=
@@ -22,8 +22,6 @@ bluez
NOTE: 20200420: check for bonded connections should go. (eg. 7d9718cfc,
NOTE: 20200420: 718bad60d, etc.) (lamby)
--
-cups (Anton Gladky)
---
dom4j (Utkarsh Gupta)
NOTE: 20200427: WIP. Upstream commit might not be applicable directly for
Debian
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a7b1f9b0 by Salvatore Bonaccorso at 2020-04-28T06:07:54+02:00
Add reported bug reference for duo-unix
- - - - -
1 changed file:
- data/CVE/list
Changes:
==
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97ad7d1f by Salvatore Bonaccorso at 2020-04-28T06:04:51+02:00
Add not-affected information for CVE-2020-119{39,40} as well for jessie
- - - - -
1 changed file:
- data/CVE/list
Changes:
==
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c974 by Salvatore Bonaccorso at 2020-04-28T06:01:27+02:00
Add CVE-2020-9482/Apache NiFi
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/C
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3bf2145c by Salvatore Bonaccorso at 2020-04-28T05:58:38+02:00
CVE-2020-11736/file-roller fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82ad51cf by Salvatore Bonaccorso at 2020-04-28T05:57:48+02:00
Track embedded ndpi in removed ntop
- - - - -
1 changed file:
- data/embedded-code-copies
Changes:
==
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b08371ab by Salvatore Bonaccorso at 2020-04-28T05:47:31+02:00
Adjust source package name for CVE-2020-11888
CVE-2020-11888 is for a python-markdown2 but we have two similar
packages in Debian.
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d75d5950 by Utkarsh Gupta at 2020-04-28T04:04:59+05:30
Reserve DLA-2190-1 for ruby-json
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52428a5d by Utkarsh Gupta at 2020-04-28T03:05:17+05:30
Add notes for openconnect and tika
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7dcd237a by Utkarsh Gupta at 2020-04-28T02:57:32+05:30
Take ruby-json as I'm the maintainer
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dl
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f0d816c4 by Moritz Muehlenhoff at 2020-04-27T23:18:53+02:00
new python-markdown, ndpi, duo issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
===
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cdc3d685 by Salvatore Bonaccorso at 2020-04-27T23:07:02+02:00
Add CVE-2020-11013/helm-kubernetes, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
===
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9750812 by Salvatore Bonaccorso at 2020-04-27T23:06:24+02:00
Add CVE-2020-11690/intellij-idea, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
610553fc by Salvatore Bonaccorso at 2020-04-27T23:03:37+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8b5e4d3c by Salvatore Bonaccorso at 2020-04-27T23:04:17+02:00
Add CVE-2020-12052/grafana
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fe6de22e by Salvatore Bonaccorso at 2020-04-27T22:52:44+02:00
Add CVE-2020-1227{8,9}/libgit2
The issues are similar (or a variant of to better be formulated) of
CVE-2019-1352 and CVE-2019-1353
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e812964 by Sylvain Beucler at 2020-04-27T22:47:10+02:00
CVE-2019-14846/ansible: reference upstream commit
- - - - -
1 changed file:
- data/CVE/list
Changes:
==
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
311506af by Salvatore Bonaccorso at 2020-04-27T22:38:46+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ce80c05 by Salvatore Bonaccorso at 2020-04-27T22:29:17+02:00
Revert not-affected status for whole package for CVE-2020-10663
The issue did affect 2.1 branch.
- - - - -
1 changed file:
- da
Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dd0cff64 by Ola Lundqvist at 2020-04-27T22:22:05+02:00
Conclusion for jessie regarding CVE-2020-10663. The package ruby-json should be
fixed since the code is clearly vulnerable and it looks like a ra
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0bc470b by Salvatore Bonaccorso at 2020-04-27T22:20:30+02:00
Track new openexr issues
I kept the TODO item as we need to double check the fixing commits.
https://bugs.chromium.org/p/project-ze
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8824fa86 by Sylvain Beucler at 2020-04-27T22:10:53+02:00
CVE-2019-14864/ansible: jessie not-affected
- - - - -
6362041a by Sylvain Beucler at 2020-04-27T22:10:55+02:00
CVE-2019-14858/ansible: jessie
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a3b94f1 by security tracker role at 2020-04-27T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
-needed.txt
=
@@ -27,6 +27,8 @@ cups (Anton Gladky)
dom4j (Utkarsh Gupta)
NOTE: 20200427: WIP. Upstream commit might not be applicable directly for
Debian.
--
+jbig2dec (Dylan Aïssi)
+--
libdatetime-timezone-perl (Emilio)
--
libmatio (Adrian Bunk)
View it
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45a9dfb2 by Moritz Muehlenhoff at 2020-04-27T20:00:57+02:00
new jbig2dec issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
===
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c9bccf0 by Moritz Muehlenhoff at 2020-04-27T19:53:24+02:00
qemu DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA
Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb642c1f by Alberto Garcia at 2020-04-27T19:21:39+02:00
webkit2gtk upstream advisory WSA-2020-0005
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=
@@ -51,6 +51,7 @@ linux (Ben Hutchings)
linux-4.9 (Ben Hutchings)
--
mailman (Anton Gladky)
+ NOTE: 20200427: Maintainer contacted (gladk)
--
mumble (Abhijith PA)
NOTE: 20200325: Regression in last upload, forgot to follow up.
View it on GitLab
=
@@ -71,7 +71,7 @@ opendmarc (Thorsten Alteholz)
--
openjdk-7 (Roberto C. Sánchez)
--
-otrs2
+otrs2 (Abhijith PA)
NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith)
NOTE: 20200427: Cannot find the above comment on the various commits/PRs, nor
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ba93533 by Sylvain Beucler at 2020-04-27T17:43:43+02:00
CVE-2019-14904/ansible: jessie not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
da
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb662229 by Moritz Muehlenhoff at 2020-04-27T16:55:07+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
=
@@ -78,6 +78,9 @@ otrs2
NOTE: 20200427: disable autocomplete without the cumbersome (and likely
NOTE: 20200427: difficult-to-patch) configuration switch. (lamby)
--
+php5 (Thorsten Alteholz)
+ NOTE: 20200427: embedded software "file" needs fix fo
=
@@ -78,7 +78,7 @@ otrs2
NOTE: 20200427: disable autocomplete without the cumbersome (and likely
NOTE: 20200427: difficult-to-patch) configuration switch. (lamby)
--
-qemu
+qemu (Adrian Bunk)
--
ruby-rack
NOTE: 20191219: The security update causes a regression
:
=
data/dla-needed.txt
=
@@ -87,9 +87,9 @@ ruby-rack
--
sqlite3 (Mike Gabriel)
--
-squid3
- NOTE: 20200330: There is still an issue with CVE-2019-12523 but the rest
- NOTE: 20200330: looks good now. (apo)
+squid3 (Markus Koschany)
+ NOTE: 20200427: Working
:
=
data/dla-needed.txt
=
@@ -78,6 +78,8 @@ otrs2
NOTE: 20200427: disable autocomplete without the cumbersome (and likely
NOTE: 20200427: difficult-to-patch) configuration switch. (lamby)
--
+qemu
+--
ruby-rack
NOTE: 20191219: The security update
Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
71b6360b by Ola Lundqvist at 2020-04-27T11:42:41+02:00
EOL entries for LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
===
:
=
data/dla-needed.txt
=
@@ -73,6 +73,10 @@ openjdk-7 (Roberto C. Sánchez)
--
otrs2
NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith)
+ NOTE: 20200427: Cannot find the above comment on the various commits/PRs, nor
+ NOTE: 20200427
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1829859d by security tracker role at 2020-04-27T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
be458d87 by Salvatore Bonaccorso at 2020-04-27T09:13:45+02:00
Track proposed cups update via stretch-pu
- - - - -
1 changed file:
- data/next-oldstable-point-update.txt
Changes:
=
39 matches
Mail list logo