[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2019-8842 as no-dsa for Jessie

= @@ -22,8 +22,6 @@ bluez NOTE: 20200420: check for bonded connections should go. (eg. 7d9718cfc, NOTE: 20200420: 718bad60d, etc.) (lamby) -- -cups (Anton Gladky) --- dom4j (Utkarsh Gupta) NOTE: 20200427: WIP. Upstream commit might not be applicable directly for Debian

[Git][security-tracker-team/security-tracker][master] Add reported bug reference for duo-unix

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7b1f9b0 by Salvatore Bonaccorso at 2020-04-28T06:07:54+02:00 Add reported bug reference for duo-unix - - - - - 1 changed file: - data/CVE/list Changes: ==

[Git][security-tracker-team/security-tracker][master] Add not-affected information for CVE-2020-119{39,40} as well for jessie

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 97ad7d1f by Salvatore Bonaccorso at 2020-04-28T06:04:51+02:00 Add not-affected information for CVE-2020-119{39,40} as well for jessie - - - - - 1 changed file: - data/CVE/list Changes: ==

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-9482/Apache NiFi

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c974 by Salvatore Bonaccorso at 2020-04-28T06:01:27+02:00 Add CVE-2020-9482/Apache NiFi - - - - - 1 changed file: - data/CVE/list Changes: = data/C

[Git][security-tracker-team/security-tracker][master] CVE-2020-11736/file-roller fixed in unstable

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3bf2145c by Salvatore Bonaccorso at 2020-04-28T05:58:38+02:00 CVE-2020-11736/file-roller fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Track embedded ndpi in removed ntop

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82ad51cf by Salvatore Bonaccorso at 2020-04-28T05:57:48+02:00 Track embedded ndpi in removed ntop - - - - - 1 changed file: - data/embedded-code-copies Changes: ==

[Git][security-tracker-team/security-tracker][master] Adjust source package name for CVE-2020-11888

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b08371ab by Salvatore Bonaccorso at 2020-04-28T05:47:31+02:00 Adjust source package name for CVE-2020-11888 CVE-2020-11888 is for a python-markdown2 but we have two similar packages in Debian.

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2190-1 for ruby-json

Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: d75d5950 by Utkarsh Gupta at 2020-04-28T04:04:59+05:30 Reserve DLA-2190-1 for ruby-json - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] Add notes for openconnect and tika

Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 52428a5d by Utkarsh Gupta at 2020-04-28T03:05:17+05:30 Add notes for openconnect and tika - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-

[Git][security-tracker-team/security-tracker][master] Take ruby-json as I'm the maintainer

Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 7dcd237a by Utkarsh Gupta at 2020-04-28T02:57:32+05:30 Take ruby-json as I'm the maintainer - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dl

[Git][security-tracker-team/security-tracker][master] new python-markdown, ndpi, duo issues

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f0d816c4 by Moritz Muehlenhoff at 2020-04-27T23:18:53+02:00 new python-markdown, ndpi, duo issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11013/helm-kubernetes, itp'ed

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cdc3d685 by Salvatore Bonaccorso at 2020-04-27T23:07:02+02:00 Add CVE-2020-11013/helm-kubernetes, itp'ed - - - - - 1 changed file: - data/CVE/list Changes: ===

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11690/intellij-idea, itp'ed

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9750812 by Salvatore Bonaccorso at 2020-04-27T23:06:24+02:00 Add CVE-2020-11690/intellij-idea, itp'ed - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 610553fc by Salvatore Bonaccorso at 2020-04-27T23:03:37+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-12052/grafana

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b5e4d3c by Salvatore Bonaccorso at 2020-04-27T23:04:17+02:00 Add CVE-2020-12052/grafana - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1227{8,9}/libgit2

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fe6de22e by Salvatore Bonaccorso at 2020-04-27T22:52:44+02:00 Add CVE-2020-1227{8,9}/libgit2 The issues are similar (or a variant of to better be formulated) of CVE-2019-1352 and CVE-2019-1353

[Git][security-tracker-team/security-tracker][master] CVE-2019-14846/ansible: reference upstream commit

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e812964 by Sylvain Beucler at 2020-04-27T22:47:10+02:00 CVE-2019-14846/ansible: reference upstream commit - - - - - 1 changed file: - data/CVE/list Changes: ==

[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 311506af by Salvatore Bonaccorso at 2020-04-27T22:38:46+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] Revert not-affected status for whole package for CVE-2020-10663

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ce80c05 by Salvatore Bonaccorso at 2020-04-27T22:29:17+02:00 Revert not-affected status for whole package for CVE-2020-10663 The issue did affect 2.1 branch. - - - - - 1 changed file: - da

[Git][security-tracker-team/security-tracker][master] Conclusion for jessie regarding CVE-2020-10663. The package ruby-json should...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: dd0cff64 by Ola Lundqvist at 2020-04-27T22:22:05+02:00 Conclusion for jessie regarding CVE-2020-10663. The package ruby-json should be fixed since the code is clearly vulnerable and it looks like a ra

[Git][security-tracker-team/security-tracker][master] Track new openexr issues

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0bc470b by Salvatore Bonaccorso at 2020-04-27T22:20:30+02:00 Track new openexr issues I kept the TODO item as we need to double check the fixing commits. https://bugs.chromium.org/p/project-ze

[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-14864/ansible: jessie not-affected

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 8824fa86 by Sylvain Beucler at 2020-04-27T22:10:53+02:00 CVE-2019-14864/ansible: jessie not-affected - - - - - 6362041a by Sylvain Beucler at 2020-04-27T22:10:55+02:00 CVE-2019-14858/ansible: jessie

[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a3b94f1 by security tracker role at 2020-04-27T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] dla-needed: add and claim jbig2dec

-needed.txt = @@ -27,6 +27,8 @@ cups (Anton Gladky) dom4j (Utkarsh Gupta) NOTE: 20200427: WIP. Upstream commit might not be applicable directly for Debian. -- +jbig2dec (Dylan Aïssi) +-- libdatetime-timezone-perl (Emilio) -- libmatio (Adrian Bunk) View it

[Git][security-tracker-team/security-tracker][master] new jbig2dec issue

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 45a9dfb2 by Moritz Muehlenhoff at 2020-04-27T20:00:57+02:00 new jbig2dec issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ===

[Git][security-tracker-team/security-tracker][master] qemu DSA

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c9bccf0 by Moritz Muehlenhoff at 2020-04-27T19:53:24+02:00 qemu DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA

[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2020-0005

Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker Commits: fb642c1f by Alberto Garcia at 2020-04-27T19:21:39+02:00 webkit2gtk upstream advisory WSA-2020-0005 - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] DLA: add note for mailman

= @@ -51,6 +51,7 @@ linux (Ben Hutchings) linux-4.9 (Ben Hutchings) -- mailman (Anton Gladky) + NOTE: 20200427: Maintainer contacted (gladk) -- mumble (Abhijith PA) NOTE: 20200325: Regression in last upload, forgot to follow up. View it on GitLab

[Git][security-tracker-team/security-tracker][master] claim otrs2

= @@ -71,7 +71,7 @@ opendmarc (Thorsten Alteholz) -- openjdk-7 (Roberto C. Sánchez) -- -otrs2 +otrs2 (Abhijith PA) NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith) NOTE: 20200427: Cannot find the above comment on the various commits/PRs, nor

[Git][security-tracker-team/security-tracker][master] CVE-2019-14904/ansible: jessie not-affected

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ba93533 by Sylvain Beucler at 2020-04-27T17:43:43+02:00 CVE-2019-14904/ansible: jessie not-affected - - - - - 1 changed file: - data/CVE/list Changes: = da

[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bb662229 by Moritz Muehlenhoff at 2020-04-27T16:55:07+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] readd php5

= @@ -78,6 +78,9 @@ otrs2 NOTE: 20200427: disable autocomplete without the cumbersome (and likely NOTE: 20200427: difficult-to-patch) configuration switch. (lamby) -- +php5 (Thorsten Alteholz) + NOTE: 20200427: embedded software "file" needs fix fo

[Git][security-tracker-team/security-tracker][master] dla: take qemu

= @@ -78,7 +78,7 @@ otrs2 NOTE: 20200427: disable autocomplete without the cumbersome (and likely NOTE: 20200427: difficult-to-patch) configuration switch. (lamby) -- -qemu +qemu (Adrian Bunk) -- ruby-rack NOTE: 20191219: The security update causes a regression

[Git][security-tracker-team/security-tracker][master] Update status of squid3 in dla-needed.txt.

: = data/dla-needed.txt = @@ -87,9 +87,9 @@ ruby-rack -- sqlite3 (Mike Gabriel) -- -squid3 - NOTE: 20200330: There is still an issue with CVE-2019-12523 but the rest - NOTE: 20200330: looks good now. (apo) +squid3 (Markus Koschany) + NOTE: 20200427: Working

[Git][security-tracker-team/security-tracker][master] Qemu vulnerable in LTS as well and should be fixed.

: = data/dla-needed.txt = @@ -78,6 +78,8 @@ otrs2 NOTE: 20200427: disable autocomplete without the cumbersome (and likely NOTE: 20200427: difficult-to-patch) configuration switch. (lamby) -- +qemu +-- ruby-rack NOTE: 20191219: The security update

[Git][security-tracker-team/security-tracker][master] EOL entries for LTS.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 71b6360b by Ola Lundqvist at 2020-04-27T11:42:41+02:00 EOL entries for LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ===

[Git][security-tracker-team/security-tracker][master] dla-needed.txt: Add note on CVE-2020-1769 in otrs2.

: = data/dla-needed.txt = @@ -73,6 +73,10 @@ openjdk-7 (Roberto C. Sánchez) -- otrs2 NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith) + NOTE: 20200427: Cannot find the above comment on the various commits/PRs, nor + NOTE: 20200427

[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1829859d by security tracker role at 2020-04-27T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Track proposed cups update via stretch-pu

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: be458d87 by Salvatore Bonaccorso at 2020-04-27T09:13:45+02:00 Track proposed cups update via stretch-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: =