsa-needed: claim c-ares

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -14,7 +14,7 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 asterisk
 --
-c-ares
+c-ares (aron)
 --
 cinder
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a6e1068b522e0566b0f1a773a2fadb353e4f3e9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a6e1068b522e0566b0f1a773a2fadb353e4f3e9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA for connman

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca7e9bcb by Aron Xu at 2023-05-31T01:22:08+08:00
Reserve DSA for connman

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[31 May 2023] DSA-5416-1 connman - security update
+   {CVE-2023-28488}
+   [bullseye] - connman 1.36-2.2+deb11u2
 [28 May 2023] DSA-5415-1 libreoffice - security update
{CVE-2023-0950 CVE-2023-2255}
[bullseye] - libreoffice 1:7.0.4-4+deb11u7


=
data/dsa-needed.txt
=
@@ -18,8 +18,6 @@ c-ares
 --
 cinder
 --
-connman (aron)
---
 jupyter-core
   Maintainer asked for availability to prepare updates
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7e9bcb3fe137af274603b2ba89a9714344047a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7e9bcb3fe137af274603b2ba89a9714344047a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dsa-needed.txt: add connman

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35b565c1 by Aron Xu at 2023-05-29T19:49:48+08:00
dsa-needed.txt: add connman

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -18,6 +18,8 @@ c-ares
 --
 cinder
 --
+connman (aron)
+--
 jupyter-core
   Maintainer asked for availability to prepare updates
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35b565c16e5519f3bdccc993e17c5b45a8f2fcf9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35b565c16e5519f3bdccc993e17c5b45a8f2fcf9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] gpac DSA

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a375365 by Aron Xu at 2023-05-26T21:56:16+08:00
gpac DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -365,25 +365,21 @@ CVE-2023-31584 (GitHub repository cu/silicon commit 
a9ef36 was discovered to con
NOT-FOR-US: cu/silicon
 CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior 
to 2.2.2 ...)
- gpac  (bug #1036701)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/
NOTE: 
https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37
 CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.)
- gpac  (bug #1036701)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/
NOTE: 
https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac
 CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 
2.2.2.)
- gpac  (bug #1036701)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/
NOTE: 
https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba
 CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac 
prior to 2. ...)
- gpac  (bug #1036701)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/
NOTE: 
https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611
@@ -17830,7 +17826,6 @@ CVE-2023-0867 (Multiple stored and reflected cross-site 
scripting vulnerabilitie
NOT-FOR-US: OpenNMS
 CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior 
to 2.3 ...)
- gpac  (bug #1033116)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
NOTE: 
https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937
@@ -18274,13 +18269,11 @@ CVE-2023-0820 (The User Role by BestWebSoft WordPress 
plugin before 1.6.7 does n
NOT-FOR-US: WordPress plugin
 CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior 
to v2. ...)
- gpac  (bug #1033116)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef
NOTE: 
https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f
 CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to 
v2.3.0-DEV.)
- gpac  (bug #1033116)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a
NOTE: 
https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff
@@ -18848,7 +18841,6 @@ CVE-2023-0771 (SQL Injection in GitHub repository 
ampache/ampache prior to 5.5.7
- ampache 
 CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac 
prior to 2. ...)
- gpac  (bug #1033116)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
NOTE: 
https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
@@ -30899,31 +30891,26 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to 
Buffer Overflow in ff_hevc_put_h
NOTE: 
https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e
 (v1.0.10)
 CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer 
overflow ...)
- gpac  (bug #1033116)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2360
NOTE: 
https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d 
(v2.2.0)
 CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault 
(/stack over ...)
- gpac  (bug #1033116)
-   [bullseye] - gpac  (Minor issue)
[buster] - gpac  (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2359
NOTE: 
https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b 
(v2.2.0)
 CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer 
Overflow ...)
- gpac  (bug #1033116)
-   [bullseye] - gpac  

[Git][security-tracker-team/security-tracker][master] sniproxy DSA

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9630370d by Aron Xu at 2023-05-26T21:26:30+08:00
sniproxy DSA

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[26 May 2023] DSA-5413-1 sniproxy - security update
+   {CVE-2023-25076}
+   [bullseye] - sniproxy 0.6.0-2+deb11u1
 [24 May 2023] DSA-5410-1 sofia-sip - security update
{CVE-2022-31001 CVE-2022-31002 CVE-2022-31003 CVE-2022-47516 
CVE-2023-22741}
[bullseye] - sofia-sip 1.12.11+20110422.1-2.1+deb11u1


=
data/dsa-needed.txt
=
@@ -77,9 +77,6 @@ salt
 --
 samba
 --
-sniproxy (aron)
-  Thorsten Alteholz proposed changes for review
---
 xrdp
   needs some additional clarification, tentatively DSA worthy
   maybe upgrade to 0.9.21 within bullseye?



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9630370de4787750001217d7161832a605c5b61d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9630370de4787750001217d7161832a605c5b61d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add sniproxy to dsa-needed

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f513fcac by Aron Xu at 2023-05-24T10:59:03+08:00
add sniproxy to dsa-needed

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -75,6 +75,9 @@ salt
 --
 samba
 --
+sniproxy (aron)
+  Thorsten Alteholz proposed changes for review
+--
 sofia-sip
   Maintainer proposed debdiff for review with additional question and sent a 
followup
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f513fcac0aa2aa40dfbb58cca2b64a8d5addc0f8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f513fcac0aa2aa40dfbb58cca2b64a8d5addc0f8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA-5395-1 for nodejs

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
401eb627 by Aron Xu at 2023-05-02T21:42:52+08:00
Reserve DSA-5395-1 for nodejs

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[02 May 2023] DSA-5395-1 nodejs - security update
+   {CVE-2023-23920}
+   [bullseye] - nodejs 12.22.12~dfsg-1~deb11u4
 [30 Apr 2023] DSA-5394-1 ffmpeg - security update
{CVE-2022-3109}
[bullseye] - ffmpeg 7:4.3.6-0+deb11u1


=
data/dsa-needed.txt
=
@@ -24,8 +24,6 @@ linux (carnil)
 netatalk
   open regression with MacOS, tentative patch not yet merged upstream
 --
-nodejs (aron)
---
 odoo (seb)
   Patches for all CVEs backporting, still needs some serious testing
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401eb627be7c2dc2c4024b0d421c71435fac62eb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401eb627be7c2dc2c4024b0d421c71435fac62eb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] triage two nodejs CVEs

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
062d2fac by Aron Xu at 2023-04-26T18:16:08+08:00
triage two nodejs CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21221,12 +21221,14 @@ CVE-2023-23920 (An untrusted search path 
vulnerability exists in Node.js. 19
 CVE-2023-23919 (A cryptographic vulnerability exists in Node.js 19.2.0, 
18.14. ...)
- nodejs  (bug #1031834)
[buster] - nodejs  (X509Certificate API introduced in 
v15.6.0)
+   [bullseye] - nodejs  (X509Certificate API introduced in 
v15.6.0)
NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919
NOTE: https://hackerone.com/reports/1808596
NOTE: 
https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029
 CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js 
19.6.1,  ...)
- nodejs  (bug #1031834)
[buster] - nodejs  (v10.x doesn't support policy 
manifests)
+   [bullseye] - nodejs  (Permissions policy introduced in 
v16.x)
NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-permissions-policies-can-be-bypassed-via-process-mainmodule-high-cve-2023-23918
NOTE: Only affects users enabling experimental permissions option with 
--experimental-policy.
NOTE: 
https://github.com/nodejs/node/commit/af9140088621abd09016848f4526d66b7a81b9ba



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062d2fac8074a3772a5d82ae064d322c1d623c5a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062d2fac8074a3772a5d82ae064d322c1d623c5a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] reserve DSA for rails update

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ccc1dbc by Aron Xu at 2023-04-15T00:39:42+08:00
reserve DSA for rails update

- - - - -


1 changed file:

- data/DSA/list


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[14 Apr 2023] DSA-5389-1 rails - security update
+   {CVE-2023-23913 CVE-2023-28120}
+   [bullseye] - rails 2:6.0.3.7+dfsg-2+deb11u2
 [13 Apr 2023] DSA-5388-1 haproxy - security update
{CVE-2023-0836}
[bullseye] - haproxy 2.2.9-2+deb11u5



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccc1dbc25da7b2b1cc320c8ff7a7a4b3d12c597

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccc1dbc25da7b2b1cc320c8ff7a7a4b3d12c597
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add gpac to dsa-needed and claim it

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6caf7eec by Aron Xu at 2023-03-13T15:22:24+08:00
Add gpac to dsa-needed and claim it

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 apache2 (jmm)
 --
+gpac (aron)
+--
 jupyter-core
   Maintainer asked for availability to prepare updates
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6caf7eecb552c8e32c747a94c2a4f8307996f5ea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6caf7eecb552c8e32c747a94c2a4f8307996f5ea
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA-5372-1 for rails

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
069f696a by Aron Xu at 2023-03-13T10:59:44+08:00
Reserve DSA-5372-1 for rails

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -160805,7 +160805,6 @@ CVE-2021-22943 (A vulnerability found in UniFi 
Protect application V1.18.1 and e
 CVE-2021-22942 (A possible open redirect vulnerability in the Host 
Authorization middl ...)
[experimental] - rails 2:6.1.4.1+dfsg-1
- rails 2:6.1.4.1+dfsg-3 (bug #992586)
-   [bullseye] - rails  (Minor issue)
[buster] - rails  (Vulnerable code not present)
[stretch] - rails  (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1


=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[13 Mar 2023] DSA-5372-1 rails - security update
+   {CVE-2021-22942 CVE-2021-44528 CVE-2022-21831 CVE-2022-22577 
CVE-2022-23633 CVE-2022-2 CVE-2023-22792 CVE-2023-22794 CVE-2023-22795 
CVE-2023-22796}
+   [bullseye] - rails 2:6.0.3.7+dfsg-2+deb11u1
 [09 Mar 2023] DSA-5371-1 chromium - security update
{CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 
CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 
CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227 
CVE-2023-1228 CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232 
CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236}
[bullseye] - chromium 111.0.5563.64-1~deb11u1


=
data/dsa-needed.txt
=
@@ -37,8 +37,6 @@ php-horde-turba
 --
 py7zr
 --
-rails (aron)
---
 ring
   might make sense to rebase to current version
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/069f696a6c6326073e6f85aa6fd93f27280c0592

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/069f696a6c6326073e6f85aa6fd93f27280c0592
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add nodejs to dsa-needed and claim it

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78465ba7 by Aron Xu at 2023-02-27T01:35:03+08:00
add nodejs to dsa-needed and claim it

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -32,6 +32,8 @@ multipath-tools (carnil)
   Issue with the upload; has a hard dependency on systemd for 
systemd-tmpfiles, as systemd-standalone-tmpfiles
   is unavailable for bullseye. Should we ignore this?
 --
+nodejs (aron)
+--
 php-cas
 --
 php-horde-mime-viewer



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78465ba74d1643f25093dfc04187e872855690e7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78465ba74d1643f25093dfc04187e872855690e7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA-5362-1 for frr

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b85a2061 by Aron Xu at 2023-02-24T20:45:46+08:00
Reserve DSA-5362-1 for frr

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[24 Feb 2023] DSA-5362-1 frr - security update
+   {CVE-2022-37032}
+   [bullseye] - frr 7.5.1-1.1+deb11u1
 [24 Feb 2023] DSA-5361-1 tiff - security update
{CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 
CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804}
[bullseye] - tiff 4.2.0-1+deb11u4


=
data/dsa-needed.txt
=
@@ -19,8 +19,6 @@ apr (carnil)
 curl (jmm)
   pending work on remaining test case
 --
-frr (aron)
---
 jupyter-core
   Maintainer asked for availability to prepare updates
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b85a20619c531d7edee713f7b33e884b408acd2b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b85a20619c531d7edee713f7b33e884b408acd2b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dsa-needed: claim rails

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
285d282b by Aron Xu at 2023-02-24T18:34:21+08:00
dsa-needed: claim rails

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -43,7 +43,7 @@ php-horde-mime-viewer
 --
 php-horde-turba
 --
-rails
+rails (aron)
 --
 ruby-nokogiri
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/285d282b26af497dfef30bf6c426c288d6d95ab4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/285d282b26af497dfef30bf6c426c288d6d95ab4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] tiff DSA

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3938ffe8 by Aron Xu at 2023-02-24T16:11:45+08:00
tiff DSA

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[24 Feb 2023] DSA-5361-1 tiff - security update
+   {CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 
CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804}
+   [bullseye] - tiff 4.2.0-1+deb11u4
 [23 Feb 2023] DSA-5360-1 emacs - security update
{CVE-2022-48337 CVE-2022-48338 CVE-2022-48339}
[bullseye] - emacs 1:27.1+1-3.1+deb11u2


=
data/dsa-needed.txt
=
@@ -58,8 +58,6 @@ samba
 sofia-sip
   Maintainer proposed debdiff for review with additional question and sent a 
followup
 --
-tiff (aron)
---
 xrdp
   needs some additional clarification, tentatively DSA worthy
   maybe upgrade to 0.9.21 within bullseye?



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3938ffe80d3ff33afdf50f32fb76821d65a2406c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3938ffe80d3ff33afdf50f32fb76821d65a2406c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dsa-needed.txt: claim frr

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4de7c83 by Aron Xu at 2023-02-23T17:21:14+08:00
dsa-needed.txt: claim frr

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -23,7 +23,7 @@ curl (jmm)
 --
 emacs (jmm)
 --
-frr
+frr (aron)
 --
 jupyter-core
   Maintainer asked for availability to prepare updates



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4de7c830b47bb345b85e9f7fc8127b0cf9ff911

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4de7c830b47bb345b85e9f7fc8127b0cf9ff911
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] track fixed CVE for tiff

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c5218b5 by Aron Xu at 2023-02-23T17:10:17+08:00
track fixed CVE for tiff

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -22557,6 +22557,7 @@ CVE-2022-3971 (A vulnerability was found in 
matrix-appservice-irc up to 0.35.1.
 CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as 
critic ...)
{DLA-3278-1}
- tiff 4.4.0-6 (bug #1024737)
+   [bullseye] - tiff 4.2.0-1+deb11u3
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
NOTE: https://oss-fuzz.com/download?testcase_id=5738253143900160
@@ -30040,6 +30041,7 @@ CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write 
in _TIFFmemcpy in libtif
 CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in 
libtiff/tif ...)
{DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
+   [bullseye] - tiff 4.2.0-1+deb11u3
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426
 CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been 
classified as c ...)
@@ -30131,6 +30133,7 @@ CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read 
in writeSingleSection in
 CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in 
extractContigSamplesShifte ...)
{DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
+   [bullseye] - tiff 4.2.0-1+deb11u3
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff
 (v4.5.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435
 CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in 
libtiff/tif ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c5218b5345302eeebc2eb62c7485ff0d4f7a9bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c5218b5345302eeebc2eb62c7485ff0d4f7a9bb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA-5357-1 for git

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0de6743b by Aron Xu at 2023-02-23T14:26:37+08:00
Reserve DSA-5357-1 for git

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[23 Feb 2023] DSA-5357-1 git - security update
+   {CVE-2023-22490 CVE-2023-23946}
+   [bullseye] - git 1:2.30.2-1+deb11u2
 [20 Feb 2023] DSA-5356-1 sox - security update
{CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 
CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651}
[bullseye] - sox 14.4.2+git20190427-2+deb11u1


=
data/dsa-needed.txt
=
@@ -20,8 +20,6 @@ curl
 --
 frr
 --
-git (aron)
---
 jupyter-core
   Maintainer asked for availability to prepare updates
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de6743b8832a40427fcd3aadd96bee9169bc39c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de6743b8832a40427fcd3aadd96bee9169bc39c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dsa-needed.txt: add git and claim it

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b371a17 by Aron Xu at 2023-02-21T00:32:42+08:00
dsa-needed.txt: add git and claim it

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -20,6 +20,8 @@ curl
 --
 frr
 --
+git (aron)
+--
 jupyter-core
   Maintainer asked for availability to prepare updates
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b371a177388c51dbb3b80853169d227d00c2c49

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b371a177388c51dbb3b80853169d227d00c2c49
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add tiff to dsa-needed.txt and claim it

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7db63d1 by Aron Xu at 2023-01-29T21:20:57+08:00
add tiff to dsa-needed.txt and claim it

There are three more open CVEs to be addressed which is not covered by
previous release

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -59,6 +59,8 @@ sox
 --
 thunderbird (jmm)
 --
+tiff (aron)
+--
 varnish (carnil)
 --
 xrdp



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7db63d1e9908f34db27c4245219b8906cb030c1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7db63d1e9908f34db27c4245219b8906cb030c1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA-5333-1 for tiff

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d53c7a9f by Aron Xu at 2023-01-29T15:07:04+08:00
Reserve DSA-5333-1 for tiff

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -38247,20 +38247,17 @@ CVE-2022-2870 (A vulnerability was found in laravel 
5.1 and classified as proble
 CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to 
out of ...)
{DLA-3278-1}
- tiff 4.4.0~rc1-1
-   [bullseye] - tiff  (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c
 (v4.4.0rc1)
 CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw 
that c ...)
{DLA-3278-1}
- tiff 4.4.0~rc1-1
-   [bullseye] - tiff  (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c
 (v4.4.0rc1)
 CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can 
lead to o ...)
{DLA-3278-1}
- tiff 4.4.0~rc1-1
-   [bullseye] - tiff  (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c
 (v4.4.0rc1)
@@ -48831,7 +48828,6 @@ CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was 
discovered to contain a comm
 CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function 
of Tiff ...)
{DLA-3278-1}
- tiff 4.4.0-4
-   [bullseye] - tiff  (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990
 CVE-2022-34525
@@ -52801,21 +52797,18 @@ CVE-2017-20052 (A vulnerability classified as 
problematic was found in Python 2.
 CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows 
attackers to  ...)
{DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
-   [bullseye] - tiff  (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
 CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows 
attackers to  ...)
{DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
-   [bullseye] - tiff  (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
 CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows 
attackers to  ...)
{DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
-   [bullseye] - tiff  (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
@@ -60519,14 +60512,12 @@ CVE-2022-26041 (Directory traversal vulnerability in 
RCCMD 4.26 and earlier allo
NOT-FOR-US: RCCMD
 CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in 
libtif ...)
- tiff 4.4.0~rc1-1
-   [bullseye] - tiff  (Minor issue)
[buster] - tiff  (Vulnerable code introduced later, PoCs 
don't trigger)
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
 (v4.4.0rc1)
NOTE: Introduced by: 
https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b
 (v4.4.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
 CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in 
libtif ...)
- tiff 4.4.0~rc1-1
-   [bullseye] - tiff  (Minor issue)
[buster] - tiff  (Vulnerable code introduced later, PoCs 
don't trigger)
NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
 (v4.4.0rc1)
NOTE: Introduced by: 
https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b
 (v4.4.0rc1)
@@ -63760,14 +63751,12 @@ CVE-2022-1356 (cnMaestro is vulnerable to a local 
privilege escalation. By defau
 CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in 
main() ...)
{DLA-3278-1}
- tiff 4.3.0-8 (bug #1011160)
-   [bullseye] - tiff  (Minor issue)
NOTE: 

[Git][security-tracker-team/security-tracker][master] Reserve DSA-5332-1 for git

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a81e0fb by Aron Xu at 2023-01-29T15:00:36+08:00
Reserve DSA-5332-1 for git

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -35492,7 +35492,6 @@ CVE-2022-39261 (Twig is a template language for PHP. 
Versions 1.x prior to 1.44.
 CVE-2022-39260 (Git is an open source, scalable, distributed revision control 
system.  ...)
{DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
-   [bullseye] - git  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
NOTE: 
https://github.com/git/git/commit/32696a4cbe90929ae79ea442f5102c513ce3dfaa 
(v2.30.6)
@@ -35516,7 +35515,6 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client 
library, designed according
 CVE-2022-39253 (Git is an open source, scalable, distributed revision control 
system.  ...)
{DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
-   [bullseye] - git  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
NOTE: 
https://github.com/git/git/commit/6f054f9fb3a501c35b55c65e547a244f14c38d56 
(v2.30.6)
@@ -64008,7 +64006,6 @@ CVE-2022-29188 (Smokescreen is an HTTP proxy. The 
primary use case for Smokescre
 CVE-2022-29187 (Git is a distributed revision control system. Git prior to 
versions 2. ...)
{DLA-3239-1}
- git 1:2.37.2-1 (bug #1014848)
-   [bullseye] - git  (Minor issue)
NOTE: 
https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html
NOTE: 
https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688 
(v2.30.5)
NOTE: 
https://github.com/git/git/commit/ae9abbb63eea74441e3e8b153dc6ec1f94c373b4 
(v2.30.5) (regression)
@@ -76899,7 +76896,6 @@ CVE-2022-24766 (mitmproxy is an interactive, 
SSL/TLS-capable intercepting proxy.
 CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific 
patches.  ...)
{DLA-3239-1}
- git 1:2.35.2-1
-   [bullseye] - git  (Minor issue)
[stretch] - git  (Minor issue)
NOTE: 
https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064 
(v2.30.3)
NOTE: 
https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595 
(v2.30.3)


=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[29 Jan 2023] DSA-5332-1 git - security update
+   {CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 
CVE-2022-39260 CVE-2022-41903}
+   [bullseye] - git 1:2.30.2-1+deb11u1
 [28 Jan 2023] DSA-5331-1 openjdk-11 - security update
{CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 
CVE-2022-39399 CVE-2023-21835 CVE-2023-21843}
[bullseye] - openjdk-11 11.0.18+10-1~deb11u1


=
data/dsa-needed.txt
=
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 frr
 --
-git (aron)
---
 jupyter-core
   Maintainer asked for availability to prepare updates
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a81e0fb8bc72244e0d64eb092e2bd5b6d3da894

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a81e0fb8bc72244e0d64eb092e2bd5b6d3da894
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt: claim git

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2b44d24 by Aron Xu at 2023-01-22T13:43:19+08:00
data/dsa-needed.txt: claim git

mirabilos has asked jrnieder about his plan on fixing the security
issues, help was offerred and lets wait for response

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -20,7 +20,7 @@ curl (jmm)
 --
 frr
 --
-git
+git (aron)
 --
 jupyter-core
   Maintainer asked for availability to prepare updates



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2b44d248c916a8cb565aa8957521978382c7022

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2b44d248c916a8cb565aa8957521978382c7022
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Claim tiff in dsa-needed.txt

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5655bd9 by Aron Xu at 2023-01-09T11:42:11+08:00
Claim tiff in dsa-needed.txt

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -64,5 +64,5 @@ sofia-sip
 sox
   patch needed for CVE-2021-40426, check with upstream
 --
-tiff
+tiff (aron)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5655bd99403139327002ea683fc3c954279db0a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5655bd99403139327002ea683fc3c954279db0a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Unclaim trafficserver

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eb91a048 by Aron Xu at 2022-12-28T21:31:19+08:00
Unclaim trafficserver

Put back since maintainer is preparing the update.

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -61,7 +61,7 @@ sox
 --
 tiff
 --
-trafficserver (aron)
+trafficserver
   Maintainer asked for an update
 --
 webkit2gtk (berto)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb91a048fdb3e3b5f8687d23150ee0a3ea651f6a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb91a048fdb3e3b5f8687d23150ee0a3ea651f6a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Claim trafficserver

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f717860 by Aron Xu at 2022-12-28T17:45:14+08:00
Claim trafficserver

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -61,7 +61,7 @@ sox
 --
 tiff
 --
-trafficserver
+trafficserver (aron)
 --
 webkit2gtk (berto)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7178602fca168659b7edd39502079ab1f8d193

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7178602fca168659b7edd39502079ab1f8d193
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Take nodejs

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
627226eb by Aron Xu at 2022-12-23T13:57:41+08:00
Take nodejs

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -26,7 +26,7 @@ linux (carnil)
 netatalk
   open regression with MacOS, tentative patch not yet merged upstream
 --
-nodejs
+nodejs (aron)
 --
 multipath-tools
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627226eb445992437e2b19b5ce90ba17e5b696e9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627226eb445992437e2b19b5ce90ba17e5b696e9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Take gerbv again

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ec2ab03 by Aron Xu at 2022-12-09T15:54:06+08:00
Take gerbv again

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -16,7 +16,7 @@ cacti
 --
 frr
 --
-gerbv
+gerbv (aron)
 --
 lava
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ec2ab03a278e37d4d533d01c562e440aa4d133b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ec2ab03a278e37d4d533d01c562e440aa4d133b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dsa-needed: de-claim gerbv

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c403105b by Aron Xu at 2022-10-15T14:10:45+08:00
dsa-needed: de-claim gerbv

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -20,7 +20,7 @@ commons-configuration2
 --
 frr
 --
-gerbv (aron)
+gerbv
 --
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c403105b9c4de933d298f87fde4fd8bf7e3b936b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c403105b9c4de933d298f87fde4fd8bf7e3b936b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt: claim gerbv and maven-shared-utils

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b53260d by Aron Xu at 2022-09-23T11:33:18+08:00
data/dsa-needed.txt: claim gerbv and maven-shared-utils

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -18,7 +18,7 @@ commons-configuration
 --
 firefox-esr (jmm)
 --
-gerbv
+gerbv (aron)
 --
 gdal (aron)
 --
@@ -26,7 +26,7 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y versions
 --
-maven-shared-utils
+maven-shared-utils (aron)
 --
 netatalk
   open regression with MacOS, tentative patch not yet merged upstream



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b53260d73a9a1e740b52587f345763ef1b3c0ec

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b53260d73a9a1e740b52587f345763ef1b3c0ec
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt: claim gdal

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8387d550 by Aron Xu at 2022-09-21T14:55:04+08:00
data/dsa-needed.txt: claim gdal

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -26,7 +26,7 @@ fish (aron)
 --
 gerbv
 --
-gdal
+gdal (aron)
 --
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8387d550cddfb16db64d74e9a8ba9c9cc642b165

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8387d550cddfb16db64d74e9a8ba9c9cc642b165
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt: claim fish.

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81ac8a8f by Aron Xu at 2022-09-16T22:45:49+08:00
data/dsa-needed.txt: claim fish.

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -18,7 +18,7 @@ commons-configuration
 --
 connman (carnil)
 --
-fish
+fish (aron)
 --
 gdal
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81ac8a8f18629c2c514c5969abd5b217b268397c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81ac8a8f18629c2c514c5969abd5b217b268397c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] librecad fixed in sid

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14161dcd by Aron Xu at 2022-01-30T21:11:17+08:00
librecad fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -8867,17 +8867,17 @@ CVE-2021-45345
 CVE-2021-45344
RESERVED
 CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH 
handling of ...)
-   - librecad  (bug #1004518)
+   - librecad 2.1.3-3
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1468
NOTE: https://github.com/LibreCAD/LibreCAD/pull/1469
NOTE: Fixed by: 
https://github.com/LibreCAD/LibreCAD/commit/5771425808bd16e78e1c6f28728c0712c47316f7
 CVE-2021-45342 (A buffer overflow vulnerability in CDataList of the jwwlib 
component o ...)
-   - librecad  (bug #1004518)
+   - librecad 2.1.3-3
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1464
NOTE: https://github.com/LibreCAD/LibreCAD/pull/1465
NOTE: Fixed by: 
https://github.com/LibreCAD/LibreCAD/commit/4edcbe72679f95cb60979c77a348c1522a20b0f4
 CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib 
component o ...)
-   - librecad  (bug #1004518)
+   - librecad 2.1.3-3
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1462
NOTE: https://github.com/LibreCAD/LibreCAD/pull/1463
NOTE: Fixed by: 
https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14161dcd62310a87ab5793ba6b841f42de6ac954

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14161dcd62310a87ab5793ba6b841f42de6ac954
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2022-0235/node-fetch

[Aron Xu (@aron)]

Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a261a33d by Aron Xu at 2022-01-19T16:55:09+08:00
Reference upstream commit for CVE-2022-0235/node-fetch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -714,7 +714,7 @@ CVE-2022-0236 (The WP Import Export WordPress plugin (both 
free and premium vers
 CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information 
to an Un ...)
- node-fetch 
NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
-   TODO: check fixing commit
+   NOTE: Fixed by: 
https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80
 (v3.1.1)
 CVE-2022-0234
RESERVED
 CVE-2022-0233 (The ProfileGrid  User Profiles, Memberships, Groups and 
Communi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a261a33df92c837a592b41ccc540808c99c7c747

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a261a33df92c837a592b41ccc540808c99c7c747
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits