[Git][security-tracker-team/security-tracker][master] Re-added the no-dsa decision for LTS golang-gogoprotobuf CVE-2021-3121. It was...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 0bde8510 by Ola Lundqvist at 2021-06-23T14:15:40+02:00 Re-added the no-dsa decision for LTS golang-gogoprotobuf CVE-2021-3121. It was previously marked for jessie which was not the intention. - - -

[Git][security-tracker-team/security-tracker][master] Triaged mapcache for stretch following no-dsa decision for buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: ce36f973 by Ola Lundqvist at 2021-06-23T23:16:13+02:00 Triaged mapcache for stretch following no-dsa decision for buster. - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Concluded that qemu update is not necessary for strech. CVE-2021-3607, 3608...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 937faf5c by Ola Lundqvist at 2021-06-21T22:47:24+02:00 Concluded that qemu update is not necessary for strech. CVE-2021-3607, 3608 and CVE-2021-3582 not affected since the vulnerable code is

[Git][security-tracker-team/security-tracker][master] Further checked firmware nonfree. The conclusion is thar firmware-nonfree does...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f6ecd0f by Ola Lundqvist at 2021-06-24T14:02:01+02:00 Further checked firmware nonfree. The conclusion is thar firmware-nonfree does not contain the vulnerable source. Instead the code is in the

[Git][security-tracker-team/security-tracker][master] Reverted the triage result for firmware-nonfree in strecth. It was concluded...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 24adab4c by Ola Lundqvist at 2021-06-25T08:14:33+02:00 Reverted the triage result for firmware-nonfree in strecth. It was concluded based on a false assumption. - - - - - 2 changed files: -

[Git][security-tracker-team/security-tracker][master] Removed firmware-nonfree from dla needed. Marked the relevant CVEs as either...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 05d65275 by Ola Lundqvist at 2021-05-20T08:35:47+02:00 Removed firmware-nonfree from dla needed. Marked the relevant CVEs as either ignored (if linux package update is needed as well) or plain no-dsa

[Git][security-tracker-team/security-tracker][master] Some more information about firmware-nonfree update plans.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: c5d0b8f4 by Ola Lundqvist at 2021-05-19T21:08:22+02:00 Some more information about firmware-nonfree update plans. - - - - - 1 changed file: - data/dla-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] Marked CVE-2021-3121 as no-dsa as discussed via email. Removed...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c673013 by Ola Lundqvist at 2021-05-19T09:11:02+02:00 Marked CVE-2021-3121 as no-dsa as discussed via email. Removed golang-gogoprotobuf from dla-needed as a result since no other CVEs are open for

[Git][security-tracker-team/security-tracker][master] Some update on status for firmware-nonfree.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bdf98d5 by Ola Lundqvist at 2021-05-19T09:21:03+02:00 Some update on status for firmware-nonfree. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Claim phpseclib for checking.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 8bd3e9bf by Ola Lundqvist at 2021-05-26T13:18:45+02:00 Claim phpseclib for checking. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Marked CVE-2021-30130 as not-affected, with a note, for stretch and removed...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d5db72c by Ola Lundqvist at 2021-05-26T13:47:48+02:00 Marked CVE-2021-30130 as not-affected, with a note, for stretch and removed *phpseclib from dla-needed file. - - - - - 2 changed files: -

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2020-35546 as no-dsa for stretch following decision for buster....

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a3b8f0d by Ola Lundqvist at 2021-05-28T23:32:22+02:00 Marked CVE-2020-35546 as no-dsa for stretch following decision for buster. Removed from dla-needed accordingly. - - - - - 56b99482 by Ola

[Git][security-tracker-team/security-tracker][master] Triage result for golang packages in stretch. Marked all issues for...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: e2cb5dfd by Ola Lundqvist at 2021-06-24T10:14:26+02:00 Triage result for golang packages in stretch. Marked all issues for golang-1.8, golang-x-text and golang-golang-x-net-dev as no-dsa since it is

[Git][security-tracker-team/security-tracker][master] Added libxstream-java to dla-needed with a note to look at the mail thread about this topic.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: b8f182bf by Ola Lundqvist at 2021-09-01T21:37:58+02:00 Added libxstream-java to dla-needed with a note to look at the mail thread about this topic. - - - - - 1 changed file: - data/dla-needed.txt

[Git][security-tracker-team/security-tracker][master] Re-claim libssh2.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f76e0f3 by Ola Lundqvist at 2021-11-16T09:48:00+01:00 Re-claim libssh2. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt

[Git][security-tracker-team/security-tracker][master] Claimed libssh2.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: ab78748f by Ola Lundqvist at 2021-10-31T22:38:36+01:00 Claimed libssh2. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt

[Git][security-tracker-team/security-tracker][master] Added exim4 to dla-needed following decision for bookworm.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: e8e75c4c by Ola Lundqvist at 2023-09-28T20:54:35+00:00 Added exim4 to dla-needed following decision for bookworm. - - - - - 1 changed file: - data/dla-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] Added gst-plugins-bad1.0 to dla-needed following decision for bookworm.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 55bc8f67 by Ola Lundqvist at 2023-09-28T21:12:17+00:00 Added gst-plugins-bad1.0 to dla-needed following decision for bookworm. - - - - - 1 changed file: - data/dla-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] Marked golang-golang-x-image CVEs as no-dsa for buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 76ca393a by Ola Lundqvist at 2023-10-01T19:46:41+00:00 Marked golang-golang-x-image CVEs as no-dsa for buster. it is a DoS vulnerability, rather minor and the package has limited support. - - - - -

[Git][security-tracker-team/security-tracker][master] 2 commits: Added a note about the work needed after upgrade of borgbackup.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 345ff70f by Ola Lundqvist at 2023-10-01T19:18:20+00:00 Added a note about the work needed after upgrade of borgbackup. - - - - - 66bd8cb9 by Ola Lundqvist at 2023-10-01T19:28:31+00:00 Marked a few

[Git][security-tracker-team/security-tracker][master] Marked composer CVE-2023-43655 as minor issue.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: c196dbfe by Ola Lundqvist at 2023-10-01T19:52:12+00:00 Marked composer CVE-2023-43655 as minor issue. This is only a vulnerability on an improper configuration. - - - - - 1 changed file: -

[Git][security-tracker-team/security-tracker][master] 3 commits: Buster no-dsa for gcc-7 and gcc-8 following bullseye decision.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: aee2a5c4 by Ola Lundqvist at 2023-10-01T19:31:36+00:00 Buster no-dsa for gcc-7 and gcc-8 following bullseye decision. - - - - - 4a2dfb1a by Ola Lundqvist at 2023-10-01T19:38:24+00:00 Marked

[Git][security-tracker-team/security-tracker][master] Added python-reportlab to dla-needed since it has been fixed in all later...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: a978d068 by Ola Lundqvist at 2023-09-26T14:24:52+00:00 Added python-reportlab to dla-needed since it has been fixed in all later releases and seems to be important. - - - - - 1 changed file: -

[Git][security-tracker-team/security-tracker][master] Marked a few CVEs as end-of-life for buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 56490f6a by Ola Lundqvist at 2023-09-29T18:46:49+00:00 Marked a few CVEs as end-of-life for buster. - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Corrected the package name of 389-ds-base in dla-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 4deb2397 by Ola Lundqvist at 2022-05-17T08:57:20+02:00 Corrected the package name of 389-ds-base in dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] Added exempi to dla-needed. Further analysis is needed but a lot of packages depends on libexempi8.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 64111f16 by Ola Lundqvist at 2022-05-17T09:13:55+02:00 Added exempi to dla-needed. Further analysis is needed but a lot of packages depends on libexempi8. - - - - - 1 changed file: -

[Git][security-tracker-team/security-tracker][master] 3 commits: Added 386-ds-base to DLA needed. The install base is small so the priority is...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: ce772c69 by Ola Lundqvist at 2022-05-17T08:51:02+02:00 Added 386-ds-base to DLA needed. The install base is small so the priority is probably low. Also the vulnerability is not the most important one

[Git][security-tracker-team/security-tracker][master] 4 commits: Added needrestart to dla-needed since CVE-2022-30688 is already fixed in buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: eb34768a by Ola Lundqvist at 2022-05-17T21:45:49+02:00 Added needrestart to dla-needed since CVE-2022-30688 is already fixed in buster. - - - - - 77d25545 by Ola Lundqvist at

[Git][security-tracker-team/security-tracker][master] Marked 43 CVEs (some from 2020, some from 2021 and some from 2022) as...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 41628ef6 by Ola Lundqvist at 2022-05-21T00:10:47+02:00 Marked 43 CVEs (some from 2020, some from 2021 and some from 2022) as end-of-life in stretch for gpac. - - - - - 1 changed file: -

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2021-44492 to CVE-2021-44510 as ignored in stretch following buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 843d2ece by Ola Lundqvist at 2022-05-20T23:31:25+02:00 Marked CVE-2021-44492 to CVE-2021-44510 as ignored in stretch following buster. - - - - - b64c0bbf by Ola Lundqvist at 2022-05-20T23:34:07+02:00

[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-1785 and CVE-2022-1796 as no-dsa for vim in strech.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a10d9eb by Ola Lundqvist at 2022-05-21T00:28:02+02:00 Marked CVE-2022-1785 and CVE-2022-1796 as no-dsa for vim in strech. - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Added firefox-esr to dla-needed. It looks serious enough to not halt any...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f3a2325 by Ola Lundqvist at 2022-05-22T23:27:37+02:00 Added firefox-esr to dla-needed. It looks serious enough to not halt any update. Did not check the source code so that must be done by someone.

[Git][security-tracker-team/security-tracker][master] 2 commits: libspring-java no longer supported for stretch. Marking CVE-2022-22970 and...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: e00cb9f6 by Ola Lundqvist at 2022-05-22T23:07:38+02:00 libspring-java no longer supported for stretch. Marking CVE-2022-22970 and CVE-2022-22971 accordingly. - - - - - a282c886 by Ola Lundqvist at

[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-1650 as end-of-life for strech according as suggested by the lts triaging script.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f0d1b4a by Ola Lundqvist at 2022-05-16T20:51:40+02:00 Marked CVE-2022-1650 as end-of-life for strech according as suggested by the lts triaging script. - - - - - 1 changed file: - data/CVE/list

[Git][security-tracker-team/security-tracker][master] slurm-llnl is clearly vulnerable so added to dla-needed.txt since it is also in dsa-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b060256 by Ola Lundqvist at 2022-05-16T21:13:46+02:00 slurm-llnl is clearly vulnerable so added to dla-needed.txt since it is also in dsa-needed. - - - - - 1 changed file: - data/dla-needed.txt

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2022-29973 as no-dsa for fuse-exfat in stretch following buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: af5206ef by Ola Lundqvist at 2022-05-16T21:29:41+02:00 Marked CVE-2022-29973 as no-dsa for fuse-exfat in stretch following buster. - - - - - a1cc783f by Ola Lundqvist at 2022-05-16T21:29:42+02:00

[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-29977 and CVE-2022-29978 as no-dsa following buster. This is...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: b52366c2 by Ola Lundqvist at 2022-05-16T21:33:21+02:00 Marked CVE-2022-29977 and CVE-2022-29978 as no-dsa following buster. This is just a few more issues in a long list for this package. - - - - -

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2022-30333 as no-dsa for rar and unrar-nonfree following buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 585f3dbe by Ola Lundqvist at 2022-05-16T22:08:00+02:00 Marked CVE-2022-30333 as no-dsa for rar and unrar-nonfree following buster. - - - - - b57c7034 by Ola Lundqvist at 2022-05-16T22:08:01+02:00

[Git][security-tracker-team/security-tracker][master] 8 commits: Wrote a script to bulk add EOL entries for LTS buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 55001d9c by Ola Lundqvist at 2022-07-11T23:23:41+02:00 Wrote a script to bulk add EOL entries for LTS buster. - - - - - b4c0adda by Ola Lundqvist at 2022-07-11T23:23:43+02:00 Bulk added EOL entries

[Git][security-tracker-team/security-tracker][master] 2 commits: Added curl to dla-needed since it is in DSA needed and at least one...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 35e96a7a by Ola Lundqvist at 2022-07-12T00:10:36+02:00 Added curl to dla-needed since it is in DSA needed and at least one vulnerability applies to buster as well. - - - - - 587dc5e1 by Ola

[Git][security-tracker-team/security-tracker][master] Updated lts-cve-triage.py script so that it checks for unsupported packages...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 441a14a6 by Ola Lundqvist at 2022-07-14T21:39:36+02:00 Updated lts-cve-triage.py script so that it checks for unsupported packages for buster insted of stretch. This will make future LTS front desk

[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-23816, CVE-2022-23825 and CVE-2022-29900 as end-of-life for buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: f601883c by Ola Lundqvist at 2022-07-14T22:15:14+02:00 Marked CVE-2022-23816, CVE-2022-23825 and CVE-2022-29900 as end-of-life for buster. - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Added firmware-nonfree to dla-needed and at the same time removed some CVEs...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b6a4a2b by Ola Lundqvist at 2022-09-06T22:57:34+02:00 Added firmware-nonfree to dla-needed and at the same time removed some CVEs with non-free not supported for buster since firmware-nonfree is now

[Git][security-tracker-team/security-tracker][master] 3 commits: Marked CVE-2021-30130 as not affected in buster for php-phpseclib and phpseclib.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 16e67227 by Ola Lundqvist at 2022-09-06T23:35:57+02:00 Marked CVE-2021-30130 as not affected in buster for php-phpseclib and phpseclib. - - - - - c6a9d207 by Ola Lundqvist at

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2021-3514 for 389-ds-base as no-dsa in buster with motivation minor...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: de10c4e2 by Ola Lundqvist at 2022-09-06T23:27:02+02:00 Marked CVE-2021-3514 for 389-ds-base as no-dsa in buster with motivation minor issue. This follows the decision made earlier for stretch. For

[Git][security-tracker-team/security-tracker][master] Marked quite a few golang issues as no-dsa for buster. Either with motivation...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: d678175c by Ola Lundqvist at 2022-09-06T22:28:10+02:00 Marked quite a few golang issues as no-dsa for buster. Either with motivation minor issue or limited support depending on the severity of the

[Git][security-tracker-team/security-tracker][master] 7 commits: Marked CVE-2022-37434 for libz-mingw-w64 as no-dsa with motivation minor issue...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e1acc24 by Ola Lundqvist at 2022-09-06T23:03:38+02:00 Marked CVE-2022-37434 for libz-mingw-w64 as no-dsa with motivation minor issue following the analysis for bullseye. - - - - - b457154a by Ola

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2022-38531 affecting gpac as EOL for buster LTS.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: dc036e00 by Ola Lundqvist at 2022-09-07T20:13:18+02:00 Marked CVE-2022-38531 affecting gpac as EOL for buster LTS. - - - - - d9e1d291 by Ola Lundqvist at 2022-09-07T20:19:12+02:00 Marked a few more

[Git][security-tracker-team/security-tracker][master] Added node-tar to dla-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 85c8e985 by Ola Lundqvist at 2022-09-07T21:23:00+02:00 Added node-tar to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] 5 commits: Marked CVE-2022-36059 affecting node-matrix-js-sdk as no-dsa in buster with motivation minor issue.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: dbc91343 by Ola Lundqvist at 2022-09-07T22:06:08+02:00 Marked CVE-2022-36059 affecting node-matrix-js-sdk as no-dsa in buster with motivation minor issue. - - - - - 2b0122c6 by Ola Lundqvist at

[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-35019 affecting advancecomp as no-dsa with motivation minor issue.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 985e30da by Ola Lundqvist at 2022-09-07T22:37:23+02:00 Marked CVE-2022-35019 affecting advancecomp as no-dsa with motivation minor issue. - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Marked CVE-2021-30130 for phpseclib and php-phpseclib as not affecterd in buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: bd20945d by Ola Lundqvist at 2022-09-05T23:27:53+02:00 Marked CVE-2021-30130 for phpseclib and php-phpseclib as not affecterd in buster. - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Added a note for pcs pacakge.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b06a387 by Ola Lundqvist at 2022-09-05T21:53:36+02:00 Added a note for pcs pacakge. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Added snort to dla-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f317a5a by Ola Lundqvist at 2022-09-05T22:18:35+02:00 Added snort to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] 2 commits: Added a note about CVE-2021-32686.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: e12105ff by Ola Lundqvist at 2022-09-05T21:42:21+02:00 Added a note about CVE-2021-32686. - - - - - b3da704c by Ola Lundqvist at 2022-09-05T21:43:31+02:00 Added pcs to dla-needed following decision

[Git][security-tracker-team/security-tracker][master] Added sqlite3 to dla-needed since the issues are of normal severity and should be easy to fix.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: d0a466ec by Ola Lundqvist at 2022-09-05T23:47:33+02:00 Added sqlite3 to dla-needed since the issues are of normal severity and should be easy to fix. - - - - - 1 changed file: -

[Git][security-tracker-team/security-tracker][master] 2 commits: Added hsqldb to dla-needed for further investigation. It is possibly a...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: a38a497a by Ola Lundqvist at 2022-10-31T14:35:45+01:00 Added hsqldb to dla-needed for further investigation. It is possibly a breaking change. A possible outcome is to ignore the issue. - - - - -

[Git][security-tracker-team/security-tracker][master] Added rabbitmq-server to dla-needed. It should be checked further since the...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cda4ada by Ola Lundqvist at 2022-10-31T15:08:25+01:00 Added rabbitmq-server to dla-needed. It should be checked further since the solution involves a new configuration option. - - - - - 1 changed

[Git][security-tracker-team/security-tracker][master] Added libapreq2 to dla-needed. Webserver crash is not a good thing so it should be solved.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 54134012 by Ola Lundqvist at 2022-10-31T15:11:18+01:00 Added libapreq2 to dla-needed. Webserver crash is not a good thing so it should be solved. - - - - - 1 changed file: - data/dla-needed.txt

[Git][security-tracker-team/security-tracker][master] 3 commits: Triaged cmark-gfm for LTS (buster) and concluded CVE-2022-24724 and...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e691a37 by Ola Lundqvist at 2022-10-31T12:39:58+01:00 Triaged cmark-gfm for LTS (buster) and concluded CVE-2022-24724 and CVE-2022-39209 to be minor issues. Same conclusion as for similar packages.

[Git][security-tracker-team/security-tracker][master] 3 commits: Marked all open CVEs for package aom as no-dsa with motivation minor issue in buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d67df40 by Ola Lundqvist at 2022-09-09T07:50:10+02:00 Marked all open CVEs for package aom as no-dsa with motivation minor issue in buster. - - - - - e6a12f33 by Ola Lundqvist at

[Git][security-tracker-team/security-tracker][master] Added mariadb-10.3 to dla-needed. There are no known urgent CVEs but the share...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: da509ec3 by Ola Lundqvist at 2022-09-09T08:20:47+02:00 Added mariadb-10.3 to dla-needed. There are no known urgent CVEs but the share volume of issues warrants a fix. May be fixed at the same time as

[Git][security-tracker-team/security-tracker][master] Updated the order of how issues are shown in lts-cve-triage command. The...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 4686a5af by Ola Lundqvist at 2022-09-09T08:03:12+02:00 Updated the order of how issues are shown in lts-cve-triage command. The reason is that it is more important to triage new potentially severe

[Git][security-tracker-team/security-tracker][master] Added paramiko to dla-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: c5ae7d5f by Ola Lundqvist at 2022-09-09T08:12:36+02:00 Added paramiko to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] 2 commits: Added openvswitch to dla-needed. There is no known fix for the problem. The...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: ee918a8d by Ola Lundqvist at 2022-09-11T22:50:24+02:00 Added openvswitch to dla-needed. There is no known fix for the problem. The paper suggest a short term workaround to be implemented and long

[Git][security-tracker-team/security-tracker][master] Added python-django to dla-needed with the motivatioon that some issues was...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 35f425ae by Ola Lundqvist at 2022-09-11T23:35:20+02:00 Added python-django to dla-needed with the motivatioon that some issues was fixed in stretch so it should be fixed for buster too. - - - - -

[Git][security-tracker-team/security-tracker][master] Added ruby-nokogiri to dla-needed with the motivation that the package was fixed in stretch.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 6983a3cc by Ola Lundqvist at 2022-09-11T23:45:19+02:00 Added ruby-nokogiri to dla-needed with the motivation that the package was fixed in stretch. - - - - - 1 changed file: - data/dla-needed.txt

[Git][security-tracker-team/security-tracker][master] Added mako to dla-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: a901342b by Ola Lundqvist at 2022-09-11T23:17:21+02:00 Added mako to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Added ruby-sinatra to dla-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 138c6f71 by Ola Lundqvist at 2022-09-11T23:50:42+02:00 Added ruby-sinatra to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Added zabbix to dla-needed with the motivation that some CVE was fixed in stretch.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 553b006f by Ola Lundqvist at 2022-09-12T00:01:36+02:00 Added zabbix to dla-needed with the motivation that some CVE was fixed in stretch. - - - - - 2 changed files: - data/CVE/list -

[Git][security-tracker-team/security-tracker][master] Triaged python-cmarkgfm for LTS (buster) and concluded CVE-2022-24724 and...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: b8c1e028 by Ola Lundqvist at 2022-10-31T15:51:43+01:00 Triaged python-cmarkgfm for LTS (buster) and concluded CVE-2022-24724 and CVE-2022-39209 to be minor issues. Same conclusion as cmark-gfm. - -

[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-42252 as minor issue for buster with the reasoning that the...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: fa9f9510 by Ola Lundqvist at 2022-11-01T23:57:27+01:00 Marked CVE-2022-42252 as minor issue for buster with the reasoning that the issue only occur when the system is explicitly configured to ignore

[Git][security-tracker-team/security-tracker][master] Added a note to rabbitmq-server.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d3dc636 by Ola Lundqvist at 2022-11-01T23:45:24+01:00 Added a note to rabbitmq-server. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Added jupyter-core to dla-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: d3516145 by Ola Lundqvist at 2022-11-02T00:06:13+01:00 Added jupyter-core to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-23467 as no-dsa since physical access is necessary to exploit the vulnerability.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: cff0496e by Ola Lundqvist at 2022-12-30T19:45:17+01:00 Marked CVE-2022-23467 as no-dsa since physical access is necessary to exploit the vulnerability. - - - - - 1 changed file: - data/CVE/list

[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add graphite-web to dla-needed.txt

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 00ddf671 by Ola Lundqvist at 2022-12-30T15:15:02+01:00 LTS: add graphite-web to dla-needed.txt - - - - - 3dfa2782 by Ola Lundqvist at 2022-12-30T15:15:03+01:00 Marked CVE-2020-36627 as no-dsa for

[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add apache2 to dla-needed.txt

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 03e36bc5 by Ola Lundqvist at 2022-12-27T23:49:56+01:00 LTS: add apache2 to dla-needed.txt - - - - - 4a728e13 by Ola Lundqvist at 2022-12-28T00:01:13+01:00 LTS: add openvswitch to dla-needed.txt - -

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2018-25060 as no-dsa for buster since it is a minor issue.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 975b5e3f by Ola Lundqvist at 2022-12-31T14:24:31+01:00 Marked CVE-2018-25060 as no-dsa for buster since it is a minor issue. - - - - - 03ff8af0 by Ola Lundqvist at 2022-12-31T14:28:50+01:00 LTS: add

[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: add 389-ds-base to dla-needed.txt

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 7535cac9 by Ola Lundqvist at 2022-12-31T14:34:02+01:00 LTS: add 389-ds-base to dla-needed.txt - - - - - 62569b8c by Ola Lundqvist at 2022-12-31T14:36:54+01:00 LTS: add python-oslo.privsep to

[Git][security-tracker-team/security-tracker][master] Marked CVE-2020-36367 as no-dsa since it is a minor issue.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 9aae874e by Ola Lundqvist at 2022-12-31T14:18:15+01:00 Marked CVE-2020-36367 as no-dsa since it is a minor issue. - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-23520, CVE-2022-23519 and CVE-2022-23517 as no-dsa or postponed for bustser.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 57fcc46b by Ola Lundqvist at 2022-12-31T14:54:29+01:00 Marked CVE-2022-23520, CVE-2022-23519 and CVE-2022-23517 as no-dsa or postponed for bustser. - - - - - 1 changed file: - data/CVE/list

[Git][security-tracker-team/security-tracker][master] Marked CVE-2020-23599 as no-dsa for buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bae6fd2 by Ola Lundqvist at 2022-12-31T15:06:01+01:00 Marked CVE-2020-23599 as no-dsa for buster. - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add ruby-sidekiq to dla-needed.txt

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 335f5b24 by Ola Lundqvist at 2022-12-31T15:15:31+01:00 LTS: add ruby-sidekiq to dla-needed.txt - - - - - 9ff425fd by Ola Lundqvist at 2022-12-31T15:15:42+01:00 LTS: add ruby-sinatra to dla-needed.txt

[Git][security-tracker-team/security-tracker][master] 3 commits: Marked CVE-2022-23514 and CVE-2022-23516 as no-dsa for buster.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: eaa7ac3f by Ola Lundqvist at 2022-12-31T14:59:56+01:00 Marked CVE-2022-23514 and CVE-2022-23516 as no-dsa for buster. - - - - - 6b93acdc by Ola Lundqvist at 2022-12-31T15:00:19+01:00 LTS: add

[Git][security-tracker-team/security-tracker][master] LTS: add nheko to dla-needed.txt

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: a4dfbae2 by Ola Lundqvist at 2023-01-01T15:12:42+01:00 LTS: add nheko to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] LTS: add snakeyaml to dla-needed.txt

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: c62e0807 by Ola Lundqvist at 2023-01-01T14:58:17+01:00 LTS: add snakeyaml to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] 2 commits: Reverted d2c2b240ffcc27edbc1008b66866fe49a62457dd since it is unclear whether...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: fb87e8e5 by Ola Lundqvist at 2023-01-01T15:04:54+01:00 Reverted d2c2b240ffcc27edbc1008b66866fe49a62457dd since it is unclear whether nvidia drivers are supported in buster or not. - - - - - f1f6f5eb

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2022-39209 and CVE-2022-24724 as no-dsa for buster following the...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 33e39279 by Ola Lundqvist at 2023-01-01T15:18:44+01:00 Marked CVE-2022-39209 and CVE-2022-24724 as no-dsa for buster following the same line as other packages in the same CVEs. - - - - - 264fbf07 by

[Git][security-tracker-team/security-tracker][master] 4 commits: Marked CVE-2021-35065 as no-dsa for buster following decision for bullseye.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 58fded44 by Ola Lundqvist at 2022-12-29T22:33:26+01:00 Marked CVE-2021-35065 as no-dsa for buster following decision for bullseye. - - - - - 5dd44285 by Ola Lundqvist at 2022-12-29T22:33:28+01:00

[Git][security-tracker-team/security-tracker][master] Marked first batch of CVEs for nvidia-graphics-drivers package as no-dsa for...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e3d48cd by Ola Lundqvist at 2022-12-27T23:12:13+01:00 Marked first batch of CVEs for nvidia-graphics-drivers package as no-dsa for buster since non-free is not supported. - - - - - 1 changed

[Git][security-tracker-team/security-tracker][master] LTS: add emacs to dla-needed.txt

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 5956f9b4 by Ola Lundqvist at 2022-12-27T23:17:50+01:00 LTS: add emacs to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] 2 commits: Decided to postpone CVE-2022-47927 for buster followint the decision for bullseye.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 78a3d6a8 by Ola Lundqvist at 2022-12-27T23:24:23+01:00 Decided to postpone CVE-2022-47927 for buster followint the decision for bullseye. - - - - - 7d5d0e57 by Ola Lundqvist at

[Git][security-tracker-team/security-tracker][master] Marked second batch of CVEs for nvidia-graphics-drivers package as no-dsa for...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: d2c2b240 by Ola Lundqvist at 2022-12-27T23:42:55+01:00 Marked second batch of CVEs for nvidia-graphics-drivers package as no-dsa for buster since non-free is not supported. - - - - - 1 changed

[Git][security-tracker-team/security-tracker][master] Marked CVE-2022-42920 for node-minimatch as no-dsa for buster following decision for bullseye.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c6923bf by Ola Lundqvist at 2022-10-31T20:49:44+01:00 Marked CVE-2022-42920 for node-minimatch as no-dsa for buster following decision for bullseye. - - - - - 1 changed file: - data/CVE/list

[Git][security-tracker-team/security-tracker][master] Added ceph to dla-needed. Do not have good enough experience with ceph to...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 77facee8 by Ola Lundqvist at 2022-10-31T21:12:41+01:00 Added ceph to dla-needed. Do not have good enough experience with ceph to conclude whether the vulnerability can be exploited in a Debian

[Git][security-tracker-team/security-tracker][master] Added ntfs-3g to dla-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 5822ccf1 by Ola Lundqvist at 2022-10-31T20:35:02+01:00 Added ntfs-3g to dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] Added sudo to dla-needed. It may not be the most important fix but sudo is a...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: d3fa28df by Ola Lundqvist at 2022-11-05T22:43:20+01:00 Added sudo to dla-needed. It may not be the most important fix but sudo is a very important function so better to be sure. - - - - - 1

[Git][security-tracker-team/security-tracker][master] Added pixman to dla-needed. It was hard to judge the severity of the issue so...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b0dc57e by Ola Lundqvist at 2022-11-05T22:55:01+01:00 Added pixman to dla-needed. It was hard to judge the severity of the issue so decided that it is better to fix the issue than not to and the fix

[Git][security-tracker-team/security-tracker][master] Added php-cas to dla-needed with a note that it should be investigated further...

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c7d0793 by Ola Lundqvist at 2022-11-05T22:32:39+01:00 Added php-cas to dla-needed with a note that it should be investigated further because the fix is not backwards compatible. - - - - - 1

[Git][security-tracker-team/security-tracker][master] Added nodejs to dla-needed following the decision to add it to dsa-needed.

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 094f3e24 by Ola Lundqvist at 2022-11-05T22:24:34+01:00 Added nodejs to dla-needed following the decision to add it to dsa-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes:

  1   2   3   >