from:"Alessandro Ghedini"

[Git][security-tracker-team/security-tracker][master] curl issues are fixed in sid

2018-05-18 Thread Alessandro Ghedini

Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7dfa05e5 by Alessandro Ghedini at 2018-05-18T20:29:49+01:00
curl issues are fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -949,11 +949,11 @@ CVE-2018-10803 (Cross-site scripting (XSS) vulnerability 
in the add credentials 
 CVE-2018-1000301 [RTSP bad headers buffer over-read]
RESERVED
{DSA-4202-1 DLA-1379-1}
-   - curl  (bug #898856)
+   - curl 7.60.0-1 (bug #898856)
NOTE: https://curl.haxx.se/docs/adv_2018-b138.html
 CVE-2018-1000300 [FTP shutdown response buffer overflow]
RESERVED
-   - curl 
+   - curl 7.60.0-1
[stretch] - curl  (Vulnerable code introduced in 7.54.1)
[jessie] - curl  (Vulnerable code introduced in 7.54.1)
[wheezy] - curl  (Vulnerable code introduced in 7.54.1)
@@ -8003,17 +8003,17 @@ CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in 
Calibre 3.18 calls cPickle.load
NOTE: aeb5b036a0bf657951756688b3c72bd68b6e4a7d.
 CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including 
curl 7.58.0 ...)
{DSA-4136-1 DLA-1309-1}
-   - curl  (bug #893546)
+   - curl 7.60.0-1 (bug #893546)
NOTE: https://curl.haxx.se/docs/adv_2018-b047.html
NOTE: https://curl.haxx.se/CVE-2018-1000122.patch
 CVE-2018-1000121 (A NULL pointer dereference exists in curl 7.21.0 to and 
including curl ...)
{DSA-4136-1 DLA-1309-1}
-   - curl  (bug #893546)
+   - curl 7.60.0-1 (bug #893546)
NOTE: https://curl.haxx.se/docs/adv_2018-97a2.html
NOTE: https://curl.haxx.se/CVE-2018-1000121.patch
 CVE-2018-1000120 (A buffer overflow exists in curl 7.12.3 to and including 
curl 7.58.0 ...)
{DSA-4136-1 DLA-1309-1}
-   - curl  (bug #893546)
+   - curl 7.60.0-1 (bug #893546)
NOTE: https://curl.haxx.se/docs/adv_2018-9cd6.html
NOTE: https://curl.haxx.se/CVE-2018-1000120.patch
 CVE-2018-7888



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7dfa05e58ffa41e3b693116bb779bd1443caca99

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7dfa05e58ffa41e3b693116bb779bd1443caca99
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve curl DSA

2018-05-16 Thread Alessandro Ghedini

Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e1acd64c by Alessandro Ghedini at 2018-05-16T21:09:12+01:00
Reserve curl DSA

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[16 May 2018] DSA-4202-1 curl - security update
+   {CVE-2018-1000301}
+   [jessie] - curl 7.38.0-4+deb8u11
+   [stretch] - curl 7.52.1-5+deb9u6
 [15 May 2018] DSA-4201-1 xen - security update
{CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 
CVE-2018-10982}
[stretch] - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6


=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -19,8 +19,6 @@ asterisk/stable
 --
 chromium-browser
 --
-curl (ghedo)
---
 dokuwiki/oldstable
 --
 ffmpeg/stable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1acd64c1ba4ea3057a0fe07b0e2df5b53f493f8

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1acd64c1ba4ea3057a0fe07b0e2df5b53f493f8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] discount issues are fixed in sid

2018-08-11 Thread Alessandro Ghedini

Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a435135e by Alessandro Ghedini at 2018-08-11T11:51:22Z
discount issues are fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6776,7 +6776,7 @@ CVE-2018-12497
 CVE-2018-12496
RESERVED
 CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in 
DISCOUNT ...)
-   - discount  (bug #901912)
+   - discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
 CVE-2018-12494 (An issue discovered in PublicCMS V4.0.20180210. There is a 
Directory ...)
NOT-FOR-US: PublicCMS
@@ -9411,11 +9411,11 @@ CVE-2018-11506 (The sr_do_ioctl function in 
drivers/scsi/sr_ioctl.c in the Linux
 CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows 
attackers to ...)
NOT-FOR-US: Werewolf Online application for Android
 CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 
2.2.3a ...)
-   - discount  (bug #901912)
+   - discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
NOTE: POC: 
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase
 CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in 
DISCOUNT ...)
-   - discount  (bug #901912)
+   - discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
NOTE: POC: 
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
 CVE-2018-11502
@@ -9507,7 +9507,7 @@ CVE-2018-11469 (Incorrect caching of responses to 
requests including an Authoriz
[jessie] - haproxy  (Issue introduced in 1.8.0)
NOTE: 
https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06
 CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in 
DISCOUNT ...)
-   - discount  (bug #901912)
+   - discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189
NOTE: POC: 
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase
 CVE-2018-11467



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a435135e51e1c33a2fd3f60f2635ff71211015cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a435135e51e1c33a2fd3f60f2635ff71211015cf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] curl issue is fixed in sid

2018-08-11 Thread Alessandro Ghedini

Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cef35b8c by Alessandro Ghedini at 2018-08-11T13:04:16Z
curl issue is fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41057,7 +41057,7 @@ CVE-2018-0502
 CVE-2018-0501
RESERVED
 CVE-2018-0500 (Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and 
including ...)
-   - curl  (bug #903546)
+   - curl 7.61.0-1 (bug #903546)
[stretch] - curl  (Only affects 7.54.1 to 7.60.0)
[jessie] - curl  (Only affects 7.54.1 to 7.60.0)
NOTE: https://curl.haxx.se/docs/adv_2018-70a2.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cef35b8cd8ce2866df62c33181758a63ebaa2fd3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cef35b8cd8ce2866df62c33181758a63ebaa2fd3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] curl DSA

2018-09-05 Thread Alessandro Ghedini

Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8ce75fa9 by Alessandro Ghedini at 2018-09-05T20:17:10Z
curl DSA

- - - - -


1 changed file:

- data/DSA/list


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[05 Sep 2018] DSA-4286-1 curl - security update
+   {CVE-2018-14618}
+   [stretch] - curl 7.52.1-5+deb9u7
 [05 Sep 2018] DSA-4285-1 sympa - security update
{CVE-2018-1000550}
[stretch] - sympa 6.2.16~dfsg-3+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ce75fa99ec34efb6d1316dea862dde8e5932241

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ce75fa99ec34efb6d1316dea862dde8e5932241
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] curl DSA

2018-11-02 Thread Alessandro Ghedini

Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a21a5718 by Alessandro Ghedini at 2018-11-02T19:55:40Z
curl DSA

- - - - -


1 changed file:

- data/DSA/list


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[02 Nov 2018] DSA-4331-1 curl - security update
+   {CVE-2018-16839 CVE-2018-16842}
+   [stretch] - curl 7.52.1-5+deb9u8
 [02 Nov 2018] DSA-4330-1 chromium-browser - security update
{CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 
CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 
CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 
CVE-2018-17476 CVE-2018-17477}
[stretch] - chromium-browser 70.0.3538.67-1~deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a21a571842485525af25571763b5aa6d01513b05

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a21a571842485525af25571763b5aa6d01513b05
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] discount DSA

2018-09-14 Thread Alessandro Ghedini

Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
34e60adc by Alessandro Ghedini at 2018-09-14T20:15:29Z
discount DSA

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[14 Sep 2018] DSA-4293-1 discount - security update
+   {CVE-2018-11468 CVE-2018-11503 CVE-2018-11504 CVE-2018-12495}
+   [stretch] - discount 2.2.2-1+deb9u1
 [11 Sep 2018] DSA-4292-1 kamailio - security update
{CVE-2018-16657}
[stretch] - kamailio 4.4.4-2+deb9u3


=
data/dsa-needed.txt
=
@@ -20,8 +20,6 @@ asterisk
 --
 ceph
 --
-discount (ghedo)
---
 enigmail
 --
 ghostscript (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34e60adc2cacd75170d1584f35f195a4c42769ee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34e60adc2cacd75170d1584f35f195a4c42769ee
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Add fixed version for new curl CVEs

2019-02-06 Thread Alessandro Ghedini

Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7d6222ea by Alessandro Ghedini at 2019-02-06T20:55:28Z
Add fixed version for new curl CVEs

- - - - -
c298d18e by Alessandro Ghedini at 2019-02-06T20:55:28Z
Reserve curl DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
@@ -8345,13 +8345,13 @@ CVE-2019-3824
RESERVED
 CVE-2019-3823 [curl: SMTP end-of-response out-of-bounds read]
RESERVED
-   - curl 
+   - curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html
NOTE: Fixed by: 
https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
NOTE: Introduced by: 
https://github.com/curl/curl/commit/2766262a68688c1dd8143f9c4be84b46c408b70a
 CVE-2019-3822 [curl: NTLMv2 type-3 header stack buffer overflow]
RESERVED
-   - curl 
+   - curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html
NOTE: Fixed by: 
https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc
NOTE: Introduced by: 
https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
@@ -25982,7 +25982,7 @@ CVE-2018-16891
RESERVED
 CVE-2018-16890 [curl: NTLM type-2 out-of-bounds buffer read]
RESERVED
-   - curl 
+   - curl 7.64.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html
NOTE: Fixed by: 
https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
NOTE: Introduced by: 
https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62


=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[06 Feb 2019] DSA-4386-1 curl - security update
+   {CVE-2018-16890 CVE-2019-3822 CVE-2019-3823}
+   [stretch] - curl 7.52.1-5+deb9u9
 [05 Feb 2019] DSA-4385-1 dovecot - security update
{CVE-2019-3814}
[stretch] - dovecot 1:2.2.27-3+deb9u3


=
data/dsa-needed.txt
=
@@ -20,8 +20,6 @@ ansible
 --
 chromium
 --
-curl (ghedo)
---
 faad2
   not yet fixed upstream
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5ab2063a8c495e35ed26a7ed897b1ce650a16db5...c298d18e5deae14f41ef87a2e7ea17490c47cec4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5ab2063a8c495e35ed26a7ed897b1ce650a16db5...c298d18e5deae14f41ef87a2e7ea17490c47cec4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve curl DSA

2020-02-22 Thread Alessandro Ghedini



Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e65f074b by Alessandro Ghedini at 2020-02-22T15:14:42+00:00
Reserve curl DSA

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[22 Feb 2020] DSA-4633-1 curl - security update
+   {CVE-2019-5436 CVE-2019-5481 CVE-2019-5482}
+   [stretch] - curl 7.52.1-5+deb9u10
+   [buster] - curl 7.64.0-4+deb10u1
 [22 Feb 2020] DSA-4632-1 ppp - security update
{CVE-2020-8597}
[stretch] - ppp 2.4.7-1+4+deb9u1


=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source 
package.
 
---
-curl (ghedo)
 --
 glusterfs/oldstable
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f074b4d916c8b8fe6b997d20f287d4593aad8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f074b4d916c8b8fe6b997d20f287d4593aad8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for curl

2021-03-31 Thread Alessandro Ghedini



Alessandro Ghedini pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4ca8c2ab by Alessandro Ghedini at 2021-03-31T10:05:34+01:00
Reserve DSA number for curl

- - - - -


1 changed file:

- data/DSA/list


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[30 Mar 2021] DSA-4881-1 curl - security update
+   {CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 
CVE-2020-8286 CVE-2021-22876 CVE-2021-22890}
+   [buster] - curl 7.64.0-4+deb10u2
 [29 Mar 2021] DSA-4880-1 lxml - security update
{CVE-2021-28957}
[buster] - lxml 4.3.2-1+deb10u3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca8c2ab3ce94868950a0883e29dd11470c57b19

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca8c2ab3ce94868950a0883e29dd11470c57b19
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] curl issues are fixed in sid

[Git][security-tracker-team/security-tracker][master] Reserve curl DSA

[Git][security-tracker-team/security-tracker][master] discount issues are fixed in sid

[Git][security-tracker-team/security-tracker][master] curl issue is fixed in sid

[Git][security-tracker-team/security-tracker][master] curl DSA

[Git][security-tracker-team/security-tracker][master] curl DSA

[Git][security-tracker-team/security-tracker][master] discount DSA

[Git][security-tracker-team/security-tracker][master] 2 commits: Add fixed version for new curl CVEs

[Git][security-tracker-team/security-tracker][master] Reserve curl DSA

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for curl

10 matches

Site Navigation

Mail list logo

Footer information