}
[buster] - bluez 5.50-1.2~deb10u5
=
data/dla-needed.txt
=
@@ -140,9 +140,6 @@ less (guilhem)
libmojolicious-perl
NOTE: 20240421: Added by Front-Desk (apo)
--
-libreoffice (rouca)
- NOTE: 20240518: Added by Front-Desk
-needed.txt
=
@@ -295,6 +295,7 @@ sendmail (rouca)
NOTE: 20240430: https://marc.info/?l=oss-security=171447187004229=2
NOTE: 20240506: add possible workarround see #1070190
NOTE: 20240514: sid is on the way
+ NOTE: 20240525: sid/bookworm ok. Bullseye PU
-needed.txt
=
@@ -144,7 +144,7 @@ less (guilhem)
libmojolicious-perl
NOTE: 20240421: Added by Front-Desk (apo)
--
-libreoffice
+libreoffice (rouca)
NOTE: 20240518: Added by Front-Desk (utkarsh)
--
libreswan
View it on GitLab:
https://salsa.debian.org
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8efcae78 by Bastien Roucariès at 2024-05-25T11:27:12+00:00
Reserve DLA-3819-1 for fossil
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
ster] - thunderbird 1:115.11.0-1~deb10u1
=
data/dla-needed.txt
=
@@ -31,9 +31,6 @@ ansible
NOTE: 20231228: Made a partial release DLA-3695-1 (rouca), waiting for lee
NOTE: 20240501: Update for bookworm-proposed-up
:
=
data/dla-needed.txt
=
@@ -273,7 +273,7 @@ sendmail (rouca)
NOTE: 20240425: need more time to investigate issue
NOTE: 20240430: https://marc.info/?l=oss-security=171447187004229=2
NOTE: 20240506: add possible workarround see #1070190
- NOTE: 20240214: sid
:
=
data/dla-needed.txt
=
@@ -273,6 +273,7 @@ sendmail (rouca)
NOTE: 20240425: need more time to investigate issue
NOTE: 20240430: https://marc.info/?l=oss-security=171447187004229=2
NOTE: 20240506: add possible workarround see #1070190
+ NOTE: 20240214: sid
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
359f1dc4 by Bastien Roucariès at 2024-05-13T20:13:17+00:00
Add CVEs fixed by shim DLA
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
data/dla-needed.txt
=
@@ -278,11 +278,6 @@ sendmail (rouca)
NOTE: 20240430: https://marc.info/?l=oss-security=171447187004229=2
NOTE: 20240506: add possible workarround see #1070190
--
-shim (rouca)
- NOTE: 20240306: Added
:
=
data/dla-needed.txt
=
@@ -271,6 +271,7 @@ sendmail (rouca)
NOTE: 20240324: some issue coordinate with myself and security team (rouca)
NOTE: 20240425: need more time to investigate issue
NOTE: 20240430: https://marc.info/?l=oss-security
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
69d99277 by Bastien Roucariès at 2024-05-02T13:59:41+00:00
Add note about zookeeper
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
-needed.txt
=
@@ -267,9 +267,10 @@ sendmail (rouca)
NOTE: 20240425: need more time to investigate issue
NOTE: 20240430: https://marc.info/?l=oss-security=171447187004229=2
--
-shim
+shim (rouca)
NOTE: 20240306: Added by Front-Desk (opal)
NOTE: 20240415
:
=
data/dla-needed.txt
=
@@ -254,6 +254,7 @@ sendmail (rouca)
NOTE: 20240311: please coordinate with the package maintainer to help make
this happen. (Beuc/front-desk)
NOTE: 20240324: some issue coordinate with myself and security team (rouca)
NOTE
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e99cb980 by Bastien Roucariès at 2024-04-30T15:54:02+00:00
Add fossil for including embedded-code-copies of sqlite3
- - - - -
1 changed file:
- data/embedded-code-copies
Changes:
-needed.txt
=
@@ -215,6 +215,7 @@ putty (rouca)
NOTE: 20240324: Backport is straighforward (rouca)
NOTE: 20240324:
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/104
NOTE: 20240412: Wait for comments by maintainer
+ NOTE: 20240430: Backport
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f9357ca by Bastien Roucariès at 2024-04-29T15:25:30+00:00
CVE-2024-31497
Add patch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
-needed.txt
=
@@ -88,7 +88,7 @@ squid
--
webkit2gtk (berto)
--
-wpa
+wpa (rouca)
--
zabbix
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aa44d8ad309f1dabb497928681692a70c0b43d5
--
View it on GitLab:
https
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55ad4073 by Bastien Roucariès at 2024-04-26T19:00:52+00:00
CVE-2024-24795/uwsgi
Add uwsgi due to embeded source of apache2 module
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfaffae9 by Bastien Roucariès at 2024-04-25T20:34:07+00:00
DLA-3794-1/putty
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
-needed.txt
=
@@ -287,6 +287,7 @@ sendmail (rouca)
NOTE: 20240311: I believe we should fix this sponsored package, like postfix
and exim, in all dists,
NOTE: 20240311: please coordinate with the package maintainer to help make
this happen. (Beuc/front-desk
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
103025ef by Bastien Roucariès at 2024-04-24T15:39:14+00:00
CVE-2024-24795/apache2
Document fix and possible regression
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad578b47 by Bastien Roucariès at 2024-04-24T15:30:17+00:00
CVE-2023-38709/apache2
Fixed by:
https://github.com/apache/httpd/commit/ac20389f3c816d990aba21720f1492b69ac5cb44
Backport of:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
59151ea3 by Bastien Roucariès at 2024-04-24T15:15:42+00:00
CVE-2024-27316/apache2
Fixed by:
https://github.com/apache/httpd/commit/0d73970ec161300a55b630f71bbf72b5c41f28b9
from SVN
:
=
data/dla-needed.txt
=
@@ -258,6 +258,7 @@ sendmail (rouca)
--
shim (rouca)
NOTE: 20240306: Added by Front-Desk (opal)
+ NOTE: 20240415: https://salsa.debian.org/efi-team/shim/-/merge_requests/13
--
squid
NOTE: 20240109: Added by Front-Desk (apo
/dsa-needed.txt
=
@@ -94,7 +94,7 @@ squid
--
webkit2gtk (berto)
--
-wpa
+wpa (rouca)
--
zabbix
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b8992b5d659ed8af306d6034efa02dc3c2dc066
--
View it on GitLab
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2307b820 by Bastien Roucariès at 2024-04-15T08:15:12+00:00
CVE-2024-23944/zookeeper
There is indeed a triggerWatch in 3.4, and it arguably leaks *some*
information. E.g.,
super create /foo X
=
@@ -256,7 +256,7 @@ sendmail (rouca)
NOTE: 20240311: please coordinate with the package maintainer to help make
this happen. (Beuc/front-desk)
NOTE: 20240324: some issue coordinate with myself and security team (rouca)
--
-shim
+shim (rouca)
NOTE: 20240306
=
@@ -204,11 +204,12 @@ pdns-recursor
NOTE: 20240306: Added by Front-Desk (opal)
NOTE: 20240319: Upload postponed due to #1067124 (dleidert)
--
-putty
+putty (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
- NOTE: 20230104: massive code change against
=
@@ -246,7 +246,7 @@ samba (Santiago)
NOTE: 20230918: Added by Front-Desk (apo)
NOTE: 20240406: Update should be ready. Will upload this Monday. (Santiago)
--
-sendmail
+sendmail (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
NOTE: 20240213: Patch
+40,6 @@ bind9 (Sean Whitton)
NOTE: 20240218: Added by Front-Desk (lamby)
NOTE: 20240218: CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517
CVE-2023-5679 already fixed in bullseye. (lamby)
--
-composer (rouca)
- NOTE: 20240209: Added by Front-Desk (utkarsh)
- NOTE: 20240304: Need
=
@@ -300,6 +300,6 @@ wordpress
zabbix (utkarsh)
NOTE: 20240212: Added by Front-Desk (utkarsh)
--
-zookeeper
+zookeeper (rouca)
NOTE: 20240324: Added by Front-Desk (ta)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security
:
=
data/dla-needed.txt
=
@@ -218,6 +218,7 @@ putty (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
NOTE: 20230104: massive code change against bullseye. May be better to
backport bullseye (rouca)
NOTE: 20230324: Backport is straighforward (rouca)
+ NOTE
-needed.txt
=
@@ -214,9 +214,10 @@ pdns-recursor (dleidert)
NOTE: 20240306: Added by Front-Desk (opal)
NOTE: 20240319: Upload postponed due to #1067124 (dleidert)
--
-putty
+putty (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
NOTE: 20230104: massive
/dla-needed.txt
=
@@ -269,6 +269,7 @@ sendmail (rouca)
NOTE: 20240311: Re-added to dla-needed.txt; while secteam tagged it no-dsa
in later dists,
NOTE: 20240311: I believe we should fix this sponsored package, like postfix
and exim, in all dists,
NOTE
-assign and
follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/28
--
-imagemagick (rouca)
- NOTE: 20230622: Added by Front-Desk (Beuc)
- NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs
(Beuc/front-desk)
- NOTE: 20231014: Some work under git branch
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
937cf279 by Bastien Roucariès at 2024-03-19T09:41:11+00:00
Clarify CVE-2023-3195/imagemagick
This CVE was first introduced in 6.9.12-20 but was reintroduced later
- - - - -
1 changed file:
-
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
66f314e8 by Bastien Roucariès at 2024-03-17T22:46:00+00:00
CVE-2023-2157/imagemagick
This CVE was in the code supporting exif feature following
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73584b34 by Bastien Roucariès at 2024-03-17T22:42:15+00:00
CVE-2023-3195/imagemagick
Add more detail why this CVE is not present in debian.
Introduced by
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cbdef8c4 by Bastien Roucariès at 2024-03-17T15:37:52+00:00
CVE-2023-3195/imagemagick buster
Buster is not vulnerable
- - - - -
1 changed file:
- data/CVE/list
Changes:
-needed.txt
=
@@ -107,11 +107,12 @@ i2p
NOTE: 20230809: Added by Front-Desk (Beuc)
NOTE: 20230809: Experimental issue-based workflow: please self-assign and
follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/28
--
-imagemagick
+imagemagick (rouca
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c46857a1 by Bastien Roucariès at 2024-03-17T15:18:27+00:00
CVE-2023-3195/imagemagick bullseye not affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8b5ebfaf by Bastien Roucariès at 2024-03-17T15:13:51+00:00
CVE-2022-32547/imagemagick
Fixed in bullseye by 8:6.9.11.60+dfsg-1.3+deb11u2
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3cc8d3e by Bastien Roucariès at 2024-03-17T14:35:41+00:00
CVE-2023-3195/imagemagick
This CVE does not affects bookworm. This a regression due to another fix.
- - - - -
1 changed file:
-
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fcd73685 by Bastien Roucariès at 2024-03-17T13:34:38+00:00
CVE-2023-2157/imagemagick
Code was introduce post trixie
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5977a1c8 by Bastien Roucariès at 2024-03-17T11:31:39+00:00
imagemagick/CVE-2022-3213
Vulnerable code (stripped TIFF) was introduced later. Same diagnostic by ubuntu.
- - - - -
1 changed file:
:
- data/dsa-needed.txt
Changes:
=
data/dsa-needed.txt
=
@@ -97,6 +97,8 @@ ruby-tzinfo/oldstable
--
salt/oldstable
--
+sendmail (rouca)
+--
samba/oldstable
santiago started to backport patches to bullseye
--
View
eb10u9
[15 Mar 2024] DLA-3762-1 unadf - security update
{CVE-2016-1243 CVE-2016-1244}
[buster] - unadf 0.7.11a-4+deb11u1~deb10u1
=
data/dla-needed.txt
=
@@ -59,12 +59,6 @@ composer (rouca)
NOTE: 2024031
=
@@ -267,7 +267,7 @@ runc
samba
NOTE: 20230918: Added by Front-Desk (apo)
--
-sendmail
+sendmail (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not
publish patches (CVE-2023-51765
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
=
@@ -57,6 +57,7 @@ composer (rouca)
NOTE: 20240304: Need to backport bullseye (rouca)
NOTE: 20240312: likely not affected by CVE-2024-24821
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d90a5cd by Bastien Roucariès at 2024-03-16T20:51:51+00:00
CVE-2024-24821
InstalledVersion feature was created in 2.0 so buster is not affected
- - - - -
1 changed file:
- data/CVE/list
=
@@ -61,10 +61,11 @@ composer (rouca)
NOTE: 20240304: Need to backport bullseye
NOTE: 20240312: likely not affected by CVE-2024-24821
--
-curl
+curl (rouca)
NOTE: 20231229: Added by Front-Desk (lamby)
NOTE: 20231229: CVE-2023-27534 fixed in bullseye via
:
=
data/dla-needed.txt
=
@@ -59,6 +59,7 @@ cinder
composer (rouca)
NOTE: 20240209: Added by Front-Desk (utkarsh)
NOTE: 20240304: Need to backport bullseye
+ NOTE: 20240312: likely not affected by CVE-2024-24821
--
curl
NOTE
=
@@ -60,8 +60,9 @@ cinder
NOTE: 20230525: Added by Front-Desk (lamby)
NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store,
python-os-brick, nova and cinder.
--
-composer
+composer (rouca)
NOTE: 20240209: Added by Front-Desk (utkarsh
:
=
data/dla-needed.txt
=
@@ -122,6 +122,7 @@ imagemagick
NOTE: 20230622: Added by Front-Desk (Beuc)
NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs
(Beuc/front-desk)
NOTE: 20231014: Some work under git branch debian/buster
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dae7f314 by Bastien Roucariès at 2024-02-22T13:38:13+00:00
CVE-2023-43907/OptiPNG fixed in 0.7.8+ds-1
Mark this CVE as fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ffd3d73 by Bastien Roucariès at 2024-02-22T09:38:40+00:00
CVE-2023-39978/imagemagick only mentioned on changelog not fixed
CVE-2023-39978 was fixed due to be introduced by fixes of
other
-updates-tasks/-/issues/28
--
+imagemagick
+ NOTE: 20230622: Added by Front-Desk (Beuc)
+ NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs
(Beuc/front-desk)
+ NOTE: 20231014: Some work under git branch debian/buster but unease
+--
iwd (Chris Lamb)
NOTE: 20240218
/lts-updates-tasks/-/issues/28
--
-imagemagick
- NOTE: 20230622: Added by Front-Desk (Beuc)
- NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs
(Beuc/front-desk)
- NOTE: 20231014: Some work under git branch debian/buster but unease
---
iwd (Chris Lamb)
NOTE
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fdc095e7 by Bastien Roucariès at 2024-02-22T09:16:52+00:00
buster CVE-2023-3745/imagemagick
Buster is not affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e4e1232a by Bastien Roucariès at 2024-02-21T12:54:28+00:00
CVE-2022-1114
Tested against poc:
convert-im6.q16: insufficient image data in file `poc @
error/dcm.c/ReadDCMImage/3313.
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fc5d8e94 by Bastien Roucariès at 2024-02-21T10:28:48+00:00
CVE-2023-3428: mark buster not affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7bc11732 by Bastien Roucariès at 2024-02-20T21:50:48+00:00
CVE-2023-1906 does not affect buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
=
@@ -52,7 +52,7 @@ cinder
NOTE: 20230525: Added by Front-Desk (lamby)
NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store,
python-os-brick, nova and cinder.
--
-composer
+composer (rouca)
NOTE: 20240209: Added by Front-Desk (utkarsh
Changes:
=
data/dla-needed.txt
=
@@ -250,6 +250,7 @@ samba
sendmail (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not
publish patches
+ NOTE: 20240217
=
@@ -250,8 +250,9 @@ runc (dleidert)
samba
NOTE: 20230918: Added by Front-Desk (apo)
--
-sendmail
+sendmail (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
+ NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not
publish patches
:
=
data/dla-needed.txt
=
@@ -70,6 +70,7 @@ docker.io
NOTE: 20230424: Is in preparation. (gladk)
NOTE: 20230706: ask for review testing
https://lists.debian.org/debian-lts/2023/07/msg00013.html
NOTE: 20230801: rouca and santiago testing the swarm
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
603248c5 by Bastien Roucariès at 2024-02-13T22:25:52+00:00
CVE-2024-24557
Add note about existing workarround
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
@@ -229,11 +229,6 @@ squid
NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix
NOTE: 20240109: appears to be intrusive. I could not locate the fix for
CVE-2023-49288 yet. (apo)
--
-sudo (rouca)
- NOTE: 20231224: Added by Front-Desk (ta)
- NOTE: 20240128: Wait
(rouca)
- NOTE: 20240129: Added by Front-Desk (ta)
---
putty (santiago)
NOTE: 20231224: Added by Front-Desk (ta)
NOTE: 20230104: massive code change against bullseye. May be better to
backport bullseye (rouca)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security
=
@@ -181,7 +181,7 @@ openjdk-11 (Emilio)
pillow (Chris Lamb)
NOTE: 20240121: Added by Front-Desk (apo)
--
-postfix
+postfix (rouca)
NOTE: 20240129: Added by Front-Desk (ta)
--
putty (santiago)
View it on GitLab:
https://salsa.debian.org/security
-needed.txt
=
@@ -57,6 +57,7 @@ cinder
curl (rouca)
NOTE: 20231229: Added by Front-Desk (lamby)
NOTE: 20231229: CVE-2023-27534 fixed in bullseye via DSA or point release.
(lamby)
+ NOTE: https://salsa.debian.org/debian/curl/-/merge_requests/21
=
@@ -53,7 +53,7 @@ cinder
NOTE: 20230525: Added by Front-Desk (lamby)
NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store,
python-os-brick, nova and cinder.
--
-curl
+curl (rouca)
NOTE: 20231229: Added by Front-Desk (lamby)
NOTE: 20231229
-needed.txt
=
@@ -258,6 +258,8 @@ squid
--
sudo (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
+ NOTE: 20240128: Wait for review by sudo team (rouca)
+ NOTE: 20240128: Ported test suite (rouca)
--
suricata (Adrian Bunk)
NOTE: 20230620: Added by Front-Desk
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3ec6f26 by Bastien Roucariès at 2024-01-27T07:35:18+00:00
Add fixed version for CVE-2023-22084/buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
(bwh)
--
-mariadb-10.3 (rouca)
- NOTE: 20231129: Added by Front-Desk (Beuc)
- NOTE: 20240114: Contacted upstream about this particular CVE and that commit
fix it (rouca)
---
nova
NOTE: 20230302: Re-add, request by maintainer (Beuc)
NOTE: 20230302: zigo says that DLA 3302-1 ships a buster
update
=
data/dla-needed.txt
=
@@ -120,11 +120,6 @@ jenkins-htmlunit-core-js
jinja2
NOTE: 20240121: Added by Front-Desk (apo)
--
-keystone (rouca)
- NOTE: 20231102: Added by Front-Desk (lamby)
- NOTE: 20231102: Sync (eg. CVE
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b5542d69 by Bastien Roucariès at 2024-01-21T16:41:40+00:00
CVE-2023-42465
Add information about this hardening patch
Moreover only a few part are relevant for debian due to using PAM
- - - - -
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1873a9c by Bastien Roucariès at 2024-01-21T12:44:36+00:00
CVE-2015-8239
Add commit for fix
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee5aa032 by Bastien Roucariès at 2024-01-21T11:52:59+00:00
CVE-2023-28486
Add a new commit fixing a regression
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
@@ -242,7 +242,7 @@ squid
NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix
NOTE: 20240109: appears to be intrusive. I could not locate the fix for
CVE-2023-49288 yet. (apo)
--
-sudo
+sudo (rouca)
NOTE: 20231224: Added by Front-Desk
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
224343de by Bastien Roucariès at 2024-01-21T10:58:12+00:00
Subunit DLA is a bugfix update
Subunit fix is needed in order to fix keystone.
Subunit buggy test behavior lead to random FTBFS of
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ae902b1d by Bastien Roucariès at 2024-01-21T10:57:06+00:00
Reserve DLA-3713-1 for subunit
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
=
@@ -146,7 +146,7 @@ linux (Ben Hutchings)
linux-5.10
NOTE: 20231005: perma-added for LTS package-specific delegation (bwh)
--
-mariadb-10.3
+mariadb-10.3 (rouca)
NOTE: 20231129: Added by Front-Desk (Beuc)
NOTE: 20240114: Contacted upstream about
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b447e4f8 by Bastien Roucariès at 2024-01-16T19:50:36+00:00
CVE-2023-22084
Add upstream commit confirmed by upstream
- - - - -
1 changed file:
- data/CVE/list
Changes:
:
=
data/dla-needed.txt
=
@@ -143,6 +143,7 @@ linux-5.10
--
mariadb-10.3
NOTE: 20231129: Added by Front-Desk (Beuc)
+ NOTE: 20240114: Contacted upstream about this particular CVE and that commit
fix it (rouca)
--
nova
NOTE: 20230302: Re
-needed.txt
=
@@ -110,6 +110,7 @@ jenkins-htmlunit-core-js
keystone (rouca)
NOTE: 20231102: Added by Front-Desk (lamby)
NOTE: 20231102: Sync (eg. CVE-2021-38155) with stable etc. (lamby)
+ NOTE: 20240105: FTBFS due to
https://github.com/testing-cabal/subunit
] - netatalk 3.1.12~ds-3+deb10u5
=
data/dla-needed.txt
=
@@ -260,11 +260,6 @@ tinymce
NOTE: 20231216: upstream's patch is backportable, as the code has changed a
NOTE: 20231216: lot. (spwhitton)
--
-tomcat9 (rouca)
- NOTE
=
@@ -107,7 +107,7 @@ jenkins-htmlunit-core-js
NOTE: 20231231: … TransformerFactory without setting the ~secure flag, so it
may
NOTE: 20231231: … indeed be vulnerable. (lamby)
--
-keystone
+keystone (rouca)
NOTE: 20231102: Added by Front-Desk (lamby
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c96e2f59 by Bastien Roucariès at 2024-01-04T23:07:26+00:00
CVE-2023-28154 is not present in webpack3
Magic comment are not interpreted by vm.runInNewContext(`(function(){return
=
@@ -175,8 +175,9 @@ paramiko
postfix
NOTE: 20231224: Added by Front-Desk (ta)
--
-putty (rouca)
+putty
NOTE: 20231224: Added by Front-Desk (ta)
+ NOTE: 20230104: massive code change against bullseye. May be better to
backport bullseye (rouca)
--
python
=
@@ -175,7 +175,7 @@ paramiko
postfix
NOTE: 20231224: Added by Front-Desk (ta)
--
-putty
+putty (rouca)
NOTE: 20231224: Added by Front-Desk (ta)
--
python-django (Chris Lamb)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security
@@ kodi
NOTE: 20231228: Added by Front-Desk (lamby)
NOTE: 20231228: CVE-2021-42917 was postponed in 2021; fixed in bullseye via
DSA or point release. (lamby)
--
-libreoffice (rouca)
- NOTE: 20231217: Added by Front-Desk (utkarsh)
---
libreswan
NOTE: 20230817: Added by Front-Desk (ta
:
=
data/dla-needed.txt
=
@@ -21,13 +21,14 @@ To make it easier to see the entire history of an update,
please append notes
rather than remove/replace existing ones.
--
-ansible (rouca)
+ansible
NOTE: 20231202: Added by Front-Desk (Beuc)
NOTE: 20231202
=
@@ -20,6 +20,14 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.
+--
+ansible (rouca)
+ NOTE: 20231202: Added by Front
#Triage_new_security_issues
To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.
---
-ansible (rouca)
- NOTE: 20231202: Added by Front-Desk (Beuc)
- NOTE: 20231202: Supported package, but there's a CVE backlog, and no updates
-needed.txt
=
@@ -104,7 +104,7 @@ knot-resolver
libde265 (Thorsten Alteholz)
NOTE: 20231224: Added by Front-Desk (ta)
--
-libreoffice
+libreoffice (rouca)
NOTE: 20231217: Added by Front-Desk (utkarsh)
--
libreswan
View it on GitLab:
https://salsa.debian.org
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a6a8f28 by Bastien Roucariès at 2023-12-24T10:54:13+00:00
CVE-2021-20180: mark as not affected for buster and earlier
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e4968a10 by Bastien Roucariès at 2023-12-23T23:41:35+00:00
CVE-2021-20180
Mark as not affected code is introduced later than buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
@@ -238,9 +238,10 @@ tinymce
NOTE: 20231216: upstream's patch is backportable, as the code has changed a
NOTE: 20231216: lot. (spwhitton)
--
-tomcat9
+tomcat9 (rouca)
NOTE: 20231129: Added by Front-Desk (Beuc)
NOTE: 20131217: I have made a fix
:
=
data/dla-needed.txt
=
@@ -27,6 +27,7 @@ ansible (rouca)
NOTE: 20231202: (neither in LTS nor in stable/oldstable), so this is an
opportunity to
NOTE: 20231202: assess/fix the situation.
NOTE: 20231217: Begin to triage CVEs (rouca)
+ NOTE: 20231217
1 - 100 of 236 matches
Mail list logo