[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: bc5f8d18 by Thorsten Alteholz at 2024-05-13T10:32:48+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -301,7 +301,7 @@ tiff (Thorsten Alteholz) NOTE: 20240314: Added by coordinator (roberto) NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and NOTE: 20240314: bookworm. Uploads to spu and ospu should be coordinated. (roberto) - NOTE: 20240428: testing package + NOTE: 20240513: not satisfied with results, so still testing package -- tinymce NOTE: 20231123: Added by Front-Desk (ola) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc5f8d18c9587e9a33392209715278b9cbbc185c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc5f8d18c9587e9a33392209715278b9cbbc185c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: dad7e5e1 by Abhijith PA at 2024-05-06T14:54:03+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -115,6 +115,7 @@ jenkins-htmlunit-core-js -- less (Abhijith PA) NOTE: 20240418: Added by Front-Desk (apo) + NOTE: 20240506: Pushed CVE-2022-48624 fix to git repo. (abhijith) -- libmojolicious-perl NOTE: 20240421: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dad7e5e19b57436f369db05072ce3e81f4ede2ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dad7e5e19b57436f369db05072ce3e81f4ede2ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for py7zr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5440071 by Salvatore Bonaccorso at 2024-03-29T09:24:38+01:00 Update note for py7zr - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -64,7 +64,7 @@ phppgadmin pillow (jmm) -- py7zr/oldstable - Santiago (santiago) is working on an update for bullseye + Santiago (santiago) posted debdiff for review for bullseye -- pymatgen/stable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5440071ac8b65f5320800a9de8c9403ecb165ba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5440071ac8b65f5320800a9de8c9403ecb165ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2024-24557
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71ad7257 by Salvatore Bonaccorso at 2024-02-14T06:59:34+01:00 Update note for CVE-2024-24557 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2349,10 +2349,10 @@ CVE-2024-24557 (Moby is an open-source project created by Docker to enable softw - docker.io [bookworm] - docker.io (Minor issue) [bullseye] - docker.io (Minor issue) - [buster] - docker.io (Minor issue with workarround) + [buster] - docker.io (Minor issue with workarounds) NOTE: https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae NOTE: https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc - NOTE: workarround exists + NOTE: Workarounds exists (cf. GHSA-xw73-rw38-6vjc): Avoid using the cache or use Buildkit CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: springboot-manager CVE-2024-24061 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71ad72574f437f9e87ecf60d26a2e86f4d02e909 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71ad72574f437f9e87ecf60d26a2e86f4d02e909 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 9070cc46 by Thorsten Alteholz at 2024-01-28T23:33:55+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -36,6 +36,7 @@ atril -- bind9 (Thorsten Alteholz) NOTE: 20230921: Added by Front-Desk (apo) + NOTE: 20240128: was distracted and need another few days for upload -- cacti (Sylvain Beucler) NOTE: 20230906: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9070cc460087ff176db3aa2f35cdf4830435bd65 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9070cc460087ff176db3aa2f35cdf4830435bd65 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 9985e4a3 by Abhijith PA at 2024-01-22T21:48:30+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -304,6 +304,7 @@ varnish (Abhijith PA) NOTE: 20231204: Working on pre commits for CVE-2023-44487, https://github.com/varnishcache/varnish-cache/pull/4004 NOTE: 20231219: Continuing work NOTE: 20240108: Backported security fixes and related commits. Fixing test failures. (abhijith) + NOTE: 20240122: Still fixing tests (abhijith) -- wireshark (Adrian Bunk) NOTE: 20231118: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9985e4a394f1880f3ea8a43a70a44aad14d83a81 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9985e4a394f1880f3ea8a43a70a44aad14d83a81 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 01ff9158 by Abhijith PA at 2024-01-08T11:22:32+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -260,6 +260,7 @@ varnish (Abhijith PA) NOTE: 20231117: Added by Front-Desk (apo) NOTE: 20231204: Working on pre commits for CVE-2023-44487, https://github.com/varnishcache/varnish-cache/pull/4004 NOTE: 20231219: Continuing work + NOTE: 20240108: Backported security fixes and related commits. Fixing test failures. (abhijith) -- wireshark (Adrian Bunk) NOTE: 20231118: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01ff9158a6031cd686507404be25c72624915d8a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01ff9158a6031cd686507404be25c72624915d8a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ff7fadf by Thorsten Alteholz at 2023-12-18T00:13:53+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -35,7 +35,7 @@ asterisk bind9 (Thorsten Alteholz) NOTE: 20230921: Added by Front-Desk (apo) NOTE: 20231008: backporting patches - NOTE: 20231203: almost done with testing + NOTE: 20231217: almost done with testing -- bouncycastle (Markus Koschany) NOTE: 20231127: Added by Front-Desk (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ff7fadf48cc619fa2febb786ea877b7f2a90bc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ff7fadf48cc619fa2febb786ea877b7f2a90bc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 03aabd00 by Abhijith PA at 2023-12-04T13:46:58+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -228,6 +228,7 @@ tor -- varnish (Abhijith PA) NOTE: 20231117: Added by Front-Desk (apo) + NOTE: 20231204: Working on pre commits for CVE-2023-44487, https://github.com/varnishcache/varnish-cache/pull/4004 -- wireshark (Adrian Bunk) NOTE: 20231118: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03aabd00b595a715073f4406bd4c5f0b1a7bac9a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03aabd00b595a715073f4406bd4c5f0b1a7bac9a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 835b6930 by Thorsten Alteholz at 2023-12-03T23:56:54+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -30,7 +30,7 @@ ansible bind9 (Thorsten Alteholz) NOTE: 20230921: Added by Front-Desk (apo) NOTE: 20231008: backporting patches - NOTE: 20231119: almost done with testing + NOTE: 20231203: almost done with testing -- bouncycastle (Markus Koschany) NOTE: 20231127: Added by Front-Desk (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/835b69306324f93828087a2dc3e34e373aadc1ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/835b69306324f93828087a2dc3e34e373aadc1ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f3e1f05 by Thorsten Alteholz at 2023-11-19T12:30:17+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -27,7 +27,7 @@ amanda bind9 (Thorsten Alteholz) NOTE: 20230921: Added by Front-Desk (apo) NOTE: 20231008: backporting patches - NOTE: 20231105: still testing package + NOTE: 20231119: almost done with testing -- cacti NOTE: 20230906: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f3e1f05d46bbc698b4afd76fb80132253286e92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f3e1f05d46bbc698b4afd76fb80132253286e92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for DSA needed on zbar, caution is in order as approaches cause regressions
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: baa69d44 by Salvatore Bonaccorso at 2023-11-17T21:13:51+01:00 Update note for DSA needed on zbar, caution is in order as approaches cause regressions - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -99,5 +99,5 @@ wireshark/stable xen (jmm) -- zbar - unfixed upstream + unfixed upstream, initial aproaches are overly strict and cause zbar's tests to fail, some caution is in order -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baa69d44e778259c1dabce53b7ef52b80beec07f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baa69d44e778259c1dabce53b7ef52b80beec07f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 3084970d by Thorsten Alteholz at 2023-10-29T23:26:44+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -103,6 +103,7 @@ libreswan -- libspf2 (Thorsten Alteholz) NOTE: 20231016: Added by Front-Desk (ta) + NOTE: 20231029: upstream does not know yet, whether available patch is enough (ta) -- libstb NOTE: 20231029: Added by Front-Desk (gladk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3084970d457e06315b65ad7ef42146fd85861787 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3084970d457e06315b65ad7ef42146fd85861787 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for Django.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b7b1c03 by Chris Lamb at 2023-10-20T16:40:28+01:00 Update note for Django. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -170,6 +170,8 @@ phppgadmin (Chris Lamb) python-django (Chris Lamb) NOTE: 20231006: Added by Front-Desk (Beuc) NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists (Beuc/front-desk) + NOTE: 20231020: ^ CVE-2021-28658, CVE-2021-31542, CVE-2021-33203 & CVE-2021-33571. (lamby) + NOTE: 20231020: Also now vulnerable to CVE-2023-43665. (lamby) -- python-glance-store NOTE: 20230525: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b7b1c03177004e70d128a4ae0ff24889777ca4e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b7b1c03177004e70d128a4ae0ff24889777ca4e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b36b257 by Thorsten Alteholz at 2023-09-24T19:25:48+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,7 +23,7 @@ rather than remove/replace existing ones. -- amanda (Thorsten Alteholz) NOTE: 20230730: Added by Front-Desk (apo) - NOTE: 20230910: still testing package (ta) + NOTE: 20230924: still testing package (ta) -- audiofile NOTE: 20230918: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b36b257ba22f040cbbddcd289f00184834e43e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b36b257ba22f040cbbddcd289f00184834e43e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: a09a96cc by Thorsten Alteholz at 2023-09-17T19:39:24+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -52,6 +52,7 @@ dogecoin -- elfutils (Thorsten Alteholz) NOTE: 20230903: Added by Front-Desk (gladk) + NOTE: 20230917: testing package -- exempi NOTE: 20230907: Added by Front-Desk (lamby) @@ -61,6 +62,7 @@ exiv2 -- file (Thorsten Alteholz) NOTE: 20230901: Added by Front-Desk (gladk) + NOTE: 20230917: testing package -- firmware-nonfree NOTE: 20230820: Added by Front-Desk (ta) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a09a96cc32d49e72d0a2158b58788e8965b3e44a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a09a96cc32d49e72d0a2158b58788e8965b3e44a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: b32d1ea0 by Thorsten Alteholz at 2023-09-10T23:41:20+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,7 +23,7 @@ rather than remove/replace existing ones. -- amanda (Thorsten Alteholz) NOTE: 20230730: Added by Front-Desk (apo) - NOTE: 20230827: still testing package (ta) + NOTE: 20230910: still testing package (ta) -- c-ares (Utkarsh) NOTE: 20230826: Added by Front-Desk (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32d1ea00e48fc4b3eb3dfad182b49af2f4876bd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32d1ea00e48fc4b3eb3dfad182b49af2f4876bd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2020-18839
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b21e4a78 by Salvatore Bonaccorso at 2023-09-08T21:58:36+02:00 Update note for CVE-2020-18839 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -229159,7 +229159,7 @@ CVE-2020-18839 (Buffer Overflow vulnerability in HtmlOutputDev::page in poppler - poppler 0.85.0-2 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742 NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0) - NOTE: Duplicate issue of CVE-2020-27778? + NOTE: Duplicate issue of CVE-2020-27778 (assigning CNA contacted) CVE-2020-18838 RESERVED CVE-2020-18837 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b21e4a780bc6b69e9115c1f6e6ebd6a59d522702 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b21e4a780bc6b69e9115c1f6e6ebd6a59d522702 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for amd64-microcode related fixes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d394812 by Salvatore Bonaccorso at 2023-08-09T20:59:20+02:00 Update note for amd64-microcode related fixes - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54545,8 +54545,11 @@ CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow a - linux 6.4.4-3 NOTE: SRSO microcode for Milan (Zen3 EPYC): NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=b250b32ab1d044953af2dc5e790819a7703b7ee6 - NOTE: 3.20230719.1 ships the first batch of fixes, only for 3nd gen EPYC CPUs, - NOTE: further update for 4th gen EPYC CPUs to follow in later releases + NOTE: 3.20230719.1 ships the first batch of fixes, only for 3nd gen EPYC CPUs (Milan), + NOTE: further update for 4th gen EPYC CPUs to follow in later releases. + NOTE: Updated microcode for 4th gen EPYC CPUs Genoa (Family=0x19 Model=0x11) and + NOTE: Bergamo (Family=0x19 Model=0xa0) with: + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f2eb058afc57348cde66852272d6bf11da1eef8f NOTE: https://comsec.ethz.ch/research/microarch/inception/ NOTE: https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf NOTE: https://github.com/comsec-group/inception View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d39481247db7f5d33200ff32ca1f64203922543 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d39481247db7f5d33200ff32ca1f64203922543 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2023-28144/hotspot
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e9d788fe by Salvatore Bonaccorso at 2023-03-14T20:54:46+01:00 Update note for CVE-2023-28144/hotspot - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -560,6 +560,8 @@ CVE-2023-28144 - hotspot NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/8 NOTE: Introduced by: https://github.com/KDAB/hotspot/commit/3b4682565f0e53f903f3ad0f3f2c0f236d382efb (v1.3.0) + NOTE: Opt-In to allow privilege escalation (and disable by default): + NOTE: https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c CVE-2023-1356 RESERVED CVE-2023-1355 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.140 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d788fe0ef8d62d7ce35390e8a6dfce5bc30696 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d788fe0ef8d62d7ce35390e8a6dfce5bc30696 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note on man2html
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: c8e9681c by Anton Gladky at 2023-02-26T22:22:34+01:00 Update note on man2html - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -129,6 +129,8 @@ man2html (gladk) NOTE: 20221004: It looks like not patch is available. NOTE: 20221004: Please evalulate, whether the issue can be marked as . NOTE: 20230213: VCS: https://salsa.debian.org/debian/man2html.git + NOTE: 20230226: I would prefer to fix it instead of ignoring. (gladk) + NOTE: 20230226: It looks like upstream is dead. Patch needs to be written. (gladk) -- mariadb-10.3 NOTE: 20230225: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8e9681c8f1a007062e562b78fba2b998a3b98aa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8e9681c8f1a007062e562b78fba2b998a3b98aa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e5e3d80 by Abhijith PA at 2022-11-14T15:47:19+05:30 update note in dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -367,6 +367,8 @@ tiff trafficserver NOTE: 20220905: Programming language: C. NOTE: 20221024: WIP, big changeset in security fix (abhijith) + NOTE: 20221114: https://people.debian.org/~abhijith/upload/trf/ (abhijith) + NOTE: 20221114: Asked upstream regarding CVE-2022-31779 (abhijith) -- twisted NOTE: 20221030: Programming language: Python. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e5e3d80d11e1416186c10db10a5ce6bf1dc2a9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e5e3d80d11e1416186c10db10a5ce6bf1dc2a9f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for python-django.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 751d27a9 by Chris Lamb at 2022-10-18T12:47:03-07:00 Update note for python-django. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -140,6 +140,8 @@ python-django (Chris Lamb) NOTE: 20220911: Programming language: Python NOTE: 20220911: There are many minors issues that should be done in a point release. No further point releases for buster. NOTE: 20220911: Some issue was fixed in stretch so it should also be fixed for buster. + NOTE: 20221018: There are 4 CVEs on the debian/buster branch that are seemingly unreleased: CVE-2020-24583, CVE-2020-24584, CVE-2021-3281 and CVE-2021-23336. (lamby) + NOTE: 20221018: This leaves 8 CVEs that need fixing, either simply because the code is vulnerable or the issue has already been fixed in stretch: CVE-2022-34265, CVE-2022-28346, CVE-2022-23833, CVE-2022-22818, CVE-2021-33571, CVE-2021-33203, CVE-2021-31542 & CVE-2021-28658 (lamby) -- python-scciclient NOTE: 20221009: Programming language: Python. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/751d27a902ef0670c8ef642fabfb6d96ed26c353 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/751d27a902ef0670c8ef642fabfb6d96ed26c353 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update NOTE for CVE-2022-34169,libxalan2-java.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: ea253cda by Markus Koschany at 2022-10-13T21:45:15+02:00 Update NOTE for CVE-2022-34169,libxalan2-java. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22480,6 +22480,8 @@ CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer t - libxalan2-java (bug #1015860) NOTE: https://www.openwall.com/lists/oss-security/2022/07/19/5 NOTE: https://github.com/openjdk/jdk/commit/41ef2b249073450172e11163a4d05762364b1297 + NOTE: Bug is most likely only in bcel which libxalan2-java depends on. + NOTE: https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5 CVE-2022-34168 RESERVED CVE-2022-34151 (Use of hard-coded credentials vulnerability exists in Machine automati ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea253cdace6f867db81c5abf54ee02bad7c4491a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea253cdace6f867db81c5abf54ee02bad7c4491a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note. Claim trafficserver,squid
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: c41fd934 by Abhijith PA at 2022-10-03T11:54:28+05:30 update note. Claim trafficserver,squid - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -129,6 +129,7 @@ rails (Abhijith PA) NOTE: 20220909: upstream report https://github.com/rails/rails/issues/45590 (abhijith) NOTE: 20220915: 2:5.2.2.1+dfsg-1+deb10u5 uploaded without the regression causing patch (abhijith) NOTE: 20220915: Utkarsh prepared a patch and is on testing (abhijith) + NOTE: 20221003: https://github.com/rails/rails/issues/45590#issuecomment-1249123907 (abhijith) -- rainloop NOTE: 20220913: Programming language: PHP, JavaScript. @@ -164,15 +165,16 @@ samba snort NOTE: 20220905: Requires further triaging to conclude exactly which CVEs to be fixed or ignored. -- -sox (Abhijith PA) +sox NOTE: 20220818: Programming language: C. NOTE: 20220818: Requires some investigation; see #1012138 etc. + NOTE: 20221003: https://sourceforge.net/p/sox/bugs/362/ Re-pinged upstream committer (abhijith) -- -squid +squid (Abhijith PA) NOTE: 20220923: Programming language: C. NOTE: 20220923: CVE-2022-41317 should be not-affected, but CVE-2022-41318 should be an issue, pleae recheck -- -trafficserver +trafficserver (Abhijith PA) NOTE: 20220905: Programming language: C. -- tzdata (Emilio) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c41fd9342a34670671c0c80e8f1df1b30e462f90 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c41fd9342a34670671c0c80e8f1df1b30e462f90 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 8963bb09 by Abhijith PA at 2022-09-15T13:37:02+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -131,6 +131,8 @@ rails (Abhijith PA) NOTE: 20220909: Two issues https://lists.debian.org/debian-lts/2022/09/msg00014.html (abhijith) NOTE: 20220909: https://lists.debian.org/debian-lts/2022/09/msg4.html (abhijith) NOTE: 20220909: upstream report https://github.com/rails/rails/issues/45590 (abhijith) + NOTE: 20220915: 2:5.2.2.1+dfsg-1+deb10u5 uploaded without the regression causing patch (abhijith) + NOTE: 20220915: Utkarsh prepared a patch and is on testing (abhijith) -- rainloop NOTE: 20220913: Programming language: PHP, JavaScript. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8963bb09975d92b0e0b088f15e7206b7c89539da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8963bb09975d92b0e0b088f15e7206b7c89539da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 7834b9ee by Thorsten Alteholz at 2022-09-11T23:33:16+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -160,6 +160,7 @@ unzip upx-ucl (Thorsten Alteholz) NOTE: 20220820: Programming language: C. NOTE: 20220820: CVE-2020-27787 may be not-affected. (Chris Lamb) + NOTE: 20220911: testing package -- vim NOTE: 20220904: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7834b9ee2f4b0cdd8a55e50ecfeb4b14b0131faa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7834b9ee2f4b0cdd8a55e50ecfeb4b14b0131faa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note and take upx-ucl
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: cd30c18b by Thorsten Alteholz at 2022-08-29T00:04:15+02:00 update note and take upx-ucl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -59,6 +59,7 @@ mediawiki (Markus Koschany) -- net-snmp (Thorsten Alteholz) NOTE: 20220816: Programming language: C. + NOTE: 20220828: testing package -- netatalk NOTE: 20220816: Programming language: C. @@ -104,7 +105,7 @@ sox (Abhijith PA) NOTE: 20220818: Programming language: C. NOTE: 20220818: Requires some investigation; see #1012138 etc. -- -upx-ucl +upx-ucl (Thorsten Alteholz) NOTE: 20220820: Programming language: C. NOTE: 20220820: CVE-2020-27787 may be not-affected. (Chris Lamb) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd30c18b586b62b3e2cd6937fb68b5117842e75b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd30c18b586b62b3e2cd6937fb68b5117842e75b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: c5fb08ea by Abhijith PA at 2022-08-22T12:06:49+05:30 update note in dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -87,6 +87,7 @@ qemu (Abhijith PA) NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm) NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith) + NOTE: 20220822: Merged new build at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc (abhijith) -- rails NOTE: 20220817: Programming language: Ruby. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fb08ea58c6b01909479b53078a89df7253a21e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fb08ea58c6b01909479b53078a89df7253a21e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d2d71db by Thorsten Alteholz at 2022-06-19T23:59:21+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -153,7 +153,7 @@ libmatio (Abhijith PA) -- libvirt (Thorsten Alteholz) NOTE: 20220529: Programming language: C. - NOTE: 20220606: testing package + NOTE: 20220620: testing package -- linux (Ben Hutchings) NOTE: 20220529: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d2d71dbc632f680f2ee92645fe40e0468923cc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d2d71dbc632f680f2ee92645fe40e0468923cc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 89a72e70 by Thorsten Alteholz at 2022-05-22T23:41:43+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -83,7 +83,7 @@ liblouis NOTE: 20220503: Patch not applied upstream yet. -- libvirt (Thorsten Alteholz) - NOTE: 20220508: testing package + NOTE: 20220522: testing package -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89a72e70ebc0cdc19690fb22cbb56d80fe02a0be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89a72e70ebc0cdc19690fb22cbb56d80fe02a0be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: ce44f8b4 by Abhijith PA at 2022-05-18T16:20:59+05:30 update note in dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -85,8 +85,10 @@ gpac NOTE: 20220413: New CVEs continue flooding in (roberto) NOTE: 20220427: Preparing to work with security team to declare EOL (roberto) -- -icingaweb2 +icingaweb2 (Abhijith PA) NOTE: https://people.debian.org/~abhijith/upload/mruby/icingaweb2_2.4.1-1+deb9u2.dsc (abhijith) + NOTE: 20220522: Pinged upstream for missing patches. Will write an detail + NOTE: 20220522: email about situation (abhijith) -- intel-microcode (Stefano Rivera) NOTE: 20220213: please recheck View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce44f8b4884adc27f91a28bc7cfa3caf0bcc279c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce44f8b4884adc27f91a28bc7cfa3caf0bcc279c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for adminer.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e54d740 by Chris Lamb at 2022-05-10T09:18:21-07:00 Update note for adminer. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -18,6 +18,7 @@ adminer (Chris Lamb) NOTE: 20220414: https://sourceforge.net/p/adminer/discussion/960419/thread/1b64510b71/?limit=25#2971 (lamby) NOTE: 20220421: pinged upstream (lamby) NOTE: 20220429: pinged upstream (lamby) + NOTE: 20220510: pinged upstream (lamby) -- admesh (Anton Gladky) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e54d740032e77d40cebac72d237ff068854b60a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e54d740032e77d40cebac72d237ff068854b60a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: ed70e08a by Thorsten Alteholz at 2022-05-08T23:12:20+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -92,7 +92,7 @@ liblouis libpgjava (Markus Koschany) -- libvirt (Thorsten Alteholz) - NOTE: 20220423: wait for upload in newer releases, dependency loop seems to be resolved now + NOTE: 20220508: testing package -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed70e08a5d7db6f2764632caa7b9533501eedf8f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed70e08a5d7db6f2764632caa7b9533501eedf8f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note in data/dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 83711d9f by Abhijith PA at 2022-05-03T04:31:28+05:30 Update note in data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -70,6 +70,7 @@ gpac (Roberto C. Sánchez) NOTE: 20220427: Preparing to work with security team to declare EOL (roberto) -- icingaweb2 (Abhijith PA) + NOTE: https://people.debian.org/~abhijith/upload/mruby/icingaweb2_2.4.1-1+deb9u2.dsc (abhijith) -- intel-microcode NOTE: 20220213: please recheck View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83711d9f1edbc7410fa9234ab86c341c4a6ff3de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83711d9f1edbc7410fa9234ab86c341c4a6ff3de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 86dba41b by Abhijith PA at 2022-03-14T09:48:35+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -19,6 +19,7 @@ ansible NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- asterisk (Abhijith PA) + NOTE: 20220314: Looking on back log no-dsa (abhijith) -- cacti (Sylvain Beucler) -- @@ -61,12 +62,14 @@ pjproject (Abhijith PA) NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu) NOTE: 20220215: Asterisk and ring have embedded copy of pjproject (abhijith) NOTE: 20220302: uploading asterisk, ring and pjproject in one go (abhijith) + NOTE: 20220314: https://people.debian.org/~abhijith/upload/vda/pjproject_2.5.5~dfsg-6+deb9u3.dsc -- python-scrapy -- python-treq -- ring (Abhijith PA) + NOTE: 20220314: https://people.debian.org/~abhijith/upload/vda/ring_20161221.2.7bd7d91~dfsg1-1+deb9u2.dsc -- samba NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86dba41b94ee612f0c51dfb64af7065a0b5e3321 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86dba41b94ee612f0c51dfb64af7065a0b5e3321 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 86386d76 by Thorsten Alteholz at 2022-02-25T16:37:38+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -54,12 +54,13 @@ gpac (Roberto C. Sánchez) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) -- htmldoc (Thorsten Alteholz) + NOTE: 20220225: testing package -- intel-microcode NOTE: 20220213: please recheck -- libarchive (Thorsten Alteholz) - NOTE: 20220213: testing package + NOTE: 20220225: fix seems to be incomplete -- libgit2 (Utkarsh) NOTE: 20220208: got clearance. will upload this week. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86386d764c50fedb3ba1989744dd74d3a79d1ed2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86386d764c50fedb3ba1989744dd74d3a79d1ed2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2022-0563/util-linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b46f327d by Salvatore Bonaccorso at 2022-02-15T21:44:53+01:00 Update note for CVE-2022-0563/util-linux Unfortunately the situation is compliated. util-linux is compiled with readline support. But additionally it is configured with --disable-chfn-chsh. The chfn and chsh utilities are until now provided by src:shadow (and the passwd binary package). - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1213,7 +1213,8 @@ CVE-2022-0563 [partial disclosure of arbitrary files in chfn and chsh when compi NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151 NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoi...@ws.net.home/T/#u NOTE: https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 - NOTE: util-linux in Debian not built with readline support + NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided + NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...) - tiff 4.3.0-4 [bullseye] - tiff (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46f327d060e2ef661451e76273d97ad9c7b18be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46f327d060e2ef661451e76273d97ad9c7b18be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 50b5939d by Thorsten Alteholz at 2022-01-30T23:34:35+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -58,8 +58,8 @@ guacamole-client (Markus Koschany) NOTE: 20220114: package unmaintained AFAICS and only present in stretch (Beuc) -- libarchive (Thorsten Alteholz) - NOTE: 20220102: testing package NOTE: 20220116: waiting for upload in higher releases + NOTE: 20220130: new CVEs arrived -- libgit2 (Utkarsh) NOTE: 20220125: got clearance. will upload this week. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b5939d4ff47cea06ba1862964a3cb225a9a68d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b5939d4ff47cea06ba1862964a3cb225a9a68d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 57541cbd by Abhijith PA at 2022-01-17T22:26:31+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -80,6 +80,7 @@ libgit2 (Utkarsh) libraw (Abhijith PA) NOTE: 20211227: 7 CVEs that were fixed for jessie in DLA-1734-1 are unfixed NOTE: 20211227: in stretch, plenty other unfixed CVEs (bunk) + NOTE: 20220117: Fixed CVEs other than DLA-1734-1 (abhijith) -- lighttpd (Anton) NOTE: 20220111: a DSA is planned (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57541cbdd9d687cec67b97ce3d44f880bc850ced -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57541cbdd9d687cec67b97ce3d44f880bc850ced You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 199f9402 by Thorsten Alteholz at 2022-01-04T11:52:20+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -81,8 +81,8 @@ nvidia-graphics-drivers (Markus Koschany) NOTE: 20211108: now fixes all 5 CVEs (bunk) NOTE: 20211229: https://people.debian.org/~apo/lts/nvidia-graphics-drivers/ -- -pgbouncer - NOTE: 20211220: maintainer might want to upload fixed version +pgbouncer (Christoph Berg) + NOTE: 20220104: maintainer might want to upload fixed version -- php-nette (Utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/199f94023b070e623fb5e56086510908b00ff52c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/199f94023b070e623fb5e56086510908b00ff52c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 00649565 by Thorsten Alteholz at 2021-12-20T00:04:38+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -72,8 +72,8 @@ nvidia-graphics-drivers (Markus Koschany) NOTE: nvidia-graphics-drivers-legacy-390xx but will ask for more testing on the lts NOTE: mailing list tomorrow (apo) -- -pgbouncer (Thorsten Alteholz) - NOTE: 20211212: sync with maintainer +pgbouncer (Christoph Berg) + NOTE: 20211220: maintainer might want to upload fixed version -- ruby2.3 (Utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00649565985083bf6ce6523f0e1318a292f440c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00649565985083bf6ce6523f0e1318a292f440c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f6a07c3 by Thorsten Alteholz at 2021-12-12T23:42:04+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -69,7 +69,7 @@ nvidia-graphics-drivers (Markus Koschany) NOTE: mailing list tomorrow (apo) -- pgbouncer (Thorsten Alteholz) - NOTE: 20211128: also help with other releases + NOTE: 20211212: sync with maintainer -- rustc (Roberto C. Sánchez) NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f6a07c3377fabfa5f99c2aaceea0175023ac2ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f6a07c3377fabfa5f99c2aaceea0175023ac2ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 438c6b4a by Thorsten Alteholz at 2021-11-08T23:52:06+00:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,8 +29,8 @@ debian-archive-keyring NOTE: 20211018: Jonathan is prepping the branch; will work NOTE: 20211018: with him and upload and publish the DLA. (utkarsh) -- -exiv2 - NOTE: 20211024: WIP, not yet finished +exiv2 (Thorsten Alteholz) + NOTE: 20211109: testing package -- ffmpeg (Anton Gladky) NOTE: probably wait until stuff is fixed in Buster View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438c6b4a0c21bb4001ea3b517530bb13aef456e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438c6b4a0c21bb4001ea3b517530bb13aef456e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note information for CVE-2021-27022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e96a730 by Salvatore Bonaccorso at 2021-09-17T21:25:29+02:00 Update note information for CVE-2021-27022 Assigning and responsible CNA contacted to rectify the entry on CVE site level. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34223,7 +34223,7 @@ CVE-2021-27023 RESERVED CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...) - puppet (Only affects Peppet Enterprise) - NOTE: https://puppet.com/security/cve/CVE-2021-27022/ (there is a typo in CVE link) + NOTE: https://puppet.com/security/cve/CVE-2021-27022/ CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...) - puppetdb (bug #990419) NOTE: https://puppet.com/security/cve/cve-2021-27021/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e96a730f89cbb7adafc0da8e7f27f65b65603af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e96a730f89cbb7adafc0da8e7f27f65b65603af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 163ae125 by Abhijith PA at 2021-08-16T09:11:12+05:30 update note in dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -50,6 +50,7 @@ nvidia-graphics-drivers -- pjproject (Abhijith PA) NOTE: 20210804: Check notes on CVE (especially re. src:ring). (lamby) + NOTE: 20210821: Fix backported (abhijith) -- python-babel NOTE: 20210617: CVE-2021-20095 withdrawn, cf. 251b6e33 and #987824 (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/163ae125aa129df1868afe6c3a2be36fbae1fbb7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/163ae125aa129df1868afe6c3a2be36fbae1fbb7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f7e7ea4 by Thorsten Alteholz at 2021-08-15T23:27:51+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -28,7 +28,7 @@ firmware-nonfree (Anton Gladky) NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree -- gpac (Thorsten Alteholz) - NOTE: 20210801: WIP, almost done, testing package + NOTE: 20210815: WIP, almost done, still testing package -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f7e7ea4faaa056d31dd169ae9934600b89c51d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f7e7ea4faaa056d31dd169ae9934600b89c51d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 37e914d2 by Thorsten Alteholz at 2021-08-02T00:19:17+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,7 +49,7 @@ firmware-nonfree (Anton Gladky) NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree -- gpac (Thorsten Alteholz) - NOTE: 20210719: WIP + NOTE: 20210801: WIP, almost done, testing package -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e914d2a3332b22c063bb4fde4ef0dce809cebf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e914d2a3332b22c063bb4fde4ef0dce809cebf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: e99c9a9a by Abhijith PA at 2021-07-20T09:33:23+05:30 Update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -110,6 +110,8 @@ ruby-kaminari -- runc (Abhijith PA) NOTE: 20210612: Not sure if applies to this version. (lamby) + NOTE: 20210721: Requires more investigation. Even Ubuntu ESM, LTS uploaded fixed upstream version. + -- salt NOTE: 20210329: WIP (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99c9a9a03313971b3dc820d281eb77f794aef13 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99c9a9a03313971b3dc820d281eb77f794aef13 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 077f4a69 by Thorsten Alteholz at 2021-07-04T21:13:29+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -56,7 +56,7 @@ golang-1.7 NOTE: 20210624: Need further checks whether any issues are important to solve or not. -- gpac (Thorsten Alteholz) - NOTE: 20210620: WIP + NOTE: 20210704: WIP -- intel-microcode NOTE: 20210621: pinged maintainer, collaborating on the update. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/077f4a69a01d54bf164c8982ba7deb4f21e81309 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/077f4a69a01d54bf164c8982ba7deb4f21e81309 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note about CVE-2020-27776
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: bd44f3fa by Anton Gladky at 2021-06-02T21:38:43+02:00 Update note about CVE-2020-27776 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44391,7 +44391,7 @@ CVE-2020-2 (A flaw was found in the way RTAS handled memory accesses in user CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) - [stretch] - imagemagick (Minor issue, UBSAN outside range warning) + [stretch] - imagemagick (Fixed already together with CVE-2020-27764) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1736 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/0c92913ec5705300943703f1795f34c0cc25164e NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd44f3fa4db96192b10bce18287d40b08074b6fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd44f3fa4db96192b10bce18287d40b08074b6fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: bb7e22d3 by Thorsten Alteholz at 2021-05-24T08:49:19+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -45,7 +45,7 @@ eterm (Utkarsh) NOTE: 20210521: src/term.c:process_escape_seq(), probably just disable vulnerable escape sequence -- gpac (Thorsten Alteholz) - NOTE: 20210510: WIP + NOTE: 20210524: WIP -- imagemagick (Anton Gladky) NOTE: 20210415: Tracker records as vulnerable to CVE-2021-20312, but parts of View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb7e22d3c3fee0027aaeb71557d62b9ccb85874a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb7e22d3c3fee0027aaeb71557d62b9ccb85874a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: f6853280 by Thorsten Alteholz at 2021-05-17T00:11:05+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -45,7 +45,7 @@ firmware-nonfree NOTE: 20201207: wait for the update in buster and backport that (Emilio) -- golang-github-appc-cni (Thorsten Alteholz) - NOTE: 20210503: still WIP, trying to automize golang updates + NOTE: 20210517: still WIP, trying to automize golang updates -- golang-gogoprotobuf NOTE: 20210218: If you have any idea why this is called the "skippy peanut butter" issue, I would be mildly interested. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f68532803d86ae24dc7133e80e6d1426c410bb6f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f68532803d86ae24dc7133e80e6d1426c410bb6f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: ee5c2d7c by Thorsten Alteholz at 2021-05-03T08:19:17+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -51,9 +51,7 @@ firmware-nonfree NOTE: 20201207: wait for the update in buster and backport that (Emilio) -- golang-github-appc-cni (Thorsten Alteholz) - NOTE: 20210221: also taking care of reverse dependencies - NOTE: 20210221: also taking care of other suites - NOTE: 20210418: still WIP, trying to automize golang updates + NOTE: 20210503: still WIP, trying to automize golang updates -- golang-gogoprotobuf NOTE: 20210218: If you have any idea why this is called the "skippy peanut butter" issue, I would be mildly interested. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5c2d7c27262a1aacef981fe6f822a3e8493835 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5c2d7c27262a1aacef981fe6f822a3e8493835 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: d49db555 by Abhijith PA at 2021-05-03T11:44:04+05:30 update note in dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -68,6 +68,7 @@ gpac (Thorsten Alteholz) -- gsoap (Abhijith PA) NOTE: 20210420: upstream only responded with suggestion to upgrade (abhijith) + NOTE: 20210503: No reply from upstream dev yet (abhijith) -- imagemagick (Anton Gladky) NOTE: 20210415: Tracker records as vulnerable to CVE-2021-20312, but parts of @@ -83,6 +84,7 @@ linux-4.19 (Ben Hutchings) -- mediawiki (Abhijith PA) NOTE: 20210412: Check ./extensions/SyntaxHighlight_GeSHi/pygments/pygmentize (lamby) + NOTE: 20210503: Working on update. (abhijith) -- nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d49db55523f8c129301986f63d15677b17187b4e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d49db55523f8c129301986f63d15677b17187b4e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ebd7d0c by Thorsten Alteholz at 2021-04-19T00:24:50+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -51,7 +51,7 @@ firmware-nonfree golang-github-appc-cni (Thorsten Alteholz) NOTE: 20210221: also taking care of reverse dependencies NOTE: 20210221: also taking care of other suites - NOTE: 20210304: still WIP, trying to automize golang updates + NOTE: 20210418: still WIP, trying to automize golang updates -- golang-gogoprotobuf NOTE: 20210218: If you have any idea why this is called the "skippy peanut butter" issue, I would be mildly interested. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ebd7d0cc5595be15c2372cd0455e555e8ae9e39 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ebd7d0cc5595be15c2372cd0455e555e8ae9e39 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for netty in dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a750dc7 by Salvatore Bonaccorso at 2021-03-29T13:50:44+02:00 Update note for netty in dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -32,7 +32,7 @@ lxml (seb) Thorsten Altehotz proposed a debdiff -- netty - Markus Koschany possibly can prepare update + Markus Koschany prepared update ready for review -- openjpeg2 (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a750dc708a97fd829058bcc3cc7edda8e80f5a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a750dc708a97fd829058bcc3cc7edda8e80f5a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: cd9f2a2c by Abhijith PA at 2021-03-22T11:23:27+05:30 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -92,6 +92,7 @@ opendmarc php-pear -- pillow (Abhijith PA) + NOTE: 20200322: Working on no-DSA tagged CVEs (abhijith) -- python2.7 (Anton Gladky) NOTE: 20210316: Same issue as python3.5 immediately below; suggest handled by same maintainer. (lamby) @@ -144,6 +145,7 @@ shiro (Roberto C. Sánchez) NOTE: 20201220: Upstream has responded. Working with them to backport fixes. (roberto) -- smarty3 (Abhijith PA) + NOTE: 20200322: CVE-2018-13982 need more time to backport (abhijith) -- spotweb NOTE: 20201220: The affected code uses string concatenation to construct a SQL query. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd9f2a2c075bf9faabc5dfbbe1a878744994cf08 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd9f2a2c075bf9faabc5dfbbe1a878744994cf08 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: e6fa8ad0 by Abhijith PA at 2021-03-01T00:31:45+05:30 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -14,6 +14,7 @@ rather than remove/replace existing ones. -- activemq (Abhijith PA) + NOTE: 20210301: Build available https://people.debian.org/~abhijith/upload/vda/activemq_5.14.3-3+deb9u2.dsc -- adminer (Utkarsh) NOTE: probably Chris wants to take this package as maintainer/sponsor View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6fa8ad01dd713bdc101042f3cb561017b7c1ce3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6fa8ad01dd713bdc101042f3cb561017b7c1ce3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c559324 by Thorsten Alteholz at 2021-01-24T23:01:23+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -125,7 +125,7 @@ slirp (pu-Thorsten Alteholz) NOTE: CVE-2020-7039 to be applied patched first, as they both patch NOTE: the same lines of code in tcp_subr.c (bam). NOTE: update has to done in sid->buster->stretch - NOTE: 20200417: still waiting for pu, probably 30.01.2021 + NOTE: 20210124: pu will be done 06.02.2021 -- spotweb (Sylvain Beucler) NOTE: 20201220: The affected code (PHP!) uses string concatenation to construct a SQL query. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c559324667ffd7508c2468b3d323181084c41b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c559324667ffd7508c2468b3d323181084c41b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c09a1cc by Abhijith PA at 2020-11-20T11:10:23+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -71,6 +71,7 @@ intel-microcode (Utkarsh) NOTE: 20201117: each round of updates had caused regressions. Thanks Moritz! (utkarsh) -- jupyter-notebook + NOTE: 20201120: Defer upload for a week or so. Last DLA release was less than a month (abhijith) -- lemonldap-ng (Utkarsh) NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could defer. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c09a1ccd1bb79418697201522dde70cf3e2c993 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c09a1ccd1bb79418697201522dde70cf3e2c993 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f2324ff by Thorsten Alteholz at 2020-10-18T22:47:01+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -51,6 +51,7 @@ cimg (Thorsten Alteholz) NOTE: 20200709: method (vs "load_network") but is still missing the argument NOTE: 20200709: sanitisation. (lamby) NOTE: 20201005: checking whether reverse dependencies still build/work + NOTE: 20201018: recovering from a broken computer :-( -- condor NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto) @@ -135,6 +136,7 @@ pluxml -- python3.5 (Thorsten Alteholz) NOTE: 20201011: testing package + NOTE: 20201018: recovering from a broken computer :-( -- qtsvg-opensource-src (Adrian Bunk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f2324ff6a8338a914e3e3c79e5621de2aa3d44b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f2324ff6a8338a914e3e3c79e5621de2aa3d44b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2020-9385
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94332907 by Salvatore Bonaccorso at 2020-10-16T21:15:38+02:00 Update note for CVE-2020-9385 Try to make clear that the issue was fixed within the initial upload (and matching other similar versions which entered the archive never affected by an issue). - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41837,7 +41837,7 @@ CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5 [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...) - - zint 2.8.0-1 + - zint (Fixed with initial upload to archive) CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...) NOT-FOR-US: Subex CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94332907815226a5bbcc6050fc0acf7b1412c3f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94332907815226a5bbcc6050fc0acf7b1412c3f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: e0a1bf9d by Thorsten Alteholz at 2020-10-12T08:57:08+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -124,6 +124,7 @@ php-horde-trean phpmyadmin (Abhijith PA) -- python3.5 (Thorsten Alteholz) + NOTE: 20201011: testing package -- pluxml NOTE: 20201011: issue is still open upstream. Also low priority for us (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0a1bf9d75c0ee7cf71722ab23d5385286e16a40 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0a1bf9d75c0ee7cf71722ab23d5385286e16a40 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: fec4b81b by Thorsten Alteholz at 2020-10-05T11:11:16+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,10 +46,11 @@ ceph NOTE: 20200928: Packages prepared and available at http://apt.inguza.net/stretch-lts/ceph/ NOTE: 20200928: If someone know how to test the packages please take this build and upload (after testing it). -- -cimg +cimg (Thorsten Alteholz) NOTE: 20200709: Upstream patch is against a newer "load_network_external" NOTE: 20200709: method (vs "load_network") but is still missing the argument NOTE: 20200709: sanitisation. (lamby) + NOTE: 20201005: checking whether reverse dependencies still build/work -- condor NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec4b81be32384b1ed0e7670f06cb217f7b5309b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec4b81be32384b1ed0e7670f06cb217f7b5309b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update NOTE of CVE-2018-19211 and mark it as ignored in Stretch
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: b63449c1 by Thorsten Alteholz at 2020-09-25T17:25:51+02:00 update NOTE of CVE-2018-19211 and mark it as ignored in Stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -120964,10 +120964,11 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwe NOTE: Chromium and qtwebengine bundle the library, but not a security issue there CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...) - ncurses 6.1+20180210-3 (low) - [stretch] - ncurses (Minor issue) + [stretch] - ncurses (Minor issue) [jessie] - ncurses (Minor issue) [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754 + NOTE: according to this Redhat bug, this is a duplicate of CVE-2018-10754, which has been rejected CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...) {DSA-4670-1 DLA-1680-1} - tiff 4.0.10-4 (bug #913675) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63449c175b0744d9128deaf978587844fbaa439 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63449c175b0744d9128deaf978587844fbaa439 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2020-0435 (duplicate confirmed from Google)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8baa9b9 by Salvatore Bonaccorso at 2020-09-24T10:30:21+02:00 Update note for CVE-2020-0435 (duplicate confirmed from Google) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65477,7 +65477,7 @@ CVE-2020-0435 (In inline_data_addr of f2fs.h, there is a possible out of bounds NOTE: git.kernel.org/linus/18dd6470c2d14d10f5a2dd926925dc80dbd3abfd NOTE: https://android.googlesource.com/kernel/common/+/d7d9d29a837358636e12fe09c90a7882b53b2220 NOTE: https://source.android.com/security/bulletin/pixel/2020-09-01 - NOTE: Duplicate of CVE-2018-14615 + NOTE: Duplicate of CVE-2018-14615 (confirmed, wait for cleanup on bulletin and MITRE) CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory corrup ...) NOT-FOR-US: Catpipe CVE-2020-0433 (In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8baa9b9b9ce669762ecc8a6af712a672c24c817 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8baa9b9b9ce669762ecc8a6af712a672c24c817 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note of ark
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 92977402 by Abhijith PA at 2020-09-21T14:48:35+05:30 update note of ark - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -26,6 +26,7 @@ ark NOTE: 20200801: though testing with other PoC's available over internet seems exploitable (abhijith) NOTE: 20200820: pinged upstream for help (abhijith) NOTE: 20200907: patch https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes (abhijith) + NOTE: 20200921: CLI works but GUI not, It seems the fix is not compatible with the old architecture (abhijith) -- cacti NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9297740253fd15ececd667bd9d55c704ce5b88c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9297740253fd15ececd667bd9d55c704ce5b88c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 41d53197 by Thorsten Alteholz at 2020-09-20T19:03:11+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -54,7 +54,7 @@ condor NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto) -- curl (Thorsten Alteholz) - NOTE: 20200907: testing package (thorsten) + NOTE: 20202007: testing package, not yet satisfied with the results (thorsten) -- eclipse-wtp -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41d53197675842ed2afe175b1b3880cc7dd76dcc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41d53197675842ed2afe175b1b3880cc7dd76dcc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: be35f774 by Abhijith PA at 2020-09-07T10:27:46+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -25,6 +25,7 @@ ark (Abhijith PA) NOTE: 20200731: given PoC not working as intended. (abhijith) NOTE: 20200801: though testing with other PoC's available over internet seems exploitable (abhijith) NOTE: 20200820: pinged upstream for help (abhijith) + NOTE: 20200907: patch https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes (abhijith) -- cacti NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be35f774f7fd1d9599eb4dfa95cb7e4c9a79bc15 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be35f774f7fd1d9599eb4dfa95cb7e4c9a79bc15 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: b8b44b56 by Abhijith PA at 2020-07-31T20:40:52+05:30 Update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,6 +22,7 @@ ansible NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794 -- ark (Abhijith PA) + NOTE: 20200731: given PoC not working as intended. (abhijith) -- cacti NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8b44b56cdb0e8dff5b3fc9226350fd5dfb6c523 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8b44b56cdb0e8dff5b3fc9226350fd5dfb6c523 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for rails for buster-security
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9615d57c by Salvatore Bonaccorso at 2020-07-19T13:21:38+02:00 Update note for rails for buster-security - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -34,7 +34,7 @@ qemu (jmm) Maintainer proposing a debdiff fixing several CVEs for review -- rails - Sylvain Beucler proposed to help for the update, pending upstream feedback for CVE-2020-8163 + Sylvain Beucler proposed to help for the update, remaining CVEs to be done -- redis -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9615d57c1f911d3d69576cce85fbbf5b67ddc522 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9615d57c1f911d3d69576cce85fbbf5b67ddc522 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed for cacti
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 1fe18533 by Abhijith PA at 2020-06-29T00:28:25+05:30 update note in dla-needed for cacti - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -33,6 +33,7 @@ batik (Emilio) cacti (Abhijith PA) NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith) NOTE: 20200620: WIP (abhijith) + NOTE: 20200629: Working on the patch (abhijith) -- condor (Roberto C. Sánchez) NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe185335e37499ce8bb39178b8540699b9cf684 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe185335e37499ce8bb39178b8540699b9cf684 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for netqmail
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2624c27 by Salvatore Bonaccorso at 2020-05-21T16:02:50+02:00 Update note for netqmail - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -26,8 +26,8 @@ linux (carnil) mercurial/oldstable -- netqmail - Preliminary debdiff (for unstable, and rebuild for older suites): - https://bugs.debian.org/961060#14 + Unstable version uploaded to expose for testing, later release based on that + for stretch and buster. -- nss/oldstable (jmm) Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2624c2712c1eba13984d2b1884805dc98d10b77 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2624c2712c1eba13984d2b1884805dc98d10b77 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for condor in jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 4deb684f by Chris Lamb at 2020-05-21T09:54:30+01:00 Update note for condor in jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -40,6 +40,7 @@ bluez (Roberto C. Sánchez) -- condor NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto) + NOTE: 20200521: Still embargoed (eg. https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html). (lamby) -- cups (Anton Gladky) NOTE: 20200514: Two open issues. Added on request from Anton Gladky. (sunweaver) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4deb684f4e96b534d8291620dc60085eae629922 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4deb684f4e96b534d8291620dc60085eae629922 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bf9723e by Thorsten Alteholz at 2020-05-11T08:39:40+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -76,9 +76,11 @@ nginx -- opendmarc (Thorsten Alteholz) NOTE: 20200420: still testing package, original patch does not seem to be enough, still ongoing + NOTE: 20200511: new CVEs arrived -- php5 (Thorsten Alteholz) NOTE: 20200427: embedded software "file" needs fix for CVE-2019-18218 + NOTE: 20200511: still trying to determine how this CVE affects php -- qemu (Adrian Bunk) NOTE: 20200511: work is ongoing View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf9723e53cc2b53fa98cb90602a92effcf3d20e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf9723e53cc2b53fa98cb90602a92effcf3d20e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for bluez in jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f2c6a6a by Chris Lamb at 2020-04-20T11:28:10+01:00 Update note for bluez in jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -15,7 +15,10 @@ ansible (Sylvain Beucler) NOTE: 20200416: 8 of 9 CVEs have upstream patches now (sunweaver) -- bluez - NOTE: 20200330: wip + NOTE: 20200330: wip (Emilio) + NOTE: 20200420: Many upstream refactorings make this hard to see where the + NOTE: 20200420: check for bonded connections should go. (eg. 7d9718cfc, + NOTE: 20200420: 718bad60d, etc.) (lamby) -- dom4j (Utkarsh Gupta) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f2c6a6a3177f0553b6f26e5b88abd253d6086d7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f2c6a6a3177f0553b6f26e5b88abd253d6086d7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: fd2a4c24 by Thorsten Alteholz at 2020-04-20T11:02:31+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -50,8 +50,8 @@ mumble (Abhijith PA) -- nginx (Mike Gabriel) -- -opendmarc - NOTE: 20200406: still testing package, original patch does not seem to be enough, still ongoing +opendmarc (Thorsten Alteholz) + NOTE: 20200420: still testing package, original patch does not seem to be enough, still ongoing -- openjdk-7 (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2a4c248203642aa78c3f33aea6cb68e27aa91a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2a4c248203642aa78c3f33aea6cb68e27aa91a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: a73970c8 by Abhijith PA at 2020-04-20T10:19:32+05:30 update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,6 +46,7 @@ linux-4.9 (Ben Hutchings) mumble (Abhijith PA) NOTE: 20200325: Regression in last upload, forgot to follow up. NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith) + NOTE: 20200420: Upstream patch is incomplete. Version in stretch is also vulnerable (abhijith) -- nginx (Mike Gabriel) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73970c8c4782a24e69f345838ac78d5eca4c8fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73970c8c4782a24e69f345838ac78d5eca4c8fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for shiro in jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: af2b443c by Chris Lamb at 2020-04-15T11:20:20+01:00 Update note for shiro in jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -74,6 +74,7 @@ shiro (Chris Lamb) NOTE: 20200402: Prepared a package but difficult running tests. Have asked NOTE: 20200402: the Debian maintainer at https://bugs.debian.org/955018#12 NOTE: 20200411: Pinged maintainer and LTS list. (lamby) + NOTE: 20200415: Further work with another ping to bug. (lamby) -- squid3 (Markus Koschany) NOTE: 20200330: There is still an issue with CVE-2019-12523 but the rest View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af2b443c3a4525e334dd0f27053b057e2f6ba182 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af2b443c3a4525e334dd0f27053b057e2f6ba182 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f792cf8 by Thorsten Alteholz at 2020-04-13T11:05:55+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -93,7 +93,8 @@ varnish NOTE: 20200410: reset of err_code and err_reason still might need doing, but NOTE: 20200410: I don't quite understand the restart/synthentic requests. (lamby) -- -wireshark +wireshark (Thorsten Alteholz) + NOTE: 20200413: work in progress -- xcftools NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f792cf8f027d9b7c19ddf65632568b06899a8ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f792cf8f027d9b7c19ddf65632568b06899a8ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: fe02ef70 by Thorsten Alteholz at 2020-04-13T10:57:01+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -60,6 +60,7 @@ otrs2 (Abhijith PA) NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith) -- php5 (Thorsten Alteholz) + NOTE: 20200413: work in progress -- php-horde-data (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe02ef70ca2faf9055e09bcec71e8cf0c1e50366 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe02ef70ca2faf9055e09bcec71e8cf0c1e50366 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: da91d339 by Abhijith PA at 2020-04-12T10:32:51+05:30 Update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -57,6 +57,7 @@ opendmarc (Thorsten Alteholz) NOTE: 20200406: still testing package, original patch does not seem to be enough, still ongoing -- otrs2 (Abhijith PA) + NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith) -- php5 (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da91d339f2e8c2efac3bdb897c40cfa1380d76d7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da91d339f2e8c2efac3bdb897c40cfa1380d76d7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 73876c66 by Thorsten Alteholz at 2020-04-06T08:14:38+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,7 +47,7 @@ mumble (Abhijith PA) NOTE:20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith) -- opendmarc (Thorsten Alteholz) - NOTE: 20200322: still testing package, original patch does not seem to be enough, still ongoing + NOTE: 20200406: still testing package, original patch does not seem to be enough, still ongoing -- otrs2 (Abhijith PA) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73876c669712e98f4afeeb0d9272eb69f27c168d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73876c669712e98f4afeeb0d9272eb69f27c168d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for netkit-telnet and netkit-telnet-ssl for jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ef0b46c by Chris Lamb at 2020-03-29T10:50:09+01:00 Update note for netkit-telnet and netkit-telnet-ssl for jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -55,11 +55,13 @@ netkit-telnet NOTE: 20200310: No patch available, yet. Only PoC. (sunweaver) NOTE: 20200320: Upstream's dead, keep an eye on other distros and krb5-appl (embed). (beuc) NOTE: 20200327: Pinged issue on the ~new upstream. (lamby) + NOTE: 20200329: Turns out this is not actually the new upstream (which is MIA). (lamby) -- netkit-telnet-ssl NOTE: 20200310: No patch available, yet. Only PoC. (sunweaver) NOTE: 20200320: Upstream's dead, keep an eye on other distros and krb5-appl (embed). (beuc) NOTE: 20200327: Pinged issue on the ~new upstream. (lamby) + NOTE: 20200329: Turns out this is not actually the new upstream (which is MIA). (lamby) -- nss (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ef0b46c0b815c320b875052b54565f296982be4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ef0b46c0b815c320b875052b54565f296982be4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for amd64-microcode
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 92f56be3 by Anton Gladky at 2020-03-18T18:02:47+01:00 Update note for amd64-microcode - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -17,6 +17,7 @@ amd64-microcode (Anton Gladky) NOTE: 20200307: maintainer contacted regarding Jessie-update NOTE: 20200311: ask for review/test NOTE: 20200312: updated package is in testing phase + NOTE: 20200318: Stretch should be updated first to escape higher versions in Jessie, #954023. -- ansible NOTE: 20200219: no upstream fixes yet View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92f56be376df557cdb9acccfe64c1c9eaa4221e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92f56be376df557cdb9acccfe64c1c9eaa4221e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2020-0040
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad54e2b5 by Salvatore Bonaccorso at 2020-03-06T22:10:11+01:00 Update note for CVE-2020-0040 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27399,7 +27399,7 @@ CVE-2020-0041 NOTE: https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2 CVE-2020-0040 RESERVED - NOTE: Duplicate of CVE-2019-15239, should be rejected + NOTE: Duplicate of CVE-2019-15239, will be rejected CVE-2020-0039 RESERVED NOT-FOR-US: Android View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad54e2b5e33c820b8baa9d94e4d0da5b54d5b7a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad54e2b5e33c820b8baa9d94e4d0da5b54d5b7a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2635822e by Thorsten Alteholz at 2020-03-02T18:58:58+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,8 +46,8 @@ lxc (Roberto C. Sánchez) -- nova (Thorsten Alteholz) -- -opendmarc - NOTE: 20200216: still testing package, original patch does not seem to be enough, still ongoing +opendmarc (Thorsten Alteholz) + NOTE: 20200302: still testing package, original patch does not seem to be enough, still ongoing -- php5 (Utkarsh Gupta) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2635822ec023bfa9ea46b406226c180afcaec3a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2635822ec023bfa9ea46b406226c180afcaec3a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for yara in jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 89f7fa85 by Chris Lamb at 2020-02-20T10:14:33-08:00 Update note for yara in jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -130,6 +130,7 @@ yara NOTE: 20200119: still no upstream fix (daissi) NOTE: 20200208: still no fix (lamby) NOTE: 20200214: still no fix (lamby) + NOTE: 20200220: still no fix; pinged upstream (lamby) -- zsh (Roberto C. Sánchez) NOTE: 20200218: Package is ready for upload; sent request for additional testing to mailing list. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89f7fa858cc489f58767e2dfb018a8c9ab8cf121 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89f7fa858cc489f58767e2dfb018a8c9ab8cf121 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 67506d25 by Thorsten Alteholz at 2020-02-16T22:58:01+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -58,7 +58,7 @@ netty-3.9 (Sylvain Beucler) nodejs -- opendmarc (Thorsten Alteholz) - NOTE: 20200119: still testing package, original patch does not seem to be enough, still ongoing + NOTE: 20200216: still testing package, original patch does not seem to be enough, still ongoing -- openjdk-7 (Emilio) NOTE: 20200203: waiting for icedtea release View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67506d258dc6a030e489d6aa7e18822af2b6ed4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67506d258dc6a030e489d6aa7e18822af2b6ed4b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 7daee453 by Thorsten Alteholz at 2020-01-12T22:22:19+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -109,7 +109,7 @@ slurm-llnl -- sqlite3 (Thorsten Alteholz) NOTE: 20191212: look at no-dsa as well - NOTE: 20191230: WIP + NOTE: 20200112: WIP -- squid3 (Roberto C. Sánchez) NOTE: 20191210: Requires new API SBuf. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7daee45309d6d37141ed00cabfc3f4ec2677f61f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7daee45309d6d37141ed00cabfc3f4ec2677f61f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: f2a3debf by Thorsten Alteholz at 2019-12-30T10:36:01Z update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -113,6 +113,7 @@ slurm-llnl -- sqlite3 (Thorsten Alteholz) NOTE: 20191212: look at no-dsa as well + NOTE: 20191230: WIP -- squid3 NOTE: 20191210: Requires new API SBuf. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2a3debf1bcaf6ec3fd46b7ddf29db2ecf931dbd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2a3debf1bcaf6ec3fd46b7ddf29db2ecf931dbd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a3ab39f by Thorsten Alteholz at 2019-12-22T22:35:06Z update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -77,7 +77,7 @@ nethack (Abhijith PA) NOTE: 20191220: E.g. fixes in proc_wizkit_line() need to go into read_wizkit(), etc. (sunweaver) -- opendmarc (Thorsten Alteholz) - NOTE: 20191208: still testing package, original patch does not seem to be enough, still ongoing + NOTE: 20191222: still testing package, original patch does not seem to be enough, still ongoing -- otrs2 (Abhijith PA) NOTE: otrs2 is in jessie/main so it should be taken care off View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a3ab39f7ca1c3a4333b117c151b366cd7b854c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a3ab39f7ca1c3a4333b117c151b366cd7b854c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for intel-microcode needed DLA
Ben Hutchings pushed to branch master at Debian Security Tracker / security-tracker Commits: 3da1745f by Ben Hutchings at 2019-12-18T14:13:05Z Update note for intel-microcode needed DLA - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -28,7 +28,7 @@ ibus (Emilio) NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176 -- intel-microcode - NOTE: 20191113: Waiting for DSA-4565-2 first + NOTE: 20191118: Should be based on DSA-4565-2 -- jhead (Adrian Bunk) NOTE: 20191216: work is ongoing View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3da1745f2a1617ca98d4ee49d9bddf40a7f71632 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3da1745f2a1617ca98d4ee49d9bddf40a7f71632 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 822748a4 by Thorsten Alteholz at 2019-12-08T22:02:33Z update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -68,7 +68,7 @@ linux (Ben Hutchings) linux-4.9 (Ben Hutchings) -- opendmarc (Thorsten Alteholz) - NOTE: 20191124: still testing package, original patch does not seem to be enough + NOTE: 20191208: still testing package, original patch does not seem to be enough, still ongoing -- opensc (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/822748a406eeed36c88ce85ae96a6502f4d8c5d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/822748a406eeed36c88ce85ae96a6502f4d8c5d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note otrs2
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 71896759 by Abhijith PA at 2019-12-08T16:25:12Z update note otrs2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -74,6 +74,7 @@ opensc (Roberto C. Sánchez) -- otrs2 (Abhijith PA) NOTE: otrs2 is in jessie/main so it should be taken care off + NOTE: 2019108: CVE-2019-18180 seems not affected (abhijith) -- php-horde (Roberto C. Sánchez) NOTE: 20191126: Corresponding with security team regarding CVE assignments. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71896759f1b749271e784d3bfa91dd0a59588519 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71896759f1b749271e784d3bfa91dd0a59588519 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note for slurm in dla-needed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 37d676a3 by Abhijith PA at 2019-10-21T20:02:24Z update note for slurm in dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -117,6 +117,8 @@ ruby-haml (Utkarsh Gupta) -- slurm-llnl NOTE: 20190814: Contacted security of slurm-llnl for relevant commits (abhijith) + NOTE: 20191022: Big chunk to backport afa7d743f407c60a7c8a4bd98a10be32c82988b5 and + NOTE: 20191022: 750cc23edcc6fddfff21d33bdaf4fb7deb28cfda would be a start.(abhijith) -- spip (Thorsten Alteholz) NOTE: 20191013: testing package View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37d676a34440b8b173b5cf86f80f53f1302403af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37d676a34440b8b173b5cf86f80f53f1302403af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2019-17266 - upstream issue appears to be private/embargoed.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 5781ea47 by Chris Lamb at 2019-10-09T16:15:10Z Update note for CVE-2019-17266 - upstream issue appears to be private/embargoed. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -186,7 +186,7 @@ CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML jackson-d NOTE: https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2b77edd895ee756b7f75eb CVE-2019-17266 (libsoup through 2.68.1 has a heap-based buffer over-read because soup_ ...) - libsoup2.4 (bug #941912) - NOTE: https://gitlab.gnome.org/GNOME/libsoup/issues/173 + NOTE: https://gitlab.gnome.org/GNOME/libsoup/issues/173 (embargoed?) CVE-2019-17265 RESERVED CVE-2019-17264 (In libyal liblnk before 20191006, liblnk_location_information_read_dat ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5781ea472d3aba020168aea2521679fe4767b8c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5781ea472d3aba020168aea2521679fe4767b8c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for xtrlock.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: c0d0edb1 by Chris Lamb at 2019-09-22T15:05:35Z Update note for xtrlock. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -144,6 +144,7 @@ xtrlock (Chris Lamb) NOTE: 20190822: WIP on #830726 (lamby) NOTE: 20190904: Need to get advice/pointer from libinput2 maintainers for a full patch. (lamby) NOTE: 20190910: Further roundtrips on #830726. (lamby) + NOTE: 20190922: Pinged X.org upstream (see #830726). (lamby) -- yard NOTE: 20190830: second reviewer / triager needed. The security announcement states that the fix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0d0edb1d11eee4f8241c20e098e48d294d4a412 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0d0edb1d11eee4f8241c20e098e48d294d4a412 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 134ad1ab by Thorsten Alteholz at 2019-09-16T06:14:09Z update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,6 +20,7 @@ ansible (Roberto C. Sánchez) -- cimg (Thorsten Alteholz) NOTE: inline function load_network_external is affected, variable filename + NOTE: 20190916: also taking care of no-dsa -- clamav (Jonas Meurer) NOTE: wait for definitive patch to be available, then upgrade to latest upstream View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/134ad1ab35df2b99164c589b1463291ace75bc96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/134ad1ab35df2b99164c589b1463291ace75bc96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits