Bug#942670: security-tracker: Fetching additional NVD feed information needs to switch to JSON feeds

On Sat, Oct 19, 2019 at 10:29:34PM +0200, Salvatore Bonaccorso wrote: > Package: security-tracker > Severity: normal > > As per 16th of october the NVD XML data feeds is disabled[1]. The > security-tracker uses this feed to daily get additional information on > CVEs

Bug#942670: security-tracker: Fetching additional NVD feed information needs to switch to JSON feeds

Package: security-tracker Severity: normal As per 16th of october the NVD XML data feeds is disabled[1]. The security-tracker uses this feed to daily get additional information on CVEs (e.g. description). The update-nvd and the used parser lib/python/nvd.py needs to be switched to get and parse

[SECURITY] [DSA 4509-3] apache2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4509-3 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2019

[SECURITY] [DSA 4543-1] sudo security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4543-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 14, 2019

Re: Glances: Unprotected XMLRPC server enabled by default

Hi Jim, On Thu, Oct 10, 2019 at 04:31:01PM +0800, Jim Mee wrote: > Hi all, > > I recently found glances > package has added an XMLRPC API server that provides access for remote > users. Unfortunately it requires no authentication, and worse, it binds

[SECURITY] [DSA 4541-1] libapreq2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4541-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 04, 2019

[SECURITY] [DSA 4537-1] file-roller security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4537-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019

[SECURITY] [DSA 4536-1] exim4 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4536-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019

[SECURITY] [DSA 4535-1] e2fsprogs security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4535-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 27, 2019

Re: CVE in golang

Hi, On Thu, Sep 26, 2019 at 12:27:37PM +0200, Dr. Tobias Quathamer wrote: > Am 26.09.19 um 12:09 schrieb Dr. Tobias Quathamer: > > Hi, > > > > there is another CVE in golang: > > > > CVE-2019-16276 > > net/textproto: don't normalize headers with spaces before the colon. > >

[SECURITY] [DSA 4531-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4531-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2019

Re: Backporting a security fix for e2fsprogs to Stable

Hi Ted, [FTR, this is on the security public discussion list, if you need to contact the security team directly, you might use team@s.d.o or security@d..o] On Mon, Sep 23, 2019 at 07:42:02PM -0400, Theodore Y. Ts'o wrote: > Hi, I just released e2fsprogs v1.45.4 (upstream and for Debian >

[SECURITY] [DSA 4530-1] expat security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4530-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 22, 2019

[SECURITY] [DSA 4526-1] opendmarc security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4526-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 19, 2019

[SECURITY] [DSA 4525-1] ibus security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4525-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2019

Re: [secur...@suse.de] request for changing SUSE reference URL

Hi Alexandros, On Wed, Sep 18, 2019 at 09:36:14AM +0200, Alexandros Toptsoglou wrote: > Hi Paul, > > Thank you very much for your fast reaction. The changes were made live earlier today, so in meanwhile even the cached contents should correctly point to bugzilla.suse.com. Thanks for the

Re: Old open CVEs in webkit2gtk

Hi Alberto, On Wed, Sep 04, 2019 at 09:44:51AM +0200, Alberto Garcia wrote: > I was having a look at the list of CVEs for webkit2gtk: > > https://security-tracker.debian.org/tracker/source-package/webkit2gtk > > Two of them (CVE-2019-8375 and CVE-2017-17821) are listed as still > open in buster

[SECURITY] [DSA 4518-1] ghostscript security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4518-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2019

[SECURITY] [DSA 4513-1] samba security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4513-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 03, 2019

Re: CVE-2017-17518

Hi, On Sat, Aug 31, 2019 at 03:09:59AM +0200, J. Scheurich wrote: > Hi, > > https://www.cvedetails.com/cve/CVE-2017-17518/ > > | swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not > validate strings before launching the program specified > | by the BROWSER environment variable,

[SECURITY] [DSA 4510-1] dovecot security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4510-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 28, 2019

[SECURITY] [DSA 4509-1] apache2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4509-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2019

[SECURITY] [DSA 4507-1] squid security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4507-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019

Re: CVEs in golang

Hi Tobias, On Wed, Aug 14, 2019 at 09:40:54PM +0200, Dr. Tobias Quathamer wrote: > Hi, > > there are a couple of CVEs in golang: > > CVE-2019-14809: net/url: URL.Parse Multiple Parsing Issues > Issue: https://github.com/golang/go/issues/29098 > > Fixed for golang-1.11: >

[SECURITY] [DSA 4500-1] chromium security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4500-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert August 12, 2019

[SECURITY] [DSA 4497-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4497-1 secur...@debian.org https://www.debian.org/security/Ben Hutchings August 13, 2019

[SECURITY] [DSA 4496-1] pango1.0 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4496-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2019

[SECURITY] [DSA 4495-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4495-1 secur...@debian.org https://www.debian.org/security/Ben Hutchings August 10, 2019

Bug#908678: Update on the security-tracker git discussion

Hi Bastian, Thanks for keeping track and following up. On Tue, Aug 06, 2019 at 08:05:11AM +0200, Bastian Blank wrote: > Moin > > On Tue, Jul 02, 2019 at 01:38:10PM +0200, Moritz Muehlenhoff wrote: > > On Tue, Jul 02, 2019 at 01:25:43PM +0200, Salvatore Bonaccorso wrote: >

[SECURITY] [DSA 4489-1] patch security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4489-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2019

Re: External check

Hi, On Fri, Jul 26, 2019 at 05:45:34AM +, Security Tracker wrote: > CVE-2019-17196: missing from list This one is a false positive. It looks that https://www.redhat.com/security/data/metrics/cve-metadata-from-bugzilla.xml wrong information, because the CVE should be CVE-201*8*-17196 as is

[SECURITY] [DSA 4488-1] exim4 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4488-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2019

[SECURITY] [DSA 4484-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4484-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2019

Re: CVE-2017-9525 in Debian Stretch stable release

Hi, On Thu, Jul 11, 2019 at 05:21:38PM +0200, Vladyslav Cherednychenko wrote: > Dear Debian Security Team, > I noticed that the latest available cron package in the stable > distribution of Debian Stretch is vulnerable to CVE-2017-9525: > https://security-tracker.debian.org/tracker/CVE-2017-9525

[SECURITY] [DSA 4481-1] ruby-mini-magick security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4481-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 13, 2019

[SECURITY] [DSA 4477-1] zeromq3 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4477-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 08, 2019

Bug#931533: security-tracker: Fetch Sources.xz/Packages.xz when available instead of Sources.gz/Packages.gz

Package: security-tracker Severity: important Control: affects -1 + ftp.debian.org Starting with the buster release for the *-security and *-backports suites there are no Sources.gz and Packages.gz available in http://security.debian.org/debian-security/dists/buster/updates/main/source/

Bug#908678: Update on the security-tracker git discussion

Hi, On Mon, Jun 24, 2019 at 01:57:36PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Sun, Jun 09, 2019 at 01:48:58PM +0200, Salvatore Bonaccorso wrote: > > On Sat, Jun 08, 2019 at 06:29:24PM +0200, Salvatore Bonaccorso wrote: > > > Notes on

[SECURITY] [DSA 4473-1] rdesktop security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4473-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2019

[SECURITY] [DSA 4472-1] expat security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4472-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2019

Bug#908678: Update on the security-tracker git discussion

Hi, On Sun, Jun 09, 2019 at 01:48:58PM +0200, Salvatore Bonaccorso wrote: > On Sat, Jun 08, 2019 at 06:29:24PM +0200, Salvatore Bonaccorso wrote: > > Notes on possible CVE/list splits > > - > [...] > > After a face-to-face conversa

[SECURITY] [DSA 4469-1] libvirt security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4469-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2019

[SECURITY] [DSA 4468-1] php-horde-form security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4468-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2019

[SECURITY] [DSA 4465-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4465-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2019

[SECURITY] [DSA 4463-1] znc security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4463-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2019

[SECURITY] [DSA 4462-1] dbus security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4462-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2019

Bug#908678: Update on the security-tracker git discussion

On Sat, Jun 08, 2019 at 06:29:24PM +0200, Salvatore Bonaccorso wrote: > Notes on possible CVE/list splits > - [...] After a face-to-face conversation with Daniel, Daniel suggested to create a priority list out of that, we will followup with that to that (i

Bug#908678: Update on the security-tracker git discussion

Hi, On Thu, Jun 06, 2019 at 06:11:53PM +0200, Salvatore Bonaccorso wrote: > Hi Daniel, > > On Thu, Jun 06, 2019 at 08:35:47AM +0200, Daniel Lange wrote: > > Am 06.06.19 um 07:31 schrieb Salvatore Bonaccorso: > > > Could you again point me to your splitted up varian

[SECURITY] [DSA 4458-1] cyrus-imapd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4458-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 08, 2019

Bug#507303: security-tracker: please provide a per-maintainer report

Hi Raphael, On Sat, Nov 29, 2008 at 03:10:21PM -0600, Raphael Geissert wrote: > Package: security-tracker > Severity: wishlist > > It would be great to provide such report, as to have a link to it on > the DDPO. While looking at some open bugs for the security-tracker I encountered this one. I

Bug#908678: Update on the security-tracker git discussion

Hi Daniel, On Thu, Jun 06, 2019 at 08:35:47AM +0200, Daniel Lange wrote: > Am 06.06.19 um 07:31 schrieb Salvatore Bonaccorso: > > Could you again point me to your splitted up variant mirror? > > https://git.faster-it.de/debian_security_security-tracker_split_files/ Thanks!

[SECURITY] [DSA 4454-2] qemu regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4454-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2019

[SECURITY] [DSA 4456-1] exim4 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4456-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2019

Bug#929228: security-tracker: MITRE descriptions containing non-ascii characters might cause issues on accessing CVE page

Package: security-tracker Severity: normal Found this while checking for other issues, but not time to further properly investigate, but did now want to loose that initial tracking. When a CVE description from MITRE contains non-ascii/non-valid characters like

[SECURITY] [DSA 4444-1] linux security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA--1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019

[SECURITY] [DSA 4443-1] samba security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4443-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019

[SECURITY] [DSA 4442-2] cups-filters regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4442-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2019

[SECURITY] [DSA 4442-1] ghostscript security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4442-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2019

[SECURITY] [DSA 4438-1] atftp security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4438-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2019

[SECURITY] [DSA 4435-1] libpng1.6 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4435-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2019

[SECURITY] [DSA 4434-1] drupal7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4434-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2019

[SECURITY] [DSA 4432-1] ghostscript security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4432-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 16, 2019

[SECURITY] [DSA 4431-1] libssh2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4431-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019

Re: CVE-2018-20509

Hi Fuqian Huang, On Sat, Apr 13, 2019 at 12:02:12PM +0800, Fuqian Huang wrote: > > [Suggested description] > > The print_binder_ref_olocked function in drivers/android/binder.c in > > the Linux kernel 4.14.90 allows local users to obtain sensitive address > > information by reading " ref *desc

[SECURITY] [DSA 4425-1] wget security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4425-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2019

[SECURITY] [DSA 4422-1] apache2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4422-1 secur...@debian.org https://www.debian.org/security/ Stefan Fritsch April 03, 2019

Re: Debsecan stretch updates ignored

Hi Jasper, On Fri, Mar 22, 2019 at 10:19:37AM +, Jasper Hafkenscheid wrote: > When using debsecan on a fully updated stretch machine I get a whole list > of CVEs. The kernel package is the latest from stretch-updates/main, but > that is not matched in the security-tracker output. > The

[SECURITY] [DSA 4416-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4416-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019

[SECURITY] [DSA 4415-1] passenger security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4415-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2019

[SECURITY] [DSA 4413-1] ntfs-3g security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4413-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 21, 2019

Bug#919977: security-tracker: https://security-tracker.debian.org/tracker/data/json returns stale data

Hi Julien, On Tue, Feb 19, 2019 at 09:29:35PM +0100, Salvatore Bonaccorso wrote: > Hi Julien, > > On Tue, Feb 12, 2019 at 10:28:54AM +0100, Julien Cristau wrote: > > On 2/12/19 7:18 AM, Salvatore Bonaccorso wrote: > > > Agreed on leaving the bug open until clearer what i

[SECURITY] [DSA 4397-1] ldb security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4397-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2019

Bug#919977: security-tracker: https://security-tracker.debian.org/tracker/data/json returns stale data

Hi Julien, On Tue, Feb 12, 2019 at 10:28:54AM +0100, Julien Cristau wrote: > On 2/12/19 7:18 AM, Salvatore Bonaccorso wrote: > > Agreed on leaving the bug open until clearer what is going on? > > Ack. Right now this seem to be again stalled, at least from some locations. Regards, Salvatore

Bug#922247: security-tracker: please use new urlpath for DLAs on www.d.o

Hi HOlger, On Thu, Feb 14, 2019 at 07:08:23AM +0100, Salvatore Bonaccorso wrote: > Control: tags -1 + pending > > Hi Holger, > > On Wed, Feb 13, 2019 at 06:08:31PM +, Holger Levsen wrote: > > package: security-tracker > > x-debbugs-cc: debian-...@l

[SECURITY] [DSA 4393-1] systemd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4393-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 18, 2019

[SECURITY] [DSA 4388-2] mosquitto regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4388-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2019

Bug#922247: security-tracker: please use new urlpath for DLAs on www.d.o

Control: tags -1 + pending Hi Holger, On Wed, Feb 13, 2019 at 06:08:31PM +, Holger Levsen wrote: > package: security-tracker > x-debbugs-cc: debian-...@lists.debian.org > > Hi, > > this is a bug to track fixing this small glitch in the new > www.debian.org/lts/security/ area: > > On Mon,

Bug#919977: security-tracker: https://security-tracker.debian.org/tracker/data/json returns stale data

Hi Julien, On Mon, Feb 11, 2019 at 10:48:01AM +0100, Julien Cristau wrote: > On 2/10/19 5:24 PM, Salvatore Bonaccorso wrote: > > Looks this is happening again (or similarly): > > > > curl -I https://security-tracker.debian.org/tracker/data/json > > HTTP/2 200 > >

[SECURITY] [DSA 4377-2] rssh regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4377-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2019

Bug#919977: security-tracker: https://security-tracker.debian.org/tracker/data/json returns stale data

Hi Julien, On Mon, Jan 21, 2019 at 04:42:54PM +0100, Julien Cristau wrote: > +debian-admin > > On Mon, Jan 21, 2019 at 02:26:16PM +0100, Julien Cristau wrote: > > On Mon, Jan 21, 2019 at 09:27:19AM +0100, Philipp Hahn wrote: > > > Package: security-tracker > > > Severity: important > > > > > >

[SECURITY] [DSA 4385-1] dovecot security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4385-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 05, 2019

[SECURITY] [DSA 4383-1] libvncserver security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4383-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2019

[SECURITY] [DSA 4378-1] php-pear security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4378-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019

[SECURITY] [DSA 4375-1] spice security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4375-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2019

[SECURITY] [DSA 4367-2] systemd regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4367-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 15, 2019

[SECURITY] [DSA 4367-1] systemd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4367-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2019

Re: RFC: proposed fix for CVE-2018-19518 in uw-imap

Hi Roberto, On Sat, Dec 29, 2018 at 10:24:40AM -0500, Roberto C. Sánchez wrote: > On Sat, Dec 22, 2018 at 10:27:18PM -0500, Roberto C. Sánchez wrote: > > [note: I am not subscribed to debian-security; please keep me or > > debian-lts addressed on replies] > > > > If this seems like a sensible

[SECURITY] [DSA 4358-1] ruby-sanitize security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4358-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018

[SECURITY] [DSA 4346-2] ghostscript regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4346-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2018

[SECURITY] [DSA 4357-1] libapache-mod-jk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4357-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018

[SECURITY] [DSA 4356-1] netatalk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4356-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018

[SECURITY] [DSA 4351-1] libphp-phpmailer security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4351-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2018

[SECURITY] [DSA 4347-1] perl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4347-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 29, 2018

[SECURITY] [DSA 4346-1] ghostscript security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4346-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018

[SECURITY] [DSA 4345-1] samba security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4345-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 27, 2018

[SECURITY] [DSA 4344-1] roundcube security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4344-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2018

[SECURITY] [DSA 4339-2] ceph regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4339-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2018

[SECURITY] [DSA 4341-1] mariadb-10.1 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4341-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2018

Bug#908678: Testing the filter-branch scripts

Hi, On Wed, Nov 14, 2018 at 07:45:59PM +0100, Moritz Muehlenhoff wrote: > On Wed, Nov 14, 2018 at 07:34:03AM +0100, Daniel Lange wrote: > > Am 13.11.18 um 23:09 schrieb Moritz Muehlenhoff: > > > The current data structure works very well for us and splitting the files > > > has many downsides. >

[SECURITY] [DSA 4336-1] ghostscript security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4336-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018

<    1   2   3   4   5   6   7   8   >