Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52879a11 by Salvatore Bonaccorso at 2023-12-18T08:19:49+01:00
Add curl to dsa-needed list
- - - - -
1 changed file:
- data/dsa-needed.txt
Changes:
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fce043ca by Salvatore Bonaccorso at 2023-12-18T07:04:04+01:00
Reference upstream fixes for CVE-2023-5047{1,2}/cjson
- - - - -
1 changed file:
- data/CVE/list
Changes:
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
430bc6e3 by Utkarsh Gupta at 2023-12-17T20:56:15+05:30
Take zfs-linux
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c32ef381 by Utkarsh Gupta at 2023-12-17T20:17:47+05:30
Mark slurm-llnl CVEs as end-of-life for buster
- - - - -
e2ab2d4d by Utkarsh Gupta at 2023-12-17T20:20:22+05:30
Mark TEMP-000-7CC552/tor as
Guilhem Moulin pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
61a40885 by Guilhem Moulin at 2023-12-18T03:00:25+01:00
Reserve DLA-3691-1 for spip
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef521425 by Utkarsh Gupta at 2023-12-17T19:27:32+05:30
Mark CVE-2023-4999{0-5}/espeak-ng as no-dsa for buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
53c35547 by Utkarsh Gupta at 2023-12-17T19:23:23+05:30
Mark CVE-2023-39804/tar as no-dsa for buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80784869 by Utkarsh Gupta at 2023-12-17T19:11:18+05:30
Mark CVE-2023-50781/m2crypto as no-dsa for buster
- - - - -
0984517a by Utkarsh Gupta at 2023-12-17T19:12:38+05:30
Mark
:
=
data/dla-needed.txt
=
@@ -75,6 +75,9 @@ dogecoin
frr
NOTE: 20231119: Added by Front-Desk (apo)
--
+haproxy
+ NOTE: 20231217: Added by Front-Desk (utkarsh)
+--
i2p
NOTE: 20230809: Added by Front-Desk (Beuc)
NOTE: 20230809: Experimental issue-based
=
@@ -35,7 +35,7 @@ asterisk
bind9 (Thorsten Alteholz)
NOTE: 20230921: Added by Front-Desk (apo)
NOTE: 20231008: backporting patches
- NOTE: 20231203: almost done with testing
+ NOTE: 20231217: almost done with testing
--
bouncycastle (Markus Koschany
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab967160 by Adrian Bunk at 2023-12-18T00:48:58+02:00
CVE-2023-46218/curl does not affect buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab8ff21d by Adrian Bunk at 2023-12-17T23:53:36+02:00
CVE-2023-27534/curl: This is a regression *fix*
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abe25e07 by Adrian Bunk at 2023-12-17T22:38:01+02:00
CVE-2023-27534/curl: Add regression
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
576f93ce by Salvatore Bonaccorso at 2023-12-17T21:32:22+01:00
Adapt information for CVE-2023-4237
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0467063d by Salvatore Bonaccorso at 2023-12-17T21:15:29+01:00
Add upstream tag information for upstream commits for easier tracking
- - - - -
46670c0f by Salvatore Bonaccorso at
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8735143d by security tracker role at 2023-12-17T20:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f6920ba by Salvatore Bonaccorso at 2023-12-17T21:08:10+01:00
Adapt information to directly reference upstream commits with upstream tags
- - - - -
1 changed file:
- data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aea84c91 by Salvatore Bonaccorso at 2023-12-17T20:58:19+01:00
Wrap long note and remove duplicate information
The last sentence was already covered by the longstanding note on the
CVE.
- - -
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
10332f1e by Salvatore Bonaccorso at 2023-12-17T20:47:52+01:00
Revert Document ansible/ansible-core split in embedded-code-copies
This reverts commit dcca933cb3028e0398fb1706189c4904e0c7a869.
:
=
data/dla-needed.txt
=
@@ -27,6 +27,7 @@ ansible (rouca)
NOTE: 20231202: (neither in LTS nor in stable/oldstable), so this is an
opportunity to
NOTE: 20231202: assess/fix the situation.
NOTE: 20231217: Begin to triage CVEs (rouca)
+ NOTE: 20231217
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b4582b8 by Bastien Roucariès at 2023-12-17T15:55:46+00:00
CVE-2023-4380 may be a AWX or RedHat only CVE
seeing the description this bug lie in a web interface. Likely awx component or
maybe
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4453f3b by Bastien Roucariès at 2023-12-17T15:30:15+00:00
Mark CVE-2023-4237 as concern for ansible
Red hat advisory are pretty confusing.
This patch lie in debian ansible package not
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
59c37332 by Bastien Roucariès at 2023-12-17T15:26:11+00:00
Add fix for CVE-2023-4237
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dcca933c by Bastien Roucariès at 2023-12-17T14:58:42+00:00
Document ansible/ansible-core split in embedded-code-copies
Upstream (redhat) use ansible as component for both, that could be
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
964dbac0 by Bastien Roucariès at 2023-12-17T14:54:51+00:00
Document that CVE-2023-4237 is fixed by ansible/ansible-core fix in ansible
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c9186fb by Bastien Roucariès at 2023-12-17T14:35:55+00:00
CVE-2019-14905 add ansible 2.7 fix
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
edd6f00c by Bastien Roucariès at 2023-12-17T14:27:47+00:00
Add fix for CVE-2019-14858 for ansible 2.7
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
74b2019d by Bastien Roucariès at 2023-12-17T14:08:48+00:00
Mark CVE-2021-3447 as fixed
Mark CVE-2021-3447 as fixed at least in upstream 2.9
- - - - -
1 changed file:
- data/CVE/list
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b08f3ec by Thorsten Alteholz at 2023-12-17T14:59:09+01:00
Reserve DLA-3686-2 for xorg-server
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98d3f244 by Bastien Roucariès at 2023-12-17T13:50:50+00:00
Add CVE-2021-3447 pull request
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
894d0f14 by Bastien Roucariès at 2023-12-17T13:44:45+00:00
Add note about CVE-2020-1736 documentation fix by ustream
- - - - -
1 changed file:
- data/CVE/list
Changes:
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f49abef by Bastien Roucariès at 2023-12-17T13:41:52+00:00
Add note about CVE-2020-1736 that is considered a documentatio issue upstream
According to upstream:
Specifying mode is the best way to
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1bfc7edd by Salvatore Bonaccorso at 2023-12-17T13:52:00+01:00
Reserve DSA number for xorg-server update
- - - - -
1 changed file:
- data/DSA/list
Changes:
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
107f34ce by Salvatore Bonaccorso at 2023-12-17T12:22:00+01:00
Add CVE-2023-50784/unrealircd
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b51be75 by Salvatore Bonaccorso at 2023-12-17T12:20:37+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f39a16c8 by Salvatore Bonaccorso at 2023-12-17T12:17:00+01:00
Track fixed version for CVE-2023-50262/php-dompdf
- - - - -
1 changed file:
- data/CVE/list
Changes:
, but there's a CVE backlog, and no updates
since 2021
NOTE: 20231202: (neither in LTS nor in stable/oldstable), so this is an
opportunity to
NOTE: 20231202: assess/fix the situation.
+ NOTE: 20231217: Begin to triage CVEs (rouca)
--
asterisk
NOTE: 20231210: Added by Front-Desk (ta)
View
Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d90c7a61 by Bastien Roucariès at 2023-12-17T10:14:48+00:00
Give back tomcat9
Fix is ready but my change are a little bit intrusive, so asked apo for review
- - - - -
1 changed file:
-
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9eb8ef49 by security tracker role at 2023-12-17T08:11:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
39 matches
Mail list logo