[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10910/bluez
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 172c5dc4 by Salvatore Bonaccorso at 2018-07-23T08:29:27+02:00 Add CVE-2018-10910/bluez - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -8982,8 +8982,14 @@ CVE-2018-10912 RESERVED CVE-2018-10911 RESERVED -CVE-2018-10910 - RESERVED +CVE-2018-10910 [ailure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices] + RESERVED + - bluez + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1606203 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602985 + NOTE: Bug in src:bluez itself and would need fixing there, but it is workaroundable in + NOTE: gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89 + TODO: check, might not be a problem with Gnome <= 3.26, i.e. no-dsa for those suites CVE-2018-10909 RESERVED CVE-2018-10908 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/172c5dc499805c722084bd209c894634ff7b4fb8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/172c5dc499805c722084bd209c894634ff7b4fb8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9aac3a92 by Salvatore Bonaccorso at 2018-07-23T07:08:13+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -13,9 +13,9 @@ CVE-2018-14503 CVE-2018-14502 RESERVED CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as ...) - TODO: check + NOT-FOR-US: joyplus-cms CVE-2018-14500 (joyplus-cms 1.6.0 has XSS via the ...) - TODO: check + NOT-FOR-US: joyplus-cms CVE-2018-1999023 [arbitrary code execution/sandbox escape] - wesnoth-1.14 - wesnoth-1.12 @@ -41,7 +41,7 @@ CVE-2018-14494 CVE-2018-14493 RESERVED CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, ...) - TODO: check + NOT-FOR-US: Tenda devices CVE-2018- [CIVI-SA-2018-07: Remote code execution in QuickForm] - civicrm 5.3.1+dfsg-1 (bug #904215) NOTE: https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9aac3a92191d8ea446a06e6a616fb7781debc99a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9aac3a92191d8ea446a06e6a616fb7781debc99a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-12227/asterisk via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 967131d4 by Salvatore Bonaccorso at 2018-07-23T06:20:32+02:00 Add fixed version for CVE-2018-12227/asterisk via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -5629,7 +5629,7 @@ CVE-2018-12228 (An issue was discovered in Asterisk Open Source 15.x before 15.4 NOTE: http://downloads.asterisk.org/pub/security/AST-2018-007.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27807 CVE-2018-12227 (An issue was discovered in Asterisk Open Source 13.x before 13.21.1, ...) - - asterisk (bug #902954) + - asterisk 1:13.22.0~dfsg-1 (bug #902954) [jessie] - asterisk (vulnerable code not present) NOTE: http://downloads.asterisk.org/pub/security/AST-2018-008.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27818 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/967131d4fb1d4fedb0ea3f7c8a77f9c88821937e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/967131d4fb1d4fedb0ea3f7c8a77f9c88821937e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2017-16667/backintime
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20bce205 by Salvatore Bonaccorso at 2018-07-23T06:19:23+02:00 Add fixed version for CVE-2017-16667/backintime - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -41135,7 +41135,7 @@ CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticke NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d NOTE: OTRS 3.3: https://github.com/OTRS/otrs/commit/2e58a4bbd99b2477d72c3b2d9fef009537ab19ce CVE-2017-16667 (backintime (aka Back in Time) before 1.1.24 did improper ...) - - backintime (bug #881205) + - backintime 1.1.24-0.1 (bug #881205) [stretch] - backintime (Minor issue) [jessie] - backintime (Minor issue) [wheezy] - backintime (Vulnerable code does not exist) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/20bce205dc468383a51d5f82dbe0d7cd5634e7b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/20bce205dc468383a51d5f82dbe0d7cd5634e7b8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Triage CVE-2018-10893 (spice-gtk) for wheezy too." which needs to be…
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4b55e818 by Salvatore Bonaccorso at 2018-07-23T06:13:51+02:00
Revert "Triage CVE-2018-10893 (spice-gtk) for wheezy too." which
needs to be tracked in ELTS tracker
This reverts commit 42857e5c64d8cc77752d3c0a19f170770abc9f2c.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9041,7 +9041,6 @@ CVE-2018-10893 [Insufficient encoding checks for LZ can
cause different integer/
- spice-gtk (bug #904161)
[stretch] - spice-gtk (Minor issue)
[jessie] - spice-gtk (Minor issue)
- [wheezy] - spice-gtk (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598234
NOTE: Ongoing patch review:
https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html
CVE-2018-10892 (The default OCI linux spec in oci/defaults{_linux}.go in
Docker/Moby ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b55e818a7b6e3bfb6da84851c13f844303be3ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b55e818a7b6e3bfb6da84851c13f844303be3ce
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2018-10893 (spice-gtk) for wheezy too.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
42857e5c by Chris Lamb at 2018-07-23T11:22:49+08:00
Triage CVE-2018-10893 (spice-gtk) for wheezy too.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9041,6 +9041,7 @@ CVE-2018-10893 [Insufficient encoding checks for LZ can
cause different integer/
- spice-gtk (bug #904161)
[stretch] - spice-gtk (Minor issue)
[jessie] - spice-gtk (Minor issue)
+ [wheezy] - spice-gtk (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598234
NOTE: Ongoing patch review:
https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html
CVE-2018-10892 (The default OCI linux spec in oci/defaults{_linux}.go in
Docker/Moby ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/42857e5c64d8cc77752d3c0a19f170770abc9f2c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/42857e5c64d8cc77752d3c0a19f170770abc9f2c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2018-10893 (spice-gtk) for jessie.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0306f6c0 by Chris Lamb at 2018-07-23T11:17:07+08:00
Triage CVE-2018-10893 (spice-gtk) for jessie.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9040,6 +9040,7 @@ CVE-2018-10893 [Insufficient encoding checks for LZ can
cause different integer/
RESERVED
- spice-gtk (bug #904161)
[stretch] - spice-gtk (Minor issue)
+ [jessie] - spice-gtk (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598234
NOTE: Ongoing patch review:
https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html
CVE-2018-10892 (The default OCI linux spec in oci/defaults{_linux}.go in
Docker/Moby ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0306f6c0e009a95e9c4bf4fd00b955e50eb50a76
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0306f6c0e009a95e9c4bf4fd00b955e50eb50a76
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Correct distribution name from previous commit.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
676b71d7 by Chris Lamb at 2018-07-23T11:16:00+08:00
Correct distribution name from previous commit.
- - - - -
4c256355 by Chris Lamb at 2018-07-23T11:16:12+08:00
Triage CVE-2017-14989, CVE-2017-12597, CVE-2017-9116, CVE-2017-9115,
CVE-2017-9114, CVE-2017-9113, CVE-2017-9112, CVE-2017-9111 & CVE-2017-9110
(openexr) for jessie.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -521,7 +521,7 @@ CVE-2018-14338 (samples/geotag.cpp in the example code of
Exiv2 0.26 misuses the
CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in
mruby 1.4.1 ...)
- mruby (bug #903985)
[stretch] - mruby (Minor issue)
- [wheezy] - mruby (Minor issue)
+ [jessie] - mruby (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/4062
NOTE:
https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b
NOTE:
https://github.com/mruby/mruby/commit/adb1eae912659d680a9c5b7832e22cf73d36a69a
@@ -46323,6 +46323,7 @@ CVE-2017-14989 (A use-after-free in RenderFreetype in
MagickCore/annotate.c in .
CVE-2017-14988 (Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0
allows remote ...)
- openexr (bug #878551)
[stretch] - openexr (Minor issue)
+ [jessie] - openexr (Minor issue)
[wheezy] - openexr (Should be fixed along in future update)
NOTE: https://github.com/openexr/openexr/issues/248
CVE-2017-14987
@@ -53675,6 +53676,7 @@ CVE-2017-12597 (OpenCV (Open Source Computer Vision
Library) through 3.3 has an
CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer
over-read ...)
- openexr 2.2.0-11.1 (bug #877352)
[stretch] - openexr (Minor issue)
+ [jessie] - openexr (Minor issue)
[wheezy] - openexr 1.6.1-6+deb7u1
NOTE: https://github.com/openexr/openexr/issues/238
NOTE: Upstream fix
https://github.com/openexr/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c
@@ -64078,23 +64080,27 @@ CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of
size 1 in the uncompress fun
{DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[stretch] - openexr (Minor issue)
+ [jessie] - openexr (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator
function ...)
- openexr (bug #873885)
[stretch] - openexr (Minor issue)
+ [jessie] - openexr (Minor issue)
[wheezy] - openexr (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill
function in ...)
- openexr (bug #873885)
[stretch] - openexr (Minor issue)
+ [jessie] - openexr (Minor issue)
[wheezy] - openexr (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the
bufferedReadPixels ...)
- openexr (bug #873885)
[stretch] - openexr (Minor issue)
+ [jessie] - openexr (Minor issue)
[wheezy] - openexr (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
@@ -64102,11 +64108,13 @@ CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of
size 1 in the getBits functi
{DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[stretch] - openexr (Minor issue)
+ [jessie] - openexr (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE
function ...)
- openexr (bug #873885)
[stretch] - openexr (Minor issue)
+ [jessie] - openexr (Minor issue)
[wheezy] - openexr (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
@@ -64114,6 +64122,7 @@ CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of
size 2 in the hufDecode func
{DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[stretch] - openexr (Minor issue)
+ [jessie] - openexr (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9109
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker
[Git][security-tracker-team/security-tracker][master] Triage CVE-2018-14337 (mruby) for jessie.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d5c6999 by Chris Lamb at 2018-07-23T11:10:39+08:00 Triage CVE-2018-14337 (mruby) for jessie. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -521,6 +521,7 @@ CVE-2018-14338 (samples/geotag.cpp in the example code of Exiv2 0.26 misuses the CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 ...) - mruby (bug #903985) [stretch] - mruby (Minor issue) + [wheezy] - mruby (Minor issue) NOTE: https://github.com/mruby/mruby/issues/4062 NOTE: https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b NOTE: https://github.com/mruby/mruby/commit/adb1eae912659d680a9c5b7832e22cf73d36a69a View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d5c6999ff623547557ec39bdd61089c1b17b383 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d5c6999ff623547557ec39bdd61089c1b17b383 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f1223a19 by security tracker role at 2018-07-22T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,10 +1,28 @@
+CVE-2018-14509
+ RESERVED
+CVE-2018-14508
+ RESERVED
+CVE-2018-14507
+ RESERVED
+CVE-2018-14506
+ RESERVED
+CVE-2018-14504
+ RESERVED
+CVE-2018-14503
+ RESERVED
+CVE-2018-14502
+ RESERVED
+CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection,
as ...)
+ TODO: check
+CVE-2018-14500 (joyplus-cms 1.6.0 has XSS via the ...)
+ TODO: check
CVE-2018-1999023 [arbitrary code execution/sandbox escape]
- wesnoth-1.14
- wesnoth-1.12
- wesnoth-1.10
NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/1
NOTE:
https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318
(1.14.x)
-CVE-2018-14505 [allowing DNS rebinding attacks]
+CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks,
related to ...)
- mitmproxy (bug #904293)
NOTE: https://github.com/mitmproxy/mitmproxy/issues/3234
NOTE: https://github.com/mitmproxy/mitmproxy/pull/3243
@@ -1049,7 +1067,6 @@ CVE-2018-14073 (libsixel 1.8.1 has a memory leak in
sixel_allocator_new in alloc
[jessie] - libsixel (Minor issue)
NOTE:
https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926
NOTE:
https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
-
CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in
decoder.c, ...)
- libsixel (low; bug #903858)
[stretch] - libsixel (Minor issue)
@@ -24870,13 +24887,13 @@ CVE-2018-5271 (** DISPUTED ** In Malwarebytes Premium
3.3.1.2183, the driver fil
CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver
file ...)
NOT-FOR-US: Malwarebytes Premium
CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in ...)
- {DLA-1354-1}
+ {DLA-1438-1 DLA-1354-1}
- opencv (bug #886675)
[stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10540
NOTE: 2.4 backport:
https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in ...)
- {DLA-1354-1}
+ {DLA-1438-1 DLA-1354-1}
- opencv (bug #886674)
[stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10541
@@ -28380,7 +28397,7 @@ CVE-2017-1000452 (An XML Signature Wrapping
vulnerability exists in Samlify 2.2.
CVE-2017-1000451 (fs-git is a file system like api for git repository. The
fs-git ...)
NOT-FOR-US: fs-git
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions
FillUniColor and ...)
- {DLA-1235-1}
+ {DLA-1438-1 DLA-1235-1}
- opencv (bug #886282)
[stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9723
@@ -29857,7 +29874,7 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based
buffer over-read in ...)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the
cv::PxMDecoder::readData ...)
- {DLA-1235-1}
+ {DLA-1438-1 DLA-1235-1}
- opencv (bug #885843)
[stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10351
@@ -52783,17 +52800,17 @@ CVE-2017-12865 (Stack-based buffer overflow in
"dnsproxy.c" in connman
- connman 1.35-1 (bug #872844)
NOTE:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71
(1.35)
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function
ReadNumber did ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv (bug #875345)
[stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv (bug #875344)
[stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer
...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv (bug #875342)
[stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9370
@@ -53603,22 +53620,22 @@ CVE-2017-12607 (A vulnerability in OpenOffice's PPT
file parser before 4.1.4, a
[Git][security-tracker-team/security-tracker][master] Claim openssl in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 686a10d4 by Markus Koschany at 2018-07-22T21:48:12+02:00 Claim openssl in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -106,6 +106,8 @@ openjdk-7 (Emilio Pozuelo) openjpeg2 NOTE: 20180719: there is no patch available for the remaining CVEs -- +openssl (Markus Koschany) +-- phpldapadmin (Mike Gabriel) -- policykit-1 (Abhijith PA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/686a10d4ae35035cdc5ab6196768451204414071 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/686a10d4ae35035cdc5ab6196768451204414071 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14505
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb1b2997 by Salvatore Bonaccorso at 2018-07-22T21:38:26+02:00 Add bug reference for CVE-2018-14505 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -5,7 +5,7 @@ CVE-2018-1999023 [arbitrary code execution/sandbox escape] NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/1 NOTE: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 (1.14.x) CVE-2018-14505 [allowing DNS rebinding attacks] - - mitmproxy + - mitmproxy (bug #904293) NOTE: https://github.com/mitmproxy/mitmproxy/issues/3234 NOTE: https://github.com/mitmproxy/mitmproxy/pull/3243 CVE-2018-14499 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb1b29974cda8bbea7d214510a244d1d54d1ec5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb1b29974cda8bbea7d214510a244d1d54d1ec5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Remove TODO item for CVE-2018-1999023, clarified
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b0c7110 by Salvatore Bonaccorso at 2018-07-22T21:22:26+02:00 Remove TODO item for CVE-2018-1999023, clarified - - - - - e7660b45 by Salvatore Bonaccorso at 2018-07-22T21:25:01+02:00 Add CVE-2018-14505/mitmproxy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4,7 +4,10 @@ CVE-2018-1999023 [arbitrary code execution/sandbox escape] - wesnoth-1.10 NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/1 NOTE: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 (1.14.x) - TODO: check +CVE-2018-14505 [allowing DNS rebinding attacks] + - mitmproxy + NOTE: https://github.com/mitmproxy/mitmproxy/issues/3234 + NOTE: https://github.com/mitmproxy/mitmproxy/pull/3243 CVE-2018-14499 RESERVED CVE-2018-14498 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d7fee7628841a3927ce25ad2a1607fe22a488663...e7660b451bf8a3ece07f9cc605f096dce6e71a3f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d7fee7628841a3927ce25ad2a1607fe22a488663...e7660b451bf8a3ece07f9cc605f096dce6e71a3f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add commit reference for CVE-2018-1999023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d7fee762 by Salvatore Bonaccorso at 2018-07-22T20:59:31+02:00 Add commit reference for CVE-2018-1999023 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3,6 +3,7 @@ CVE-2018-1999023 [arbitrary code execution/sandbox escape] - wesnoth-1.12 - wesnoth-1.10 NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/1 + NOTE: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 (1.14.x) TODO: check CVE-2018-14499 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7fee7628841a3927ce25ad2a1607fe22a488663 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7fee7628841a3927ce25ad2a1607fe22a488663 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark busybox TEMP issue as fixed in Wheezy.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e5ab8afc by Markus Koschany at 2018-07-22T19:59:31+02:00 Mark busybox TEMP issue as fixed in Wheezy. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -123458,7 +123458,7 @@ CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti CVE-2015- [busybox: pointer misuse unziping files] - busybox 1:1.27.2-1 (bug #803097) [stretch] - busybox (Minor issue) - [wheezy] - busybox (Minor issue) + [wheezy] - busybox 1:1.20.0-7+deb7u1 [squeeze] - busybox 1:1.17.1-8+deb6u11 NOTE: workaround entry for DLA-337-1 until/if CVE assigned NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/25/3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5ab8afcff27f0a5897b4469862e2c26e427996f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5ab8afcff27f0a5897b4469862e2c26e427996f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1999023 to be checked
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc2c98dc by Salvatore Bonaccorso at 2018-07-22T17:43:59+02:00 Add CVE-2018-1999023 to be checked - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,9 @@ +CVE-2018-1999023 [arbitrary code execution/sandbox escape] + - wesnoth-1.14 + - wesnoth-1.12 + - wesnoth-1.10 + NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/1 + TODO: check CVE-2018-14499 RESERVED CVE-2018-14498 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc2c98dc507090ec74af7b58a7573e55514fb92b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc2c98dc507090ec74af7b58a7573e55514fb92b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 5 commits: Add and take network-manager-vpnc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f22ec648 by Salvatore Bonaccorso at 2018-07-22T13:54:34+02:00
Add and take network-manager-vpnc
- - - - -
b439e6e5 by Salvatore Bonaccorso at 2018-07-22T13:54:34+02:00
Remove CVE-2017-14136 reference
Reason: the opencv update never contained the incomplete fix for
CVE-2017-12597 alone in a released version. As such the jessie version
as well never got affected by CVE-2017-14136.
- - - - -
4cbd2f2f by Salvatore Bonaccorso at 2018-07-22T13:54:35+02:00
Add bug reference for CVE-2018-10900/network-manager-vpnc
- - - - -
05cd9f24 by Salvatore Bonaccorso at 2018-07-22T13:54:36+02:00
Reference full commit for CVE-2018-10900
- - - - -
8469ec59 by Salvatore Bonaccorso at 2018-07-22T13:57:57+02:00
libsixel: Add upstream commit and reference to the the backtrace comment
Add back the specific reference to comment, which links directly to the
backtrace in the upstream issue. In issue/67 two issues are handled.
CVE-2018-14072 is for
https://github.com/saitoha/libsixel/issues/67#issue-341198610
CVE-2018-14073 is for
https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926
Both are adressed by upstream in
https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1038,11 +1038,13 @@ CVE-2018-14073 (libsixel 1.8.1 has a memory leak in
sixel_allocator_new in alloc
[stretch] - libsixel (Minor issue)
[jessie] - libsixel (Minor issue)
NOTE:
https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926
+ NOTE:
https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
+
CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in
decoder.c, ...)
- libsixel (low; bug #903858)
[stretch] - libsixel (Minor issue)
[jessie] - libsixel (Minor issue)
- NOTE: https://github.com/saitoha/libsixel/issues/67
+ NOTE: https://github.com/saitoha/libsixel/issues/67#issue-341198610
NOTE:
https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
CVE-2018-14071 (The Geo Mashup plugin before 1.10.4 for WordPress has
insufficient ...)
NOT-FOR-US: Geo Mashup plugin for WordPress
@@ -8980,9 +8982,9 @@ CVE-2018-10901
RESERVED
CVE-2018-10900 [local privilege escalation]
RESERVED
- - network-manager-vpnc
+ - network-manager-vpnc (bug #904255)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3
- NOTE:
https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4
+ NOTE:
https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
CVE-2018-10899
RESERVED
CVE-2018-10898
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,5 +1,5 @@
[22 Jul 2018] DLA-1438-1 opencv - security update
- {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599
CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606
CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136 CVE-2017-17760
CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269}
+ {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599
CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606
CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-17760 CVE-2017-1000450
CVE-2018-5268 CVE-2018-5269}
[jessie] - opencv 2.4.9.1+dfsg-1+deb8u2
[21 Jul 2018] DLA-1437-1 slurm-llnl - security update
{CVE-2018-7033 CVE-2018-10995}
=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -60,6 +60,8 @@ mutt (carnil)
We will wait first for upload to unstable, and watch for regression reports
Non-urgent need for an update.
--
+network-manager-vpnc (carnil)
+--
openjdk-8 (jmm)
--
openjfx
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b9e66bd209835758545ab8e8954b735292648c2d...8469ec5959e934d28e88d1fc86de4322986aab55
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b9e66bd209835758545ab8e8954b735292648c2d...8469ec5959e934d28e88d1fc86de4322986aab55
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-14072/libsixel
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b9e66bd2 by Henri Salo at 2018-07-22T14:48:38+03:00 CVE-2018-14072/libsixel - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1042,7 +1042,8 @@ CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in deco - libsixel (low; bug #903858) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) - NOTE: https://github.com/saitoha/libsixel/issues/67#issue-341198610 + NOTE: https://github.com/saitoha/libsixel/issues/67 + NOTE: https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27 CVE-2018-14071 (The Geo Mashup plugin before 1.10.4 for WordPress has insufficient ...) NOT-FOR-US: Geo Mashup plugin for WordPress CVE-2018-14070 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9e66bd209835758545ab8e8954b735292648c2d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9e66bd209835758545ab8e8954b735292648c2d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim vim-syntastic and resiprocate
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: b22284ba by Thorsten Alteholz at 2018-07-22T12:48:26+02:00 claim vim-syntastic and resiprocate - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -112,7 +112,7 @@ policykit-1 (Abhijith PA) -- qemu (Santiago) -- -resiprocate +resiprocate (Thorsten Alteholz) -- ruby2.1 -- @@ -139,7 +139,7 @@ twitter-bootstrap -- twitter-bootstrap3 -- -vim-syntastic +vim-syntastic (Thorsten Alteholz) -- wine NOTE: Consider either fixing wine-development too or marking it as View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b22284badea9766ef33d54df6c63d80dedded06f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b22284badea9766ef33d54df6c63d80dedded06f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1438-1 for opencv
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b1e6610f by Thorsten Alteholz at 2018-07-22T12:37:25+02:00
Reserve DLA-1438-1 for opencv
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[22 Jul 2018] DLA-1438-1 opencv - security update
+ {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599
CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606
CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136 CVE-2017-17760
CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269}
+ [jessie] - opencv 2.4.9.1+dfsg-1+deb8u2
[21 Jul 2018] DLA-1437-1 slurm-llnl - security update
{CVE-2018-7033 CVE-2018-10995}
[jessie] - slurm-llnl 14.03.9-5+deb8u3
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -101,8 +101,6 @@ network-manager-vpnc (Mike Gabriel)
NOTE: 20180720: Should IMHO be bundled with
NOTE: 20180720:
https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/796628f56ab616371156464f4973c8368b388337
--
-opencv (Thorsten Alteholz)
---
openjdk-7 (Emilio Pozuelo)
--
openjpeg2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1e6610fe616573d8bda86048d79fa5dceb91969
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1e6610fe616573d8bda86048d79fa5dceb91969
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b48f0348 by security tracker role at 2018-07-22T08:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -40814,6 +40814,7 @@ CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminab CVE-2017-16791 RESERVED CVE-2017-16790 [Ensure that submitted data are uploaded files] + RESERVED - symfony 3.4.0+dfsg-1 NOTE: https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files NOTE: https://github.com/symfony/symfony/pull/24993 @@ -41126,10 +41127,12 @@ CVE-2017-16656 CVE-2017-16655 RESERVED CVE-2017-16654 [Intl bundle readers breaking out of paths] + RESERVED - symfony 3.4.0+dfsg-1 NOTE: https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths NOTE: https://github.com/symfony/symfony/pull/24994 CVE-2017-16653 [CSRF protection does not use different tokens for HTTP and HTTPS] + RESERVED - symfony 3.4.0+dfsg-1 NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https NOTE: https://github.com/symfony/symfony/pull/24992 @@ -57169,6 +57172,7 @@ CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-0 CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before 2.8.4 is ...) NOT-FOR-US: Codiad CVE-2017-11365 [Empty passwords validation issue] + RESERVED - symfony (introduced in versions that were never packaged in Debian) NOTE: https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b48f03488ae2aa8db91078e8fd776e9d015e4b55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b48f03488ae2aa8db91078e8fd776e9d015e4b55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
