[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Two CVEs newly rejected

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e086ed1 by Salvatore Bonaccorso at 2018-01-26T08:00:14+01:00 Two CVEs newly rejected DWF project has further retired CVE-2017-1000468 and CVE-2017-1000464 since further analysis did show there

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Starting from 0.69+repack-1 libyaml-libyaml-perl uses system libyaml

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 835c0445 by Salvatore Bonaccorso at 2018-01-26T08:34:44+01:00 Starting from 0.69+repack-1 libyaml-libyaml-perl uses system libyaml - - - - - 1 changed file: - data/embedded-code-copies

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-5750/linux

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e779a79a by Salvatore Bonaccorso at 2018-01-26T08:44:47+01:00 Add CVE-2018-5750/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process one NFU

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62449d22 by Salvatore Bonaccorso at 2018-01-26T07:59:28+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] jackson-databind issues fixed in unstable with 2.9.4 new upstream version

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d57e3cd9 by Salvatore Bonaccorso at 2018-01-26T07:20:29+01:00 jackson-databind issues fixed in unstable with 2.9.4 new upstream version - - - - - 1 changed file: - data/CVE/list Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add thunderbird to dsa-needed list

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b4875ff1 by Salvatore Bonaccorso at 2018-01-26T08:55:52+01:00 Add thunderbird to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] lts: add an claim thunderbird

Guido Günther pushed to branch master at Debian Security Tracker / security-tracker Commits: 0dfe3a67 by Guido Günther at 2018-01-26T08:47:39+01:00 lts: add an claim thunderbird - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add thunderbird CVEs from mfsa2018-04

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f7ac3e6 by Salvatore Bonaccorso at 2018-01-26T08:54:43+01:00 Add thunderbird CVEs from mfsa2018-04 - - - - - 1 changed file: - data/CVE/list Changes: =

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: add dovecot and prevent upload

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: b6fc3782 by Thorsten Alteholz at 2018-01-26T08:49:00+01:00 add dovecot and prevent upload - - - - - af1f950e by Thorsten Alteholz at 2018-01-26T08:49:29+01:00 Merge branch master of

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] follow security team with no-dsa for dnsmasq

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 72fc365f by Thorsten Alteholz at 2018-01-26T08:54:48+01:00 follow security team with no-dsa for dnsmasq - - - - - 1 changed file: - data/CVE/list Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add note for dovecot, holding back yet

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a11c5719 by Salvatore Bonaccorso at 2018-01-26T08:49:44+01:00 Add note for dovecot, holding back yet - - - - - 1 changed file: - data/dsa-needed.txt Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-15703, mark as NFU

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 58923432 by Salvatore Bonaccorso at 2018-01-25T21:15:04+01:00 Add CVE-2017-15703, mark as NFU - - - - - 1 changed file: - data/CVE/list Changes: =

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Track jessie-pu proposal for nvidia-graphics-drivers, #887559

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 22f19d25 by Salvatore Bonaccorso at 2018-01-25T21:19:23+01:00 Track jessie-pu proposal for nvidia-graphics-drivers, #887559 - - - - - 1 changed file: - data/next-oldstable-point-update.txt

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-15134: #888452

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e957a4ee by Salvatore Bonaccorso at 2018-01-25T21:49:36+01:00 Add bug reference for CVE-2017-15134: #888452 - - - - - 1 changed file: - data/CVE/list Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2017-17858/mupdf

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e3c1256f by Salvatore Bonaccorso at 2018-01-25T21:54:21+01:00 Add reference for CVE-2017-17858/mupdf - - - - - 1 changed file: - data/CVE/list Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update CVE-2018-1000016 information

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 021fae20 by Salvatore Bonaccorso at 2018-01-25T22:01:05+01:00 Update CVE-2018-116 information Turns out that this was a duplicte assigned for the already assigned CVE-2017-17383. - - - - -

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bcd2e22 by security tracker role at 2018-01-25T21:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: follow security team with no-dsa for irssi

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 64b06266 by Thorsten Alteholz at 2018-01-25T22:19:19+01:00 follow security team with no-dsa for irssi - - - - - 305de372 by Thorsten Alteholz at 2018-01-25T22:20:00+01:00 follow security team with

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update information for CVE-2017-17858/mupdf

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a4a65c3 by Salvatore Bonaccorso at 2018-01-26T00:03:29+01:00 Update information for CVE-2017-17858/mupdf To reviewers: double check this update since the

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-6187: #888464

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2079a449 by Salvatore Bonaccorso at 2018-01-26T00:22:32+01:00 Add bug reference for CVE-2018-6187: #888464 - - - - - 1 changed file: - data/CVE/list Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] irssi no-dsa

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d9ac92b by Moritz Muehlenhoff at 2018-01-25T16:22:26+01:00 irssi no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] p7zip-rar no-dsa

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b7afbd3 by Moritz Muehlenhoff at 2018-01-25T16:32:42+01:00 p7zip-rar no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] poppler DSA

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ffe1c712 by Moritz Muehlenhoff at 2018-01-25T13:19:45+01:00 poppler DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new dovecot issue (CVE-2017-15132)

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e3e58713 by Salvatore Bonaccorso at 2018-01-25T13:24:37+01:00 Add new dovecot issue (CVE-2017-15132) - - - - - 1 changed file: - data/CVE/list Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update dla-needed entry for lame

showed interest in porting lame to libsndfile, but probably didn't have time until now. Just pinged him. + NOTE: 20180125: Fabian showed interest in porting lame to libsndfile and submitted a patch draft for Jessie. + NOTE: I'll test it, submit the update for Jessie and backport the result to Wheezy

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d8c5dfb1 by security tracker role at 2018-01-25T09:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: follow security with no-dsa for isc-dhcp

@@ -20,8 +20,6 @@ icu -- irssi (Emilio Pozuelo) -- -isc-dhcp (Thorsten Alteholz) --- lame (Hugo Lefeuvre) NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46} NOTE: 20180125: Fabian showed interest in porting lame to libsndfile and submitted

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dc06687 by Salvatore Bonaccorso at 2018-01-25T10:20:43+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6192/mupdf

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 485ffa35 by Salvatore Bonaccorso at 2018-01-25T10:21:09+01:00 Add CVE-2018-6192/mupdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process three jenkins issues (removed)

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e350817 by Salvatore Bonaccorso at 2018-01-25T10:21:32+01:00 Process three jenkins issues (removed) - - - - - 1 changed file: - data/CVE/list Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Drop Guido from frontdesk when he's not available

Raphaël Hertzog pushed to branch master at Debian Security Tracker / security-tracker Commits: c5e428fb by Raphaël Hertzog at 2018-01-25T11:09:10+01:00 Drop Guido from frontdesk when hes not available - - - - - 1 changed file: - org/lts-frontdesk.2018.txt Changes:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] fix syntax

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fbfc9696 by Moritz Muehlenhoff at 2018-01-25T15:14:20+01:00 fix syntax - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add jackson-databind to dsa-needed

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 06ea959f by Moritz Muehlenhoff at 2018-01-25T15:16:28+01:00 add jackson-databind to dsa-needed - - - - - 1 changed file: - data/dsa-needed.txt Changes: =

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add dovecot to dsa-needed

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5934fc1d by Moritz Muehlenhoff at 2018-01-25T15:16:57+01:00 add dovecot to dsa-needed - - - - - 1 changed file: - data/dsa-needed.txt Changes: =

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new chromium issues

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d0d2cde3 by Moritz Muehlenhoff at 2018-01-25T14:48:07+01:00 new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] follow security team with CVEs for w3m

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d870b82 by Thorsten Alteholz at 2018-01-25T14:02:18+01:00 follow security team with CVEs for w3m - - - - - 1 changed file: - data/CVE/list Changes: =

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] w3m fixed

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bebbe94 by Moritz Muehlenhoff at 2018-01-25T14:54:01+01:00 w3m fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add mupdf to dla-needed and claim it.

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f2ad4a1 by Hugo Lefeuvre at 2018-01-25T15:34:08+01:00 Add mupdf to dla-needed and claim it. - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-15132/dovecot: #888432

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9bde9ae by Salvatore Bonaccorso at 2018-01-25T15:45:51+01:00 Add bug reference for CVE-2017-15132/dovecot: #888432 At same time remove oss-security reference, not adding much and already given

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] reclaim agx lts frontdesk weeks

Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker Commits: c4a42421 by Antoine Beaupré at 2018-01-25T09:46:30-05:00 reclaim agx lts frontdesk weeks - - - - - 1 changed file: - org/lts-frontdesk.2018.txt Changes: =

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: add knot-resolver to dsa-needed

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6589de50 by Moritz Muehlenhoff at 2018-01-25T16:08:16+01:00 add knot-resolver to dsa-needed - - - - - 9a39627a by Moritz Muehlenhoff at 2018-01-25T16:09:43+01:00 Merge branch master of

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add mercurial to dsa-needed

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e65fa623 by Moritz Muehlenhoff at 2018-01-25T16:11:34+01:00 add mercurial to dsa-needed - - - - - 1 changed file: - data/dsa-needed.txt Changes: =

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] dnsmasq no-dsa

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7492440e by Moritz Muehlenhoff at 2018-01-25T16:10:58+01:00 dnsmasq no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list