[Git][security-tracker-team/security-tracker][master] Unclaim clamav from dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: bae8bff6 by Jonas Meurer at 2019-09-17T16:36:27Z Unclaim clamav from dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -17,7 +17,7 @@ cimg (Thorsten Alteholz) NOTE: inline function load_network_external is affected, variable filename NOTE: 20190916: also taking care of no-dsa -- -clamav (Jonas Meurer) +clamav NOTE: wait for definitive patch to be available, then upgrade to latest upstream NOTE: release (follow stretch changes) (hle) NOTE: https://lists.debian.org/debian-lts/2019/08/msg00023.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bae8bff61dd268138384c9ef953df8f4c65e517d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bae8bff61dd268138384c9ef953df8f4c65e517d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1921-1 for dnsmasq
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: c6c035fc by Jonas Meurer at 2019-09-13T11:20:02Z Reserve DLA-1921-1 for dnsmasq - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[13 Sep 2019] DLA-1921-1 dnsmasq - security update + {CVE-2019-14513} + [jessie] - dnsmasq 2.72-3+deb8u5 [13 Sep 2019] DLA-1920-1 golang-go.crypto - security update {CVE-2019-11841} [jessie] - golang-go.crypto 0.0~hg190-1+deb8u2 = data/dla-needed.txt = @@ -28,8 +28,6 @@ clamav (Jonas Meurer) NOTE: 20190822: upstream has released 0.101.4, wait for stretch update (see bug NOTE: report) (hle) -- -dnsmasq (Jonas Meurer) --- freeimage NOTE: Maintainer will take care of the update. NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6c035fc052d0c0e44114b5221a0df228e669389 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6c035fc052d0c0e44114b5221a0df228e669389 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim clamav and dnsmasq from dla-needed
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 12d00673 by Jonas Meurer at 2019-09-12T15:25:37Z Claim clamav and dnsmasq from dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,14 +21,14 @@ ansible (Roberto C. Sánchez) cimg (Thorsten Alteholz) NOTE: inline function load_network_external is affected, variable filename -- -clamav +clamav (Jonas Meurer) NOTE: wait for definitive patch to be available, then upgrade to latest upstream NOTE: release (follow stretch changes) (hle) NOTE: https://lists.debian.org/debian-lts/2019/08/msg00023.html NOTE: 20190822: upstream has released 0.101.4, wait for stretch update (see bug NOTE: report) (hle) -- -dnsmasq +dnsmasq (Jonas Meurer) -- freeimage NOTE: Maintainer will take care of the update. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12d006732ee51126de26319f07b0fc4e2cd22a0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12d006732ee51126de26319f07b0fc4e2cd22a0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark qbittorrent in Jessie as not-affected by CVE-2019-13640
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 94702d10 by Jonas Meurer at 2019-08-03T15:55:11Z Mark qbittorrent in Jessie as not-affected by CVE-2019-13640 - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -2652,6 +2652,7 @@ CVE-2019-13641 RESERVED CVE-2019-13640 (In qBittorrent before 4.1.7, the function Application::runExternalProg ...) - qbittorrent (bug #932539) + [stretch] - qbittorrent (Vulnerable code not present in 3.1.x series) NOTE: https://github.com/qbittorrent/qBittorrent/issues/10925 CVE-2019-13639 RESERVED = data/dla-needed.txt = @@ -84,8 +84,6 @@ proftpd-dfsg (Markus Koschany) -- python2.7 (Thorsten Alteholz) -- -qbittorrent (Jonas Meurer) --- qemu NOTE: 20190528: An upload candidate is waiting for being tested on real hardware. NOTE: 20190528: Still need to set up a notebook with jessie installed for testing. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94702d101b556f17bd32cfa61d36e2e5621b7316 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94702d101b556f17bd32cfa61d36e2e5621b7316 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim qbittorrent in data/dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 31d03ee3 by Jonas Meurer at 2019-08-03T15:44:52Z Claim qbittorrent in data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -84,7 +84,7 @@ proftpd-dfsg (Markus Koschany) -- python2.7 (Thorsten Alteholz) -- -qbittorrent +qbittorrent (Jonas Meurer) -- qemu NOTE: 20190528: An upload candidate is waiting for being tested on real hardware. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31d03ee325d2b7b44e02408dfd0635f4ad6abb56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31d03ee325d2b7b44e02408dfd0635f4ad6abb56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1852-1 for python3.4
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: abd2841c by Jonas Meurer at 2019-07-10T18:54:11Z Reserve DLA-1852-1 for python3.4 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[10 Jul 2019] DLA-1852-1 python3.4 - security update + {CVE-2019-9948} + [jessie] - python3.4 3.4.2-1+deb8u5 [10 Jul 2019] DLA-1851-1 openjpeg2 - security update {CVE-2016-9112 CVE-2018-20847} [jessie] - openjpeg2 2.1.0-2+deb8u7 = data/dla-needed.txt = @@ -91,8 +91,6 @@ linux-4.9 (Ben Hutchings) -- otrs2 (Abhijith PA) -- -python3.4 (Jonas Meurer) --- qemu NOTE: 20190528: An upload candidate is waiting for being tested on real hardware. NOTE: 20190528: Still need to set up a notebook with jessie installed for testing. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abd2841cb9c22bd8e99485e3dcc7f16e475d118e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/abd2841cb9c22bd8e99485e3dcc7f16e475d118e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim python3.4 from data/dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: fe88b92f by Jonas Meurer at 2019-07-09T13:03:08Z Claim python3.4 from data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -91,7 +91,7 @@ linux-4.9 (Ben Hutchings) -- openjpeg2 (Markus Koschany) -- -python3.4 +python3.4 (Jonas Meurer) -- qemu NOTE: 20190528: An upload candidate is waiting for being tested on real hardware. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe88b92f6398c6f5d5a430c35684c66679393147 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe88b92f6398c6f5d5a430c35684c66679393147 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note on CVE-2019-8457/sqlite3 in data/dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 64a7dab3 by Jonas Meurer at 2019-07-05T13:28:47Z Update note on CVE-2019-8457/sqlite3 in data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -107,8 +107,7 @@ sdl-image1.2 NOTE: see libsdl2 entry. -- sqlite3 - NOTE: CVE-2019-8457: The fix depends on a large former code migration. Backporting would imply - NOTE: CVE-2019-8457: huge amounts of code duplication. See summary mail to debian-lts: + NOTE: CVE-2019-8457: Should be ignored, based on the discussion on debian-lts: NOTE: CVE-2019-8457: https://lists.debian.org/debian-lts/2019/06/msg00013.html (mejo, 2019-06-13) NOTE: CVE-2019-5827: No public information about the actual vulnerability available yet. The NOTE: CVE-2019-5827: patches from sqlite3 3.27.2-3 suggest that it's related to switching to View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64a7dab3b5c52a104ef53d17371a7557fe112b99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64a7dab3b5c52a104ef53d17371a7557fe112b99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix package version for DLA-1843-1, add to data/CVE/list
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 5569c6a5 by Jonas Meurer at 2019-07-03T13:19:20Z Fix package version for DLA-1843-1, add to data/CVE/list - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -7570,13 +7570,13 @@ CVE-2019-10164 (PostgreSQL versions 10.x before 10.9 and versions 11.x before 11 NOTE: https://www.postgresql.org/about/news/1949/ CVE-2019-10163 [Denial of service via NOTIFY packets] RESERVED - {DSA-4470-1} + {DSA-4470-1 DLA-1843-1} - pdns 4.1.6-3 NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5 NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html CVE-2019-10162 [Denial of service via crafted zone records] RESERVED - {DSA-4470-1} + {DSA-4470-1 DLA-1843-1} - pdns 4.1.6-3 NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5 NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html = data/DLA/list = @@ -1,6 +1,6 @@ [03 Jul 2019] DLA-1843-1 pdns - security update {CVE-2019-10162 CVE-2019-10163} - [jessie] - pdns 3.4.1-4+deb8u9 + [jessie] - pdns 3.4.1-4+deb8u10 [01 Jul 2019] DLA-1842-1 python-django - security update {CVE-2019-12781} [jessie] - python-django 1.7.11-1+deb8u6 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5569c6a5bafec38abdc839652b51b10455860542 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5569c6a5bafec38abdc839652b51b10455860542 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1843-1 for pdns
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: f20e169f by Jonas Meurer at 2019-07-03T11:20:12Z Reserve DLA-1843-1 for pdns - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[03 Jul 2019] DLA-1843-1 pdns - security update + {CVE-2019-10162 CVE-2019-10163} + [jessie] - pdns 3.4.1-4+deb8u9 [01 Jul 2019] DLA-1842-1 python-django - security update {CVE-2019-12781} [jessie] - python-django 1.7.11-1+deb8u6 = data/dla-needed.txt = @@ -92,10 +92,6 @@ linux-4.9 (Ben Hutchings) -- openjpeg2 (Markus Koschany) -- -pdns (Jonas Meurer) - NOTE: 20190701: Pinged maintainer as they took care of uploads to jessie-security before. - NOTE: 20190701: Preliminary (untested) packages at https://salsa.debian.org/mejo/pdns/commit/259f267 --- qemu (Mike Gabriel) NOTE: 20190528: An upload candidate is waiting for being tested on real hardware. NOTE: 20190528: Still need to set up a notebook with jessie installed for testing. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f20e169f6a1b93a535610ee49534c4c356bdfada -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f20e169f6a1b93a535610ee49534c4c356bdfada You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note regarding pdns to dla-needed
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: c53df108 by Jonas Meurer at 2019-07-01T15:31:50Z Add note regarding pdns to dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -93,6 +93,8 @@ linux-4.9 (Ben Hutchings) openjpeg2 (Markus Koschany) -- pdns (Jonas Meurer) + NOTE: 20190701: Pinged maintainer as they took care of uploads to jessie-security before. + NOTE: 20190701: Preliminary (untested) packages at https://salsa.debian.org/mejo/pdns/commit/259f267 -- python-django NOTE: 20190701: CVE-2019-12781: upstream's 1.11 patch applies on jessie (beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c53df1080114d5b5b6dde5f64d156b31079752c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c53df1080114d5b5b6dde5f64d156b31079752c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add notes for CVE-2019-8457/sqlite3
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b6d66e5 by Jonas Meurer at 2019-07-01T14:38:41Z Add notes for CVE-2019-8457/sqlite3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12656,6 +12656,10 @@ CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with Anti-Malwa CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o ...) - sqlite3 3.27.2-3 (bug #929775) NOTE: https://www.sqlite.org/src/info/90acdbfce9c08858 + NOTE: Affected function is not used in Debian and meant for debugging purposes, + NOTE: backporting the fix would be very complex. + NOTE: https://lists.debian.org/debian-lts/2019/06/msg00013.html + NOTE: https://lists.debian.org/debian-lts/2019/06/msg00036.html CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditio ...) NOT-FOR-US: Check Point CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm up to 1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b6d66e593067f4f5f52bd3fd2468ba35df29abf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b6d66e593067f4f5f52bd3fd2468ba35df29abf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1837-2 for rdesktop
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 88ce8fbe by Jonas Meurer at 2019-07-01T11:18:58Z Reserve DLA-1837-2 for rdesktop - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[01 Jul 2019] DLA-1837-2 rdesktop - regression update + [jessie] - rdesktop 1.8.6-0+deb8u2 [30 Jun 2019] DLA-1841-1 gpac - security update {CVE-2019-12481 CVE-2019-12482 CVE-2019-12483} [jessie] - gpac 0.5.0+svn5324~dfsg1-1+deb8u4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88ce8fbe2d8ca7497d5adcfd0d1ebafbe4081563 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88ce8fbe2d8ca7497d5adcfd0d1ebafbe4081563 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1837-1 for rdesktop
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: d28a0cb3 by Jonas Meurer at 2019-06-25T10:21:30Z Reserve DLA-1837-1 for rdesktop - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[25 Jun 2019] DLA-1837-1 rdesktop - security update + [jessie] - rdesktop 1.8.6-0+deb8u1 [25 Jun 2019] DLA-1836-1 thunderbird - security update {CVE-2019-11707 CVE-2019-11708} [jessie] - thunderbird 1:60.7.2-1~deb8u1 = data/dla-needed.txt = @@ -95,8 +95,6 @@ qemu (Mike Gabriel) NOTE: 20190529: Upload candidate: http://packages.sunweavers.net/debian/pool/main/q/qemu/qemu_2.1+dfsg-12+deb8u12.dsc NOTE: 20190529: More testing needed. -- -rdesktop (Jonas Meurer) --- ruby-openid (Chris Lamb) -- sdl-image1.2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d28a0cb3e5f78b36aa8ac5ba0bc1d4398758c45e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d28a0cb3e5f78b36aa8ac5ba0bc1d4398758c45e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add pdns to data/dla-needed.txt and claim it
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: f28ff7ff by Jonas Meurer at 2019-06-23T11:00:44Z Add pdns to data/dla-needed.txt and claim it - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -89,6 +89,8 @@ mupdf NOTE: 20190529: Upload candidate: http://packages.sunweavers.net/debian/pool/main/m/mupdf/mupdf_1.5-1+deb8u5.dsc NOTE: 20190529: Not yet fully tested. -- +pdns (Jonas Meurer) +-- python2.7 (Roberto C. Sánchez) NOTE: 20190601: Packages built. (roberto) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f28ff7ffeae7505684bc9eaa39134dec231f9eec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f28ff7ffeae7505684bc9eaa39134dec231f9eec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim rdesktop from data/dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: df511be9 by Jonas Meurer at 2019-06-23T10:48:57Z Claim rdesktop from data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -103,7 +103,7 @@ qemu NOTE: 20190529: Upload candidate: http://packages.sunweavers.net/debian/pool/main/q/qemu/qemu_2.1+dfsg-12+deb8u12.dsc NOTE: 20190529: More testing needed. -- -rdesktop +rdesktop (Jonas Meurer) -- ruby-openid (Chris Lamb) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df511be9641eed034f92ac9fb2b6e6038abef349 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df511be9641eed034f92ac9fb2b6e6038abef349 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add notes regarding CVE-2019-5827/sqlite3 to dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 1264caea by Jonas Meurer at 2019-06-17T14:01:51Z Add notes regarding CVE-2019-5827/sqlite3 to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -126,11 +126,17 @@ ruby-omniauth sdl-image1.2 NOTE: see libsdl2 entry. -- -sqlite3 (Jonas Meurer) - NOTE: CVE-2019-8457: The fix depends on a large former code migration. Backporting didn't succeed - NOTE: CVE-2019-8457: without huge amounts of code duplication. I sent a summary of my findings to - NOTE: CVE-2019-8457: https://lists.debian.org/debian-lts/2019/06/msg00013.html - NOTE: CVE-2019-5827: Patches look much more straight-forward, will work on them nevertheless. +sqlite3 + NOTE: CVE-2019-8457: The fix depends on a large former code migration. Backporting would imply + NOTE: CVE-2019-8457: huge amounts of code duplication. See summary mail to debian-lts: + NOTE: CVE-2019-8457: https://lists.debian.org/debian-lts/2019/06/msg00013.html (mejo, 2019-06-13) + NOTE: CVE-2019-5827: No public information about the actual vulnerability available yet. The + NOTE: CVE-2019-5827: patches from sqlite3 3.27.2-3 suggest that it's related to switching to + NOTE: CVE-2019-5827: 64-bit memory allocators. There's been quite some changes related to this + NOTE: CVE-2019-5827: migration between the Jessie version and 3.27.2-3 (from unstable). We might + NOTE: CVE-2019-5827: have to look into them as well. (mejo, 2019-06-17) + NOTE: 20190617: A preliminary package with *just* the (presumably) CVE-2019-5827 patches backported: + NOTE: 20190617: https://people.debian.org/~mejo/debian/jessie-security/sqlite3_3.8.7.1-1+deb8u5.dsc -- tomcat8 (Abhijith PA) NOTE: 20190522: FTBFS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1264caea292378531bf7447251efcf1be93d5a0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1264caea292378531bf7447251efcf1be93d5a0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add notes about CVE-2019-8457/sqlite3
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 197d0d3f by Jonas Meurer at 2019-06-13T14:09:27Z Add notes about CVE-2019-8457/sqlite3 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -125,6 +125,10 @@ sdl-image1.2 (Hugo Lefeuvre) NOTE: see libsdl2 entry. -- sqlite3 (Jonas Meurer) + NOTE: CVE-2019-8457: The fix depends on a large former code migration. Backporting didn't succeed + NOTE: CVE-2019-8457: without huge amounts of code duplication. I sent a summary of my findings to + NOTE: CVE-2019-8457: https://lists.debian.org/debian-lts/2019/06/msg00013.html + NOTE: CVE-2019-5827: Patches look much more straight-forward, will work on them nevertheless. -- tomcat8 (Abhijith PA) NOTE: 20190522: FTBFS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/197d0d3fb87a2a16e7b7cbaf9dba0092824d9c07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/197d0d3fb87a2a16e7b7cbaf9dba0092824d9c07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-11038/libgd2
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: f67f54b9 by Jonas Meurer at 2019-06-11T16:21:02Z Update status for CVE-2019-11038/libgd2 - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -4282,7 +4282,7 @@ CVE-2019-11039 [Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to in NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069 CVE-2019-11038 [Uninitialized read in gdImageCreateFromXbm] RESERVED - - libgd2 (low; bug #929821) + - libgd2 2.2.5-5.2 (low; bug #929821) [stretch] - libgd2 (Minor issue) - php7.3 7.3.6-1 (unimportant) - php7.0 (unimportant) = data/next-point-update.txt = @@ -71,3 +71,5 @@ CVE-2019-12109 [stretch] - miniupnpd 1.8.20140523-4.1+deb9u2 CVE-2019-12110 [stretch] - miniupnpd 1.8.20140523-4.1+deb9u2 +CVE-2019-11038 + [stretch] - libgd2 2.2.4-2+deb9u5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f67f54b990980d4b3499cd061a5f55f66e1f7461 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f67f54b990980d4b3499cd061a5f55f66e1f7461 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1817-1 for libgd2
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: cc7061af by Jonas Meurer at 2019-06-11T15:59:39Z Reserve DLA-1817-1 for libgd2 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[11 Jun 2019] DLA-1817-1 libgd2 - security update + {CVE-2019-11038} + [jessie] - libgd2 2.1.0-5+deb8u13 [11 Jun 2019] DLA-1816-1 otrs2 - security update {CVE-2019-12248 CVE-2019-12497} [jessie] - otrs2 3.3.18-1+deb8u10 = data/dla-needed.txt = @@ -47,9 +47,6 @@ libav NOTE: 20190529: has been found, so far. If you pick libav, be prepared to work NOTE: 20190529: out patches yourself. -- -libgd2 (Jonas Meurer) - NOTE: 20190601: https://gist.github.com/cmb69/2626f1f03df7fb87411238be70ae8995 --- libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. NOTE: triage work needed, help security team for fixes if needed. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc7061af975f41231f93b04b10a07378fdcfcf34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc7061af975f41231f93b04b10a07378fdcfcf34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim libgd2 and sqlite3 from data/dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 651b28b4 by Jonas Meurer at 2019-06-01T09:26:01Z Claim libgd2 and sqlite3 from data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -56,7 +56,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: older changes seem to also be required for them NOTE: 20190526: work is ongoing -- -libgd2 +libgd2 (Jonas Meurer) NOTE: 20190601: https://gist.github.com/cmb69/2626f1f03df7fb87411238be70ae8995 -- libsdl1.2 (Hugo Lefeuvre) @@ -120,7 +120,7 @@ ruby-omniauth (Abhijith PA) sdl-image1.2 (Hugo Lefeuvre) NOTE: see libsdl2 entry. -- -sqlite3 +sqlite3 (Jonas Meurer) -- sysdig (Hugo Lefeuvre) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/651b28b45edb470905d8306de9ff45776c70d82a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/651b28b45edb470905d8306de9ff45776c70d82a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-3890 as minor-issue (no-dsa) for jessie
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 8736cd71 by Jonas Meurer at 2019-05-20T11:34:05Z Mark CVE-2019-3890 as minor-issue (no-dsa) for jessie * Follow Security Team's decision - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -20504,6 +20504,7 @@ CVE-2019-3890 [experimental] - evolution-ews 3.31.90-1 - evolution-ews (bug #926712) [stretch] - evolution-ews (Minor issue) + [jessie] - evolution-ews (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution-ews/issues/27 NOTE: https://gitlab.gnome.org/GNOME/evolution-ews/issues/36 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678313 = data/dla-needed.txt = @@ -23,8 +23,6 @@ bind9 (Thorsten Alteholz) claws-mail NOTE: 20190408: patch not yet available -- -evolution-ews --- faad2 (Hugo Lefeuvre) NOTE: 20190519: I have a few patches pending for open issues. Will be PR-ed soon. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8736cd71f659eab2e5b9a7005eaed180de5e57cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8736cd71f659eab2e5b9a7005eaed180de5e57cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1797-1 for drupal7
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: f3461aa2 by Jonas Meurer at 2019-05-20T11:13:59Z Reserve DLA-1797-1 for drupal7 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[20 May 2019] DLA-1797-1 drupal7 - security update + {CVE-2019-11358 CVE-2019-11831} + [jessie] - drupal7 7.32-1+deb8u17 [20 May 2019] DLA-1796-1 jruby - security update {CVE-2018-174 CVE-2018-175 CVE-2018-176 CVE-2018-177 CVE-2018-178 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325} [jessie] - jruby 1.5.6-9+deb8u1 = data/dla-needed.txt = @@ -23,8 +23,6 @@ bind9 (Thorsten Alteholz) claws-mail NOTE: 20190408: patch not yet available -- -drupal7 (Jonas Meurer) --- evolution-ews -- faad2 (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3461aa2f47c9b04e99dad3c9051c36ed2bc75b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3461aa2f47c9b04e99dad3c9051c36ed2bc75b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1778-1 for symfony
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: db3f9cc6 by Jonas Meurer at 2019-05-06T17:08:24Z Reserve DLA-1778-1 for symfony - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[06 May 2019] DLA-1778-1 symfony - security update + {CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913} + [jessie] - symfony 2.3.21+dfsg-4+deb8u5 [06 May 2019] DLA-1777-1 jquery - security update {CVE-2019-11358} [jessie] - jquery 1.7.2+dfsg-3.2+deb8u6 = data/dla-needed.txt = @@ -122,8 +122,6 @@ sox NOTE: 20190416: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time. NOTE: Check again later. - hle -- -symfony (Jonas Meurer) --- wireshark -- wordpress View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db3f9cc6dcfe92bd1dee7d0518b4280aa50f732c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db3f9cc6dcfe92bd1dee7d0518b4280aa50f732c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-10912 as not-affected in Jessie
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: a0d22f48 by Jonas Meurer at 2019-05-06T13:58:14Z Mark CVE-2019-10912 as not-affected in Jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2033,6 +2033,7 @@ CVE-2019-10913 CVE-2019-10912 RESERVED - symfony 3.4.22+dfsg-2 + [jessie] - symfony (vulnerable code is not present) NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized CVE-2019-10911 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0d22f483b7957cce4aeccc77fd2ec1bd3a4a118 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0d22f483b7957cce4aeccc77fd2ec1bd3a4a118 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim drupal7 and symfony in data/dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d668241 by Jonas Meurer at 2019-05-03T10:53:26Z Claim drupal7 and symfony in data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -19,7 +19,7 @@ bind9 (Thorsten Alteholz) claws-mail NOTE: 20190408: patch not yet available -- -drupal7 +drupal7 (Jonas Meurer) -- evolution-ews -- @@ -122,7 +122,7 @@ sox NOTE: 20190416: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time. NOTE: Check again later. - hle -- -symfony +symfony (Jonas Meurer) -- wavpack (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d6682411ade0afc4b7fc661fd15ca277f6e2a5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d6682411ade0afc4b7fc661fd15ca277f6e2a5e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1766-1 for evolution
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a03d8fd by Jonas Meurer at 2019-04-26T18:27:34Z Reserve DLA-1766-1 for evolution - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[26 Apr 2019] DLA-1766-1 evolution - security update + {CVE-2018-15587} + [jessie] - evolution 3.12.9~git20141130.241663-1+deb8u1 [26 Apr 2019] DLA-1762-2 systemd - regression update {CVE-2017-18078} [jessie] - systemd 215-17+deb8u13 = data/dla-needed.txt = @@ -28,10 +28,6 @@ claws-mail -- drupal7 -- -evolution (Jonas Meurer) - NOTE: 20190423: I have a fixed version ready for upload, but futher debugging - NOTE: 20190423: is required for evolution-data-server. --- evolution-ews -- faad2 (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a03d8fde3bbc28e54e79bd644f519fa5de4fcec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a03d8fde3bbc28e54e79bd644f519fa5de4fcec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove evolution-data-server from data/dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: a1341c39 by Jonas Meurer at 2019-04-26T18:15:59Z Remove evolution-data-server from data/dla-needed.txt Strictly speaking, evolution-data-server is not affected by CVE-2018-15587 and got removed from CVE-2018-15587 in data/CVE/list with commit 34c907a0fb48667022f6b16fef327318a8f1ada8. Consequently removing it from data/dla-needed.txt as well. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,9 +32,6 @@ evolution (Jonas Meurer) NOTE: 20190423: I have a fixed version ready for upload, but futher debugging NOTE: 20190423: is required for evolution-data-server. -- -evolution-data-server (Jonas Meurer) - NOTE: 20190418: working on it, but needs more debugging --- evolution-ews -- faad2 (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1341c3971681e3b2414e97abb474ad34abd8e0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1341c3971681e3b2414e97abb474ad34abd8e0b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2018-15587 in data/CVE/list
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 32e93f1d by Jonas Meurer at 2019-04-24T14:03:50Z Update notes for CVE-2018-15587 in data/CVE/list - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40554,6 +40554,8 @@ CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures be NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/93306a296c64b48d12c356804f131048643eaa0a (evolution-data-server) NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/accb0e2415681565e4dac00cf1c4303c313ad29e (evolution-data-server) NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/5cd59aee67450e8750eb3cb2d357d0947f199f61 (evolution-data-server) + NOTE: The CVE is about signature spoofing and only affects evolution (issue #120) + NOTE: The other issues (encryption spoofing) are unrelated and have low(er) severity. CVE-2018-15586 (Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed ...) - enigmail 2:2.0.6.1-2 [jessie] - enigmail (see https://lists.debian.org/debian-lts-announce/2019/02/msg2.html) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32e93f1d6689641dc90e8d21b7bff72aff22f46a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32e93f1d6689641dc90e8d21b7bff72aff22f46a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes on evolution in data/dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: ec0ae80b by Jonas Meurer at 2019-04-23T15:18:25Z Update notes on evolution in data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,7 +23,8 @@ claws-mail NOTE: 20190408: patch not yet available -- evolution (Jonas Meurer) - NOTE: 20190418: working on it, but needs more debugging + NOTE: 20190423: I have a fixed version ready for upload, but futher debugging + NOTE: 20190423: is required for evolution-data-server. -- evolution-data-server (Jonas Meurer) NOTE: 20190418: working on it, but needs more debugging View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec0ae80b441d84b19ad5120f7e95fb6d01d97d4e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec0ae80b441d84b19ad5120f7e95fb6d01d97d4e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note that I still work on evolution{,-data-server} to dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 955793c5 by Jonas Meurer at 2019-04-18T14:09:32Z Add note that I still work on evolution{,-data-server} to dla-needed.txt * Unclaim evolution-ews - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -28,10 +28,12 @@ claws-mail NOTE: 20190408: patch not yet available -- evolution (Jonas Meurer) + NOTE: 20190418: working on it, but needs more debugging -- evolution-data-server (Jonas Meurer) + NOTE: 20190418: working on it, but needs more debugging -- -evolution-ews (Jonas Meurer) +evolution-ews -- faad2 (Hugo Lefeuvre) NOTE: 20190412: both patches for CVE-2018-20362 and CVE-2018-20194 merged by upstream. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/955793c5f97349ecfe5e02e8d0b69d487453bc36 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/955793c5f97349ecfe5e02e8d0b69d487453bc36 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim evolution* in data/dla-needed.txt
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 61625b5a by Jonas Meurer at 2019-04-09T10:56:14Z Claim evolution* in data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,11 +22,11 @@ clamav (Ola Lundqvist) claws-mail NOTE: 20190408: patch not yet available -- -evolution +evolution (Jonas Meurer) -- -evolution-data-server +evolution-data-server (Jonas Meurer) -- -evolution-ews +evolution-ews (Jonas Meurer) -- faad2 (Hugo Lefeuvre) NOTE: 20190407: CVE-2018-20362: wrote a patch, currently testing it. This might fix many other View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61625b5aa4c9a0921ce12ec8f4f33cdbb62fa74a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61625b5aa4c9a0921ce12ec8f4f33cdbb62fa74a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1748-1 for apache2
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 520df25b by Jonas Meurer at 2019-04-03T13:46:02Z Reserve DLA-1748-1 for apache2 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[03 Apr 2019] DLA-1748-1 apache2 - security update + {CVE-2019-0217 CVE-2019-0220} + [jessie] - apache2 2.4.10-10+deb8u14 [02 Apr 2019] DLA-1730-2 libssh2 - regression update [jessie] - libssh2 1.4.3-4.1+deb8u3 [02 Apr 2019] DLA-1747-1 firmware-nonfree - security update = data/dla-needed.txt = @@ -9,8 +9,6 @@ To pick an issue, simply add your name behind it. To learn more about how this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues --- -apache2 (Jonas Meurer) -- checkstyle (Adrian Bunk) NOTE: CVE-2019-9658: changes appear to involve compatibility breakage, handle with care. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/520df25b2552d38b91e1a139ca01a57f0f9d5698 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/520df25b2552d38b91e1a139ca01a57f0f9d5698 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update apache2 CVEs CVE-2019-0217, CVE-2019-0220 and CVE-2019-0211
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: 520452b2 by Jonas Meurer at 2019-04-02T14:49:33Z Update apache2 CVEs CVE-2019-0217, CVE-2019-0220 and CVE-2019-0211 * Mark jessie as not-affected for CVE-2019-0211 * Add notes to CVE-2019-0217 and CVE-2019-0220 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28294,6 +28294,7 @@ CVE-2019-0220 [Apache httpd URL normalization inconsistincy] RESERVED - apache2 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220 +NOTE: https://svn.apache.org/r1855737 and https://svn.apache.org/r1855853 CVE-2019-0219 RESERVED CVE-2019-0218 @@ -28302,6 +28303,7 @@ CVE-2019-0217 [mod_auth_digest access control bypass] RESERVED - apache2 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217 +NOTE: https://svn.apache.org/r1855298 CVE-2019-0216 RESERVED CVE-2019-0215 [mod_ssl access control bypass] @@ -28319,6 +28321,7 @@ CVE-2019-0212 (In all previously released Apache HBase 2.x versions (2.0.0-2.0.4 CVE-2019-0211 [Apache HTTP Server privilege escalation from modules' scripts] RESERVED - apache2 + [jessie] - apache2 (Vulnerable code introduced later) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211 CVE-2019-0210 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/520452b2fafc03398b38da432a2224035238a766 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/520452b2fafc03398b38da432a2224035238a766 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add apache2 to dla-needed.txt and claim it
Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker Commits: c88e4259 by Jonas Meurer at 2019-04-02T12:08:12Z Add apache2 to dla-needed.txt and claim it - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -9,6 +9,8 @@ To pick an issue, simply add your name behind it. To learn more about how this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues +-- +apache2 (Jonas Meurer) -- checkstyle (Adrian Bunk) NOTE: CVE-2019-9658: changes appear to involve compatibility breakage, handle with care. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c88e4259dcbf01acda42d025c2e3ab118b4ff1a0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c88e4259dcbf01acda42d025c2e3ab118b4ff1a0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits