On Tue, 2022-01-11 at 11:20 +, Neil Williams wrote:
> I might need to brush up on my Perl and make a patch for lintian which
> downloads the sec tracker JSON and checks the CVE list in the .changes
> file - warnings from lintian are more likely to get fixed prior to
> upload. Depends if you
Package: security-tracker
Severity: wishlist
It would be nice to include some more information in page titles, so
that records of those page titles in search engine results, browser
tabs and browser history are more useful to visitors to the site.
Here are examples of the potential changes that
On Sun, Jan 19, 2020 at 3:05 AM Dmitry Smirnov wrote:
> It might be nice to add "cvedetails.com" to CVE Source links.
> https://www.cvedetails.com/cve/CVE-2019-13072/
This doesn't appear to add any details that aren't on Mitre:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072
--
On Mon, Nov 4, 2019 at 7:57 AM Lindsey Lassen wrote:
> Hello, I am unsure if I am contacting the correct department for my concern.
> I have had your open source software added on my cell phone and I have never
> authorized your company nor anyone else for that matter. It would be a great
>
On Tue, Sep 17, 2019 at 11:48 PM Alexandros Toptsoglou wrote:
> Could you please change this and from now on point to SUSE bugs using
> bugzilla.suse.com which is the correct and basically the one that we
> always reference?
I've made a commit changing all bugzilla.novell.com references to
On Tue, Oct 23, 2018 at 12:33 AM bo0od wrote:
> yay! , yeah it worked thx alot :)
In addition, we have some Tor-based Onion services available:
https://onion.debian.org/
PS: this mailing list is about the security-tracker.debian.org site,
not about Debian mirrors or their security so please
On Thu, Sep 13, 2018 at 7:37 PM, Salvatore Bonaccorso wrote:
> Do you have any hints at us on what we could look at to faciliate/help
> more salsa maintainers?
I think I read on IRC that the main thing is that the design of git is
not optimised for having large and growing files that change on
On Sat, Sep 1, 2018 at 5:53 PM, Holger Levsen wrote:
> On Sat, Sep 01, 2018 at 12:43:58PM +0800, Paul Wise wrote:
>> > So, I always go to [1] with my web browser, copy the URL of the .dsc file
>> > and then dget that .dsc file.
>> This misses out verifying apt si
On Sat, Sep 1, 2018 at 5:48 AM, Mike Gabriel wrote:
> when working for the LTS team, I regularly need to download source packages
> from the LTS version of Debian. My development machine normally runs a newer
> Debian version, having deb-src URLs for Debian LTS in sources.list is
> possible but
On Mon, 2018-04-23 at 22:17 +0200, Julien Muchembled wrote:
> I suggest to update embedded-code-copies because this package forks
> the 'pickle' modules of Python 2.7.6 and 3.3.2
> python2.7
> - zodbpickle (embed)
> NOTE: embeds stdlib modules: pickle, cpickle
>
> I am
On Thu, 2018-01-25 at 11:05 -0500, Antoine Beaupré wrote:
> I'm not sure what to say to nodesecurity.io folks
I've already contacted them multiple times in 2014 and once in 2016,
about incorporating CVEs into their workflow. The responses were
positive but didn't result in much change, except
Transform the given identifier to a standard one and
redirect to the standard form if it is in the database:
* convert spaces to dashes
* convert lowercase to uppercase
---
bin/tracker_service.py | 21 -
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git
On Fri, Jan 12, 2018 at 4:59 PM, Mattia Dorigatti wrote:
> I have a question. Why do the security tracker sites have the
> X-Frame-Options:sameorigin header set? Because I've wanted to keep an eye on
> some CVEs I've created a simple html site with three iframes and the refresh
> meta tag so
On Mon, Jun 12, 2017 at 3:37 AM, Salvatore Bonaccorso wrote:
> I'm attaching the *preliminary* set of changes which I plan to
> activate once stretch is released.
Wow, there really is a horribly large amount of hard-coding of things
that should be fetched from the archive instead. I've added a
On Sat, May 27, 2017 at 5:06 PM, Chris Lamb wrote:
> Can you briefly explain what changes you are refering to?
If appropriate, please document the hard-coding here too:
https://wiki.debian.org/SuitesAndReposExtension
--
bye,
pabs
https://wiki.debian.org/PaulWise
On Mon, Oct 24, 2016 at 9:02 PM, Omar Abu Ajamieh wrote:
> i have multiple Debian servers with this kernel version ( 3.2.0-4-amd64 #1
> SMP Debian 3.2.63-2 ) and i’m trying to fix the CVE-2016-5195 on it ,so
> could please help me in how i can determine if my server is vulnerable or
> not and
On Fri, Sep 2, 2016 at 5:59 PM, Ivan Vasylivskyi wrote:
> Why some vulnerabilities listed by Ubuntu Security Tracker which are public
> and populated marked as RESERVED on mitre.org ?
This mailing list is for the Debian Security Tracker, not the Ubuntu
security tracker.
A lot of the time the
On Mon, May 16, 2016 at 5:17 AM, Sascha Steinbiss wrote:
> as the maintainer, I’d like to let you know the package ‘icdiff’ (new in
> unstable) contains a modified fork of Python’s difflib code. According to
> upstream, it’s "based on Python's difflib.HtmlDiff, with changes to provide
>
On Mon, Mar 28, 2016 at 10:34 PM, Andrew Deck wrote:
> On a related note, does anyone know what happened to OSF and the OSVDB?
> There still seem to be blog updates, but I remember OSVDB having a web
> UI, and the OSF website seems to be down.
They have officially closed the OSVDB site:
Package: security-tracker
Severity: wishlist
Tags: newcomer
The TEMP-*-* identifiers are not meant to be referenced.
On source package pages we should:
Reference the Debian bug number in the link and the link text for
issues that have a Debian bug number.
Just put "TEMP" in the text for issues
Package: security-tracker
Severity: wishlist
Tags: newcomer
The TEMP-*-* identifiers are not meant to be referenced. So I think we
should to use bug report URLs in preference to TEMP-*-* based URLs:
Redirect from TEMP-*-* based URLs to bug based ones.
Stop redirecting from bug based URLs to
On Sun, Mar 6, 2016 at 12:33 PM, Brian May wrote:
> Just wondering if there is some other way we can track security issues
> for when CVEs are not available.
...
> For example, if there are no CVEs are we able to use OVEs instead?
>
> http://www.openwall.com/ove
This sounds like a good idea to
Package: security-tracker
Severity: important
Please change the Urgency field for issues on unsupported packages from
unimportant to unsupported. Having unimportant in the urgency
field is very misleading. Currently the only indication that a package
is unsupported is in the notes section of each
On Tue, 2015-03-17 at 00:03 +0100, Raphael Hertzog wrote:
I also noticed that we have nowhere data that says that an
issue is undetermined... maybe those issues should be entirely dropped?
I don't understand why we have that status in the first place.
But my first try at identifying
On Thu, 2015-02-26 at 17:41 +0100, Holger Levsen wrote:
On Donnerstag, 26. Februar 2015, Paul Wise wrote:
I noticed the description fields are truncated, is that intentional?
that's all that is stored in the db...
Are you sure? By way of example, take a look at CVE-2012-0833
On Mon, 2015-02-23 at 14:59 +0100, Holger Levsen wrote:
surely. I just wasn't sure whether this should be done on the
security-tracker
side or by it's users... or I could provide two versions: json-full and json(-
aggregated) - do you think that would be useful?
I think it would be useful
On Sun, 22 Feb 2015 00:37:49 +0100 Holger Levsen wrote:
I have a prototype ready, see attached...
I noticed that fixed issues are not listed, we need that so people can
look up the security history of any package by clicking a 'security'
link in the links section. Just an item link: True|False
On Sun, 2015-02-22 at 19:00 +0100, Holger Levsen wrote:
On Sonntag, 22. Februar 2015, Paul Wise wrote:
I see a bunch of urgency set to high** and medium**, should it
be high and medium instead?
this comes directly from the database, so I don't think it should be modified.
Hmm, it appears
Package: security-tracker
Severity: wishlist
Control: block -1 by 761348
Various places in the security tracker hardcode various data from
Debian's apt repositories, including those from the list below. It would
be nice if the security-tracker could fetch that data (daily) from the
Debian apt
Package: security-tracker
Severity: normal
The Reporting problems page[1] on the security tracker website points
at [2] but this page simply says that the page has moved elsewhere
without giving a full link to the location of the new page. Please
either update the link or add a full link to the
Package: security-tracker
Severity: wishlist
It would be useful to people using modified versions of packages if the
security tracker listed releases and versions where fixes happened in
the list of resolved issues. Combined with a fix for #611162 and or a
link to a debdiff or the fixed version
Package: security-tracker
Severity: wishlist
In some places on the web and mailing lists, CVEs are referenced with a
space instead of a dash (CVE 2013-4327 instead of CVE-2013-4327). It
would be nice if I could copy and paste these into the search box and
have the right CVE show up without having
On Mon, 2012-03-12 at 22:56 -0400, Michael Gilbert wrote:
There is a removed_packages table that you can use to check whether
the package is currently in debian or not.
The foreign key stuff is not about whether or not the package is in
Debian, just about deleting maintainer information when
On Mon, 2012-03-12 at 21:16 -0400, Michael Gilbert wrote:
Also, why is c.execute(PRAGMA foreign_keys=ON) necessary?
sqlite doesn't enforce foreign key constraints by default:
https://sqlite.org/foreignkeys.html#fk_enable
I'm using those to ensure maintainers are deleted when source packages
On Fri, 2012-02-17 at 17:36 +0800, Paul Wise wrote:
The attached patch implements a first pass at a per-maintainer page of
security issues. It involves some database schema changes to it will
require a full reimport of all the data.
Does anyone have some time to review my patch?
--
bye
Package: security-tracker
Severity: wishlist
The attached patch implements a first pass at a per-maintainer page of
security issues. It involves some database schema changes to it will
require a full reimport of all the data.
My SQL knowledge isn't great, so there are some deficiencies:
I'm not
On Thu, 2012-02-16 at 18:28 +0100, Florian Weimer wrote:
Do you have an example of a working Gentoo cross-reference?
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-2183
--
bye,
pabs
http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
tags 659843 + pending
thanks
On Wed, 2012-02-15 at 21:54 -0500, Michael Gilbert wrote:
I just reviewed this. I say go ahead and apply it since its a
straightforward duplication of the redhat url parsing.
Applied.
You'll need to sync the tracker code on soler before it goes live.
I don't
Package: security-tracker
Severity: wishlist
Tags: patch
I would like to add the attached patch to the security tracker to add
links to the Ubuntu and Gentoo CVE trackers and add a link to the
openwall vendors page, which links to more trackers for more distros.
I have access to the
39 matches
Mail list logo
