[Git][security-tracker-team/security-tracker][master] curl issues are fixed in sid
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: 7dfa05e5 by Alessandro Ghedini at 2018-05-18T20:29:49+01:00 curl issues are fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -949,11 +949,11 @@ CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials CVE-2018-1000301 [RTSP bad headers buffer over-read] RESERVED {DSA-4202-1 DLA-1379-1} - - curl (bug #898856) + - curl 7.60.0-1 (bug #898856) NOTE: https://curl.haxx.se/docs/adv_2018-b138.html CVE-2018-1000300 [FTP shutdown response buffer overflow] RESERVED - - curl + - curl 7.60.0-1 [stretch] - curl (Vulnerable code introduced in 7.54.1) [jessie] - curl (Vulnerable code introduced in 7.54.1) [wheezy] - curl (Vulnerable code introduced in 7.54.1) @@ -8003,17 +8003,17 @@ CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load NOTE: aeb5b036a0bf657951756688b3c72bd68b6e4a7d. CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 ...) {DSA-4136-1 DLA-1309-1} - - curl (bug #893546) + - curl 7.60.0-1 (bug #893546) NOTE: https://curl.haxx.se/docs/adv_2018-b047.html NOTE: https://curl.haxx.se/CVE-2018-1000122.patch CVE-2018-1000121 (A NULL pointer dereference exists in curl 7.21.0 to and including curl ...) {DSA-4136-1 DLA-1309-1} - - curl (bug #893546) + - curl 7.60.0-1 (bug #893546) NOTE: https://curl.haxx.se/docs/adv_2018-97a2.html NOTE: https://curl.haxx.se/CVE-2018-1000121.patch CVE-2018-1000120 (A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 ...) {DSA-4136-1 DLA-1309-1} - - curl (bug #893546) + - curl 7.60.0-1 (bug #893546) NOTE: https://curl.haxx.se/docs/adv_2018-9cd6.html NOTE: https://curl.haxx.se/CVE-2018-1000120.patch CVE-2018-7888 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7dfa05e58ffa41e3b693116bb779bd1443caca99 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7dfa05e58ffa41e3b693116bb779bd1443caca99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve curl DSA
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: e1acd64c by Alessandro Ghedini at 2018-05-16T21:09:12+01:00 Reserve curl DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,7 @@ +[16 May 2018] DSA-4202-1 curl - security update + {CVE-2018-1000301} + [jessie] - curl 7.38.0-4+deb8u11 + [stretch] - curl 7.52.1-5+deb9u6 [15 May 2018] DSA-4201-1 xen - security update {CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982} [stretch] - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6 = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -19,8 +19,6 @@ asterisk/stable -- chromium-browser -- -curl (ghedo) --- dokuwiki/oldstable -- ffmpeg/stable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1acd64c1ba4ea3057a0fe07b0e2df5b53f493f8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1acd64c1ba4ea3057a0fe07b0e2df5b53f493f8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] discount issues are fixed in sid
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: a435135e by Alessandro Ghedini at 2018-08-11T11:51:22Z discount issues are fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -6776,7 +6776,7 @@ CVE-2018-12497 CVE-2018-12496 RESERVED CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT ...) - - discount (bug #901912) + - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501 CVE-2018-12494 (An issue discovered in PublicCMS V4.0.20180210. There is a Directory ...) NOT-FOR-US: PublicCMS @@ -9411,11 +9411,11 @@ CVE-2018-11506 (The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows attackers to ...) NOT-FOR-US: Werewolf Online application for Android CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a ...) - - discount (bug #901912) + - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798 NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT ...) - - discount (bug #901912) + - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798 NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase CVE-2018-11502 @@ -9507,7 +9507,7 @@ CVE-2018-11469 (Incorrect caching of responses to requests including an Authoriz [jessie] - haproxy (Issue introduced in 1.8.0) NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06 CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT ...) - - discount (bug #901912) + - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189 NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase CVE-2018-11467 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a435135e51e1c33a2fd3f60f2635ff71211015cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a435135e51e1c33a2fd3f60f2635ff71211015cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] curl issue is fixed in sid
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: cef35b8c by Alessandro Ghedini at 2018-08-11T13:04:16Z curl issue is fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -41057,7 +41057,7 @@ CVE-2018-0502 CVE-2018-0501 RESERVED CVE-2018-0500 (Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including ...) - - curl (bug #903546) + - curl 7.61.0-1 (bug #903546) [stretch] - curl (Only affects 7.54.1 to 7.60.0) [jessie] - curl (Only affects 7.54.1 to 7.60.0) NOTE: https://curl.haxx.se/docs/adv_2018-70a2.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cef35b8cd8ce2866df62c33181758a63ebaa2fd3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cef35b8cd8ce2866df62c33181758a63ebaa2fd3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] curl DSA
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ce75fa9 by Alessandro Ghedini at 2018-09-05T20:17:10Z curl DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[05 Sep 2018] DSA-4286-1 curl - security update + {CVE-2018-14618} + [stretch] - curl 7.52.1-5+deb9u7 [05 Sep 2018] DSA-4285-1 sympa - security update {CVE-2018-1000550} [stretch] - sympa 6.2.16~dfsg-3+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ce75fa99ec34efb6d1316dea862dde8e5932241 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ce75fa99ec34efb6d1316dea862dde8e5932241 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] curl DSA
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: a21a5718 by Alessandro Ghedini at 2018-11-02T19:55:40Z curl DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[02 Nov 2018] DSA-4331-1 curl - security update + {CVE-2018-16839 CVE-2018-16842} + [stretch] - curl 7.52.1-5+deb9u8 [02 Nov 2018] DSA-4330-1 chromium-browser - security update {CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477} [stretch] - chromium-browser 70.0.3538.67-1~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a21a571842485525af25571763b5aa6d01513b05 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a21a571842485525af25571763b5aa6d01513b05 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] discount DSA
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: 34e60adc by Alessandro Ghedini at 2018-09-14T20:15:29Z discount DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[14 Sep 2018] DSA-4293-1 discount - security update + {CVE-2018-11468 CVE-2018-11503 CVE-2018-11504 CVE-2018-12495} + [stretch] - discount 2.2.2-1+deb9u1 [11 Sep 2018] DSA-4292-1 kamailio - security update {CVE-2018-16657} [stretch] - kamailio 4.4.4-2+deb9u3 = data/dsa-needed.txt = @@ -20,8 +20,6 @@ asterisk -- ceph -- -discount (ghedo) --- enigmail -- ghostscript (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34e60adc2cacd75170d1584f35f195a4c42769ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34e60adc2cacd75170d1584f35f195a4c42769ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add fixed version for new curl CVEs
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d6222ea by Alessandro Ghedini at 2019-02-06T20:55:28Z Add fixed version for new curl CVEs - - - - - c298d18e by Alessandro Ghedini at 2019-02-06T20:55:28Z Reserve curl DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -8345,13 +8345,13 @@ CVE-2019-3824 RESERVED CVE-2019-3823 [curl: SMTP end-of-response out-of-bounds read] RESERVED - - curl + - curl 7.64.0-1 NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html NOTE: Fixed by: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484 NOTE: Introduced by: https://github.com/curl/curl/commit/2766262a68688c1dd8143f9c4be84b46c408b70a CVE-2019-3822 [curl: NTLMv2 type-3 header stack buffer overflow] RESERVED - - curl + - curl 7.64.0-1 NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html NOTE: Fixed by: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62 @@ -25982,7 +25982,7 @@ CVE-2018-16891 RESERVED CVE-2018-16890 [curl: NTLM type-2 out-of-bounds buffer read] RESERVED - - curl + - curl 7.64.0-1 NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html NOTE: Fixed by: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62 = data/DSA/list = @@ -1,3 +1,6 @@ +[06 Feb 2019] DSA-4386-1 curl - security update + {CVE-2018-16890 CVE-2019-3822 CVE-2019-3823} + [stretch] - curl 7.52.1-5+deb9u9 [05 Feb 2019] DSA-4385-1 dovecot - security update {CVE-2019-3814} [stretch] - dovecot 1:2.2.27-3+deb9u3 = data/dsa-needed.txt = @@ -20,8 +20,6 @@ ansible -- chromium -- -curl (ghedo) --- faad2 not yet fixed upstream -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5ab2063a8c495e35ed26a7ed897b1ce650a16db5...c298d18e5deae14f41ef87a2e7ea17490c47cec4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5ab2063a8c495e35ed26a7ed897b1ce650a16db5...c298d18e5deae14f41ef87a2e7ea17490c47cec4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve curl DSA
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: e65f074b by Alessandro Ghedini at 2020-02-22T15:14:42+00:00 Reserve curl DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[22 Feb 2020] DSA-4633-1 curl - security update + {CVE-2019-5436 CVE-2019-5481 CVE-2019-5482} + [stretch] - curl 7.52.1-5+deb9u10 + [buster] - curl 7.64.0-4+deb10u1 [22 Feb 2020] DSA-4632-1 ppp - security update {CVE-2020-8597} [stretch] - ppp 2.4.7-1+4+deb9u1 = data/dsa-needed.txt = @@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. --- -curl (ghedo) -- glusterfs/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f074b4d916c8b8fe6b997d20f287d4593aad8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f074b4d916c8b8fe6b997d20f287d4593aad8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for curl
Alessandro Ghedini pushed to branch master at Debian Security Tracker / security-tracker Commits: 4ca8c2ab by Alessandro Ghedini at 2021-03-31T10:05:34+01:00 Reserve DSA number for curl - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[30 Mar 2021] DSA-4881-1 curl - security update + {CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890} + [buster] - curl 7.64.0-4+deb10u2 [29 Mar 2021] DSA-4880-1 lxml - security update {CVE-2021-28957} [buster] - lxml 4.3.2-1+deb10u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca8c2ab3ce94868950a0883e29dd11470c57b19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca8c2ab3ce94868950a0883e29dd11470c57b19 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits