[Git][security-tracker-team/security-tracker][master] Claim poppler in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 89d78ce2 by Markus Koschany at 2022-09-03T23:54:04+02:00 Claim poppler in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -66,7 +66,7 @@ nodejs (Sylvain Beucler) NOTE: 20220801: Programming language: JavaScript, C/C++, Python. NOTE: 20220801: one of the upstream fixes doesn't address the security issue (jmm) -- -poppler +poppler (Markus Koschany) NOTE: 20220902: Programming language C. -- qemu (Abhijith PA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d78ce2349421010afe77c055416493c7dba8de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d78ce2349421010afe77c055416493c7dba8de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim poppler in dla-needed.txt update status of remaining packages.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e6e631b0 by Markus Koschany at 2020-10-26T01:39:55+01:00 Claim poppler in dla-needed.txt update status of remaining packages. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -84,9 +84,10 @@ golang-github-dgrijalva-jwt-go golang-golang-x-net-dev -- guacamole-server (Markus Koschany) - NOTE: 20201010: Reported my findings to the maintainers and the + NOTE: 20201026: Reported my findings to the maintainers and the NOTE: security team. Waiting for feedback. CVE is in guacamole-server not in NOTE: guacamole-client. Backporting the upstream patch seems viable. + NOTE: release will be this week -- junit4 (Abhijith PA) -- @@ -97,9 +98,10 @@ lemonldap-ng NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could defer. (lamby) -- libonig (Markus Koschany) - NOTE: 20201002: Fix for CVE-2020-26159 is too trivial. Besides that, please consider - NOTE: 20201002: fixing other errors mentioned in https://github.com/kkos/oniguruma/issues/207 - NOTE: 20201002: and the other 6/7 CVEs tagged as no-dsa in stretch but fixed in jessie. (utkarsh) + NOTE: 20201026: Fix for CVE-2020-26159 is too trivial. Besides that, please consider + NOTE: 20201026: fixing other errors mentioned in https://github.com/kkos/oniguruma/issues/207 + NOTE: 20201026: and the other 6/7 CVEs tagged as no-dsa in stretch but fixed in jessie. (utkarsh) + NOTE: 20201026: release will be this week -- libproxy (Emilio) NOTE: 20201026: patch not sanctioned upstream yet (Emilio) @@ -131,6 +133,8 @@ php-horde-trean pluxml NOTE: 20201011: issue is still open upstream. Also low priority for us (abhijith) -- +poppler (Markus Koschany) +-- python3.5 (Thorsten Alteholz) NOTE: 20201011: testing package NOTE: 20201018: recovering from a broken computer :-( View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e631b06d31e0a45811bf19c8d84f296cf17da1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e631b06d31e0a45811bf19c8d84f296cf17da1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim poppler
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: b8944b86 by Brian May at 2019-10-14T06:22:40Z Claim poppler - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -130,7 +130,7 @@ pam-python -- polarssl -- -poppler +poppler (Brian May) -- radare2 NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8944b868eecbb7834dd6767bbe56d784baaea2c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8944b868eecbb7834dd6767bbe56d784baaea2c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim poppler
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2407fd97 by Thorsten Alteholz at 2019-09-16T07:35:20Z claim poppler - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -109,7 +109,7 @@ php-pecl-http (Roberto C. Sánchez) php5 (Roberto C. Sánchez) NOTE: 20190910: Also investigate/(fix?) https://bugs.debian.org/939981 -- -poppler +poppler (Thorsten Alteholz) -- python2.7 (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2407fd97cedf2b82be1d7254097f0e73a158e5ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2407fd97cedf2b82be1d7254097f0e73a158e5ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim poppler
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: db1bdb47 by Mike Gabriel at 2019-04-01T12:39:33Z claim poppler - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -76,7 +76,7 @@ nuget polarssl NOTE: 20181207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby) -- -poppler +poppler (Mike Gabriel) NOTE: 20190325: fix in-progress for CVE-2019-9631 NOTE: 20190325: no fix yet for CVE-2019-9543 nor CVE-2019-9545 NOTE: 20190325: fix available for CVE-2019-9903 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db1bdb47d8bad895d53f64e44d879bb2bddc96bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db1bdb47d8bad895d53f64e44d879bb2bddc96bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim poppler in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 95304505 by Markus Koschany at 2019-03-02T20:34:56Z Claim poppler in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -92,6 +92,8 @@ php5 (Thorsten Alteholz) polarssl NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby) -- +poppler (Markus Koschany) +-- qemu NOTE: CVE-2018-19665: wait for final patch -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/95304505605d059d99d29491fd385579f7a241a0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/95304505605d059d99d29491fd385579f7a241a0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim poppler
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: fcbb960c by Mike Gabriel at 2018-10-22T09:39:32Z claim poppler - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -65,7 +65,7 @@ paramiko (Thorsten Alteholz) phpldapadmin (Mike Gabriel) NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- -poppler +poppler (Mike Gabriel) NOTE: 20180928: Consider fixing no-dsa/ignored bugs as well since this is NOTE: 20180928: frequently used package. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fcbb960c25199ff79bcc7ac34b13b8db35968bb2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fcbb960c25199ff79bcc7ac34b13b8db35968bb2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits