[Git][security-tracker-team/security-tracker][master] 5 commits: add openssh

[Thorsten Alteholz (@alteholz)]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cb7a1cf7 by Thorsten Alteholz at 2023-12-19T00:20:24+01:00
add openssh

- - - - -
ef35183e by Thorsten Alteholz at 2023-12-19T00:24:29+01:00
add dropbear

- - - - -
bf93abcd by Thorsten Alteholz at 2023-12-19T00:25:14+01:00
add golang-go.crypto

- - - - -
19316c27 by Thorsten Alteholz at 2023-12-19T00:26:00+01:00
add libssh

- - - - -
a5d1da40 by Thorsten Alteholz at 2023-12-19T00:26:49+01:00
add libssh2

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -74,9 +74,15 @@ dogecoin
   NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
   NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the 
initiatives. (Beuc/front-desk)
 --
+dropbear
+  NOTE: 20231219: Added by Front-Desk (ta)
+--
 frr
   NOTE: 20231119: Added by Front-Desk (apo)
 --
+golang-go.crypto
+  NOTE: 20231219: Added by Front-Desk (ta)
+--
 haproxy
   NOTE: 20231217: Added by Front-Desk (utkarsh)
 --
@@ -107,6 +113,12 @@ libreswan
   NOTE: 20230909: all due to code refactoring. I intend to package the version
   NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the 
fix. (apo)
 --
+libssh
+  NOTE: 20231219: Added by Front-Desk (ta)
+--
+libssh2
+  NOTE: 20231219: Added by Front-Desk (ta)
+--
 libstb
   NOTE: 20231029: Added by Front-Desk (gladk)
   NOTE: 20231029: A lot of open CVEs. Maybe duplicates.
@@ -150,6 +162,9 @@ nvidia-cuda-toolkit
   NOTE: 20230610: Details: 
https://lists.debian.org/debian-lts/2023/06/msg00032.html
   NOTE: 20230610: my recommendation would be to put the package on the 
"not-supported" list. (tobi)
 --
+openssh
+  NOTE: 20231219: Added by Front-Desk (ta)
+--
 osslsigncode
   NOTE: 20230925: Added by Front-Desk (apo)
   NOTE: 20230925: Maybe a new upstream release should just do the trick here.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e88892d15d8255a2c3b4f96ce9fbe8be4a265d1b...a5d1da409d4da3fa6bb19318c046e59ce220e144

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e88892d15d8255a2c3b4f96ce9fbe8be4a265d1b...a5d1da409d4da3fa6bb19318c046e59ce220e144
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 5 commits: add openssh

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3ba09897 by Thorsten Alteholz at 2019-01-21T15:06:13Z
add openssh

- - - - -
830540c5 by Thorsten Alteholz at 2019-01-21T15:06:14Z
mark CVE-2018-20712 as no-dsa for jessie

- - - - -
1fab3234 by Thorsten Alteholz at 2019-01-21T15:06:14Z
add firmware-nonfree

- - - - -
0574e5b3 by Thorsten Alteholz at 2019-01-21T15:06:16Z
mark CVE-2019-6293 as no-dsa for jessie

- - - - -
07d6ee5a by Thorsten Alteholz at 2019-01-21T15:06:17Z
mark CVE-2019-5010 as postponed for jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -530,6 +530,7 @@ CVE-2017-18356 (In the Automattic WooCommerce plugin before 
3.2.4 for WordPress,
 CVE-2019-6293 (An issue was discovered in the function 
mark_beginning_as_normal in ...)
- flex  (low; bug #919428)
[stretch] - flex  (Minor issue)
+   [jessie] - flex  (Minor issue)
NOTE: https://github.com/westes/flex/issues/414
 CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka 
...)
- yaml-cpp  (bug #919430)
@@ -580,6 +581,7 @@ CVE-2019-6279
 CVE-2018-20712 (A heap-based buffer over-read exists in the function 
d_expression_1 in ...)
- binutils 
[stretch] - binutils  (Minor issue)
+   [jessie] - binutils  (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
 CVE-2018-20711
@@ -3372,6 +3374,7 @@ CVE-2019-5010 [NULL pointer dereference using a specially 
crafted X509 certifica
- python3.4 
- python2.7 
[stretch] - python2.7  (Minor issue, can be fixed along in a 
future DSA)
+   [jessie] - python2.7  (Minor issue, can be fixed along in a 
future DSA)
NOTE: https://bugs.python.org/issue35746
NOTE: https://github.com/python/cpython/pull/11569
NOTE: 
https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031
 (3.7.x)


=
data/dla-needed.txt
=
@@ -27,6 +27,9 @@ exiv2 (Thorsten Alteholz)
 faad2
   NOTE: 20181214: No known patch yet. Not urgent but would be good to fix. 
(opal)
 --
+firmware-nonfree
+  NOTE: needed by sponsors
+--
 freerdp (Mike Gabriel)
   NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
   NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I 
will ask upstream
@@ -90,6 +93,8 @@ openjpeg2
   NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not 
sure it's worth it either.
   NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle)
 --
+openssh
+--
 phpmyadmin (Lucas Kanashiro)
   NOTE: 20190116: Please also fix no-dsa issue CVE-2018-19970 (requested by 
sunweaver, with frontdesk hat on)
   NOTE: 20190116: Please also triage CVE-2018-19969. Thanks.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits