[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-5345/linux

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7ca4a64 by Salvatore Bonaccorso at 2023-10-07T00:09:34+02:00 Update information for CVE-2023-5345/linux - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Add reference to oss-security post for avahi issues

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aacddbb4 by Salvatore Bonaccorso at 2023-10-06T23:31:01+02:00 Add reference to oss-security post for avahi issues - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-42445/gradle

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f78cca8 by Salvatore Bonaccorso at 2023-10-06T23:24:31+02:00 Add CVE-2023-42445/gradle - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a6c84b0 by Salvatore Bonaccorso at 2023-10-06T23:23:44+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5452/snipe-it

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0327605 by Salvatore Bonaccorso at 2023-10-06T23:14:11+02:00 Add CVE-2023-5452/snipe-it - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] gitignore: Ignore mitre.zip as downloaded from mitre feed

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0aba9032 by Salvatore Bonaccorso at 2023-10-06T23:12:45+02:00 gitignore: Ignore mitre.zip as downloaded from mitre feed And avoid that it ever get potentially commited as substantial sized zip

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 727844f7 by Salvatore Bonaccorso at 2023-10-06T23:10:37+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] wireshark fixed in sid

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 34e0cc9d by Moritz Muehlenhoff at 2023-10-06T23:00:21+02:00 wireshark fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Fix CVE id for sgt-puzzles issue

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77f88a0a by Salvatore Bonaccorso at 2023-10-06T22:54:08+02:00 Fix CVE id for sgt-puzzles issue - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes:

[Git][security-tracker-team/security-tracker][master] Process two NFUs

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c96bf0c2 by Salvatore Bonaccorso at 2023-10-06T22:29:20+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] automatic update

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6df9dc59 by security tracker role at 2023-10-06T20:12:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] CVE-2023-42456: Try to clarify that no vulnerable version was in unstable

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d0b9461c by Salvatore Bonaccorso at 2023-10-06T21:55:49+02:00 CVE-2023-42456: Try to clarify that no vulnerable version was in unstable Only the version in experimental, the only one 0.2.0-1

[Git][security-tracker-team/security-tracker][master] Reference upstream commits for CVE-2023-39323

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d9133dc by Salvatore Bonaccorso at 2023-10-06T21:53:04+02:00 Reference upstream commits for CVE-2023-39323 - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-39323/golang-1.20 via unstable

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b218d200 by Salvatore Bonaccorso at 2023-10-06T21:51:10+02:00 Track fixed version for CVE-2023-39323/golang-1.20 via unstable - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-39323/golang-1.21 via unstable

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dd2437fa by Salvatore Bonaccorso at 2023-10-06T21:48:17+02:00 Track fixed version for CVE-2023-39323/golang-1.21 via unstable - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Add upstream tag reference for CVE-2023-5441

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ac6b080 by Salvatore Bonaccorso at 2023-10-06T21:44:03+02:00 Add upstream tag reference for CVE-2023-5441 - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for grub2 update

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 99234c34 by Salvatore Bonaccorso at 2023-10-06T20:50:50+02:00 Reserve DSA number for grub2 update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] CVE-2023-36109/iotjs: follow bullseye

2023-10-06 Thread Sylvain Beucler (@beuc)
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cd00569 by Sylvain Beucler at 2023-10-06T17:55:11+02:00 CVE-2023-36109/iotjs: follow bullseye - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] CVE-2023-38469/avahi: buster postponed

2023-10-06 Thread Sylvain Beucler (@beuc)
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: df9ee77c by Sylvain Beucler at 2023-10-06T17:50:31+02:00 CVE-2023-38469/avahi: buster postponed - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] CVE-2023-44387/gradle: buster postponed

2023-10-06 Thread Sylvain Beucler (@beuc)
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 137a88dc by Sylvain Beucler at 2023-10-06T17:44:52+02:00 CVE-2023-44387/gradle: buster postponed - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] NFU

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f162125 by Moritz Muehlenhoff at 2023-10-06T15:32:31+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] LTS: add unfixed note to opendkim in dla-needed.txt

2023-10-06 Thread Sean Whitton (@spwhitton)
: = data/dla-needed.txt = @@ -127,6 +127,7 @@ nvidia-cuda-toolkit -- opendkim NOTE: 20230821: Added by Front-Desk (ta) + NOTE: 20231006: Unfixed upstream as of today. (spwhitton) -- osslsigncode NOTE: 20230925: Added by Front-Desk (apo) View

[Git][security-tracker-team/security-tracker][master] new hamster-time-tracker issue (might be bogus), NFU

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6122b59e by Moritz Muehlenhoff at 2023-10-06T15:12:44+02:00 new hamster-time-tracker issue (might be bogus), NFU - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] new iotjs issue

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f4498ade by Moritz Muehlenhoff at 2023-10-06T15:06:54+02:00 new iotjs issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] new rust-sudo-rs issue

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d50c87f by Moritz Muehlenhoff at 2023-10-06T14:50:27+02:00 new rust-sudo-rs issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] new drupal issue

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1257f1ab by Moritz Muehlenhoff at 2023-10-06T14:48:43+02:00 new drupal issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] new golang issue

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7230de2a by Moritz Muehlenhoff at 2023-10-06T14:05:59+02:00 new golang issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] new vim issue

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2700a634 by Moritz Muehlenhoff at 2023-10-06T12:35:39+02:00 new vim issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] NFUs (concludes external check)

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ebe9514c by Moritz Muehlenhoff at 2023-10-06T12:13:49+02:00 NFUs (concludes external check) - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] "new" PHP issue

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1131aee7 by Moritz Muehlenhoff at 2023-10-06T12:08:03+02:00 new PHP issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] chromium fixed in sid

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c8705286 by Moritz Muehlenhoff at 2023-10-06T11:32:35+02:00 chromium fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] new gitlab issues

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ba92cc8 by Moritz Muehlenhoff at 2023-10-06T11:31:28+02:00 new gitlab issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] netatalk fixed in sid

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 64817d66 by Moritz Muehlenhoff at 2023-10-06T11:28:18+02:00 netatalk fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] LTS: claim python-urllib3 in dla-needed.txt

2023-10-06 Thread Guilhem Moulin (@guilhem)
) NOTE: 20231006: Added by Front-Desk (Beuc) NOTE: 20231006: Fix the 4 no-dsa issues (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c83fb90ab5261e078eb034797e01568be920cc8 -- View it on GitLab: https://salsa.debian.org

[Git][security-tracker-team/security-tracker][master] NFUs

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e49d0371 by Moritz Muehlenhoff at 2023-10-06T10:58:26+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] dla: add flatpak

2023-10-06 Thread Sylvain Beucler (@beuc)
= @@ -60,6 +60,10 @@ dogecoin NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix; NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk) -- +flatpak + NOTE: 20231006: Added by Front

[Git][security-tracker-team/security-tracker][master] dla: add python-django

2023-10-06 Thread Sylvain Beucler (@beuc)
-needed.txt = @@ -144,6 +144,10 @@ prometheus-alertmanager (rouca) puma (Abhijith PA) NOTE: 20230925: Added by Front-Desk (apo) -- +python-django + NOTE: 20231006: Added by Front-Desk (Beuc) + NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other

[Git][security-tracker-team/security-tracker][master] dla: add python-urllib3

2023-10-06 Thread Sylvain Beucler (@beuc)
-needed.txt = @@ -154,6 +154,10 @@ python-os-brick NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. -- +python-urllib3 + NOTE: 20231006: Added by Front-Desk (Beuc

[Git][security-tracker-team/security-tracker][master] puppet/puppetserver n/a

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 41621a96 by Moritz Muehlenhoff at 2023-10-06T10:16:25+02:00 puppet/puppetserver n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] automatic update

2023-10-06 Thread Salvatore Bonaccorso (@carnil)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b881ae44 by security tracker role at 2023-10-06T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] NFUs

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d8fb5513 by Moritz Muehlenhoff at 2023-10-06T09:37:36+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] new gradle issue

2023-10-06 Thread Moritz Muehlenhoff (@jmm)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5bdb7d6a by Moritz Muehlenhoff at 2023-10-06T09:17:29+02:00 new gradle issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list