[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 413d45a5 by Salvatore Bonaccorso at 2021-09-10T22:27:51+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11218,7 +11218,7 @@ CVE-2021-35978 CVE-2021-35977 RESERVED CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...) - TODO: check + NOT-FOR-US: Plesk Obsidian CVE-2021-35975 RESERVED CVE-2021-35974 @@ -18078,7 +18078,7 @@ CVE-2021-33013 CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...) NOT-FOR-US: Rockwell CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...) - TODO: check + NOT-FOR-US: JTEKT Corporation CVE-2021-33010 RESERVED CVE-2021-33009 @@ -40075,7 +40075,7 @@ CVE-2021-21261 (Flatpak is a system for building, distributing, and running sand CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allow ...) NOT-FOR-US: Dolby Audio X2 (DAX2) API service CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an Android ...) - TODO: check + NOT-FOR-US: Ionic Identity Vault CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...) - salt 3002.5+dfsg1-1 (bug #983632) NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413d45a5e01fd9757c9886b8061f7b384b41eb4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413d45a5e01fd9757c9886b8061f7b384b41eb4b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fdfb603 by Salvatore Bonaccorso at 2021-09-10T22:24:51+02:00 Process NFUs - - - - - 0946576d by Salvatore Bonaccorso at 2021-09-10T22:24:52+02:00 Add CVE-2021-40839/python-rencode - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...) - TODO: check + NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server CVE-2021-40863 RESERVED CVE-2021-40862 @@ -49,7 +49,9 @@ CVE-2021-40841 CVE-2021-40840 RESERVED CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...) - TODO: check + - python-rencode 1.0.6-2 + NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75 + NOTE: https://github.com/aresch/rencode/pull/29 CVE-2021-40838 RESERVED CVE-2021-40837 @@ -1099,7 +1101,7 @@ CVE-2021-40375 CVE-2021-40374 RESERVED CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...) - TODO: check + NOT-FOR-US: playSMS CVE-2021-40372 RESERVED CVE-2021-40371 @@ -5646,33 +5648,33 @@ CVE-2021-38362 CVE-2021-38361 RESERVED CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38356 RESERVED CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is vulnerable to Ref ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38352 (The Feedify Web Push Notifications WordPress plugin is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38346 RESERVED CVE-2021-38345 @@ -5684,37 +5686,37 @@ CVE-2021-38343 (The Nested Pages WordPress plugin = 3.1.15 was vulnerable to CVE-2021-38342 (The Nested Pages WordPress plugin = 3.1.15 was vulnerable to Cross ...) NOT-FOR-US: WordPress plugin CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflect ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to Reflected Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflect ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38334 (The WP Design Maps Places WordPress plugin is vulnerable to Refl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Sit ...) -
[Git][security-tracker-team/security-tracker][master] add missing CVE ID
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bc2d3762 by Moritz Mühlenhoff at 2021-09-10T22:18:25+02:00
add missing CVE ID
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,4 +1,5 @@
[10 Sep 2021] DSA-4973-1 thunderbird - security update
+ {CVE-2021-38493}
[buster] - thunderbird 1:78.14.0-1~deb10u1
[bullseye] - thunderbird 1:78.14.0-1~deb11u1
[10 Sep 2021] DSA-4972-1 ghostscript - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc2d376263fa3716ec6a367001e0a190380edb20
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc2d376263fa3716ec6a367001e0a190380edb20
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8caf6de0 by Moritz Mühlenhoff at 2021-09-10T22:17:41+02:00
thunderbird DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[10 Sep 2021] DSA-4973-1 thunderbird - security update
+ [buster] - thunderbird 1:78.14.0-1~deb10u1
+ [bullseye] - thunderbird 1:78.14.0-1~deb11u1
[10 Sep 2021] DSA-4972-1 ghostscript - security update
{CVE-2021-3781}
[bullseye] - ghostscript 9.53.3~dfsg-7+deb11u1
=
data/dsa-needed.txt
=
@@ -44,8 +44,6 @@ runc
--
salt
--
-thunderbird (jmm)
---
varnish
--
xen (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8caf6de08f67192492090f7696339a9ee1b9e177
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8caf6de08f67192492090f7696339a9ee1b9e177
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dd5e3cb1 by security tracker role at 2021-09-10T20:10:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,33 @@
+CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for
ONLYOFFIC ...)
+ TODO: check
+CVE-2021-40863
+ RESERVED
+CVE-2021-40862
+ RESERVED
+CVE-2021-40861
+ RESERVED
+CVE-2021-40860
+ RESERVED
+CVE-2021-40859
+ RESERVED
+CVE-2021-40858
+ RESERVED
+CVE-2021-40857
+ RESERVED
+CVE-2021-40856
+ RESERVED
+CVE-2021-40855
+ RESERVED
+CVE-2021-40854
+ RESERVED
+CVE-2021-40853
+ RESERVED
+CVE-2021-40852
+ RESERVED
+CVE-2021-40851
+ RESERVED
+CVE-2021-40850
+ RESERVED
CVE-2021-40849
RESERVED
CVE-2021-40848
@@ -86,6 +116,7 @@ CVE-2021-3782
RESERVED
CVE-2021-3781 [Include device specifier strings in access validation]
RESERVED
+ {DSA-4972-1}
- ghostscript 9.53.3~dfsg-8 (bug #994011)
[buster] - ghostscript (Vulnerable code introduced later)
[stretch] - ghostscript (Vulnerable code introduced
later)
@@ -1067,8 +1098,8 @@ CVE-2021-40375
RESERVED
CVE-2021-40374
RESERVED
-CVE-2021-40373
- RESERVED
+CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by
entering PHP c ...)
+ TODO: check
CVE-2021-40372
RESERVED
CVE-2021-40371
@@ -1123,8 +1154,7 @@ CVE-2021-40349
RESERVED
CVE-2021-40348
RESERVED
-CVE-2021-40347 [Check a user owns the email they are trying to unsubscribe]
- RESERVED
+CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman
Postorius befo ...)
{DSA-4970-1}
- postorius 1.3.5-1 (bug #993746)
NOTE:
https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b
@@ -3225,7 +3255,7 @@ CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung
H3 devices allows attac
NOT-FOR-US: Samsung
CVE-2021-39372
RESERVED
-CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.5.0
allows an ...)
+CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5
allows an ...)
{DLA-2754-1}
- pywps 4.5.0-1
[bullseye] - pywps (Minor issue)
@@ -5303,7 +5333,7 @@ CVE-2021-38494
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494
CVE-2021-38493
RESERVED
- {DSA-4969-1}
+ {DSA-4969-1 DLA-2756-1}
- firefox 92.0-1
- firefox-esr 78.14.0esr-1
- thunderbird 1:78.14.0-1
@@ -5615,34 +5645,34 @@ CVE-2021-38362
RESERVED
CVE-2021-38361
RESERVED
-CVE-2021-38360
- RESERVED
-CVE-2021-38359
- RESERVED
-CVE-2021-38358
- RESERVED
-CVE-2021-38357
- RESERVED
+CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to
restrictive loca ...)
+ TODO: check
+CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend
Promotions Wor ...)
+ TODO: check
+CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected
Cross-Site S ...)
+ TODO: check
+CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected
Cross-Site Scr ...)
+ TODO: check
CVE-2021-38356
RESERVED
-CVE-2021-38355
- RESERVED
-CVE-2021-38354
- RESERVED
-CVE-2021-38353
- RESERVED
-CVE-2021-38352
- RESERVED
-CVE-2021-38351
- RESERVED
-CVE-2021-38350
- RESERVED
-CVE-2021-38349
- RESERVED
-CVE-2021-38348
- RESERVED
-CVE-2021-38347
- RESERVED
+CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is
vulnerable to Ref ...)
+ TODO: check
+CVE-2021-38352 (The Feedify Web Push Notifications WordPress plugin is
vulnera ...)
+ TODO: check
+CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
+CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
+CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin
is vulne ...)
+ TODO: check
+CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected
Cross-S ...)
+ TODO: check
+CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to
Reflected Cr ...)
+ TODO: check
CVE-2021-38346
RESERVED
CVE-2021-38345
@@ -5653,38 +5683,38 @@ CVE-2021-38343 (The Nested Pages WordPress plugin =
3.1.15 was vulnerable to
NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Expand slightly our TODO item for CVE-2021-40528
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf33c5ee by Salvatore Bonaccorso at 2021-09-10T21:57:27+02:00 Expand slightly our TODO item for CVE-2021-40528 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -708,7 +708,7 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 NOTE: Related to CVE-2021-33560, but not a duplicate - TODO: check details + TODO: check details on fixing changes and relation to CVE-2021-33560 CVE-2021-40527 RESERVED CVE-2021-40526 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf33c5ee1d49d814f9c88cb160bc89c8185d8bab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf33c5ee1d49d814f9c88cb160bc89c8185d8bab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-40528 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15d6e258 by Salvatore Bonaccorso at 2021-09-10T21:56:13+02:00 Mark CVE-2021-40528 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -702,6 +702,8 @@ CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in T NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...) - libgcrypt20 1.9.4-2 + [bullseye] - libgcrypt20 (Minor issue) + [buster] - libgcrypt20 (Minor issue) NOTE: https://eprint.iacr.org/2021/923 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d6e25854ea17662a1dceb4c3dedd2823b4bd5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d6e25854ea17662a1dceb4c3dedd2823b4bd5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-39201/wordpress
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c06dcb46 by Salvatore Bonaccorso at 2021-09-10T21:30:53+02:00 Add Debian bug reference for CVE-2021-39201/wordpress - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3748,7 +3748,7 @@ CVE-2021-39202 (WordPress is a free and open-source content management system wr - wordpress (Vulnerable code introduced later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297 CVE-2021-39201 (WordPress is a free and open-source content management system written ...) - - wordpress + - wordpress (bug #994059) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v CVE-2021-39200 (WordPress is a free and open-source content management system written ...) - wordpress (bug #994060) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c06dcb46df59028ce303372a40d557723162a534 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c06dcb46df59028ce303372a40d557723162a534 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-39200/wordpress
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f1a03157 by Salvatore Bonaccorso at 2021-09-10T21:29:49+02:00 Add Debian bug reference for CVE-2021-39200/wordpress - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3751,7 +3751,7 @@ CVE-2021-39201 (WordPress is a free and open-source content management system wr - wordpress NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v CVE-2021-39200 (WordPress is a free and open-source content management system written ...) - - wordpress + - wordpress (bug #994060) [buster] - wordpress (Vulnerable code introduced later in 5.2) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5 CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1a03157c9cf183e00a8a3323e2c644a2728a1c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1a03157c9cf183e00a8a3323e2c644a2728a1c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add and claim gnutls28
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 86143064 by Sylvain Beucler at 2021-09-10T20:41:50+02:00 dla: add and claim gnutls28 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -33,6 +33,9 @@ firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- +gnutls28 (Sylvain Beucler) + NOTE: 20210910: https://lists.debian.org/debian-lts/2021/09/msg8.html +-- grilo (Thorsten Alteholz) NOTE: 20210825: ssl-use-system-ca-file is used in libsoup2.4 since version 2.38 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/861430647ccad925923b91e06ec63ba9120f2b92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/861430647ccad925923b91e06ec63ba9120f2b92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for ghostscript update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
596ab54e by Salvatore Bonaccorso at 2021-09-10T14:10:03+02:00
Reserve DSA number for ghostscript update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[10 Sep 2021] DSA-4972-1 ghostscript - security update
+ {CVE-2021-3781}
+ [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u1
[09 Sep 2021] DSA-4971-1 ntfs-3g - security update
{CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289
CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251
CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256
CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261
CVE-2021-39262 CVE-2021-39263}
[buster] - ntfs-3g 1:2017.3.23AR.3-3+deb10u1
=
data/dsa-needed.txt
=
@@ -21,8 +21,6 @@ chromium
--
djvulibre
--
-ghostscript (carnil)
---
icu
--
linux (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/596ab54e9ea63a6044b1cb76fc4975828714d64d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/596ab54e9ea63a6044b1cb76fc4975828714d64d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2756-1 for firefox-esr
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c633ade by Emilio Pozuelo Monfort at 2021-09-10T14:01:08+02:00
Reserve DLA-2756-1 for firefox-esr
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[10 Sep 2021] DLA-2756-1 firefox-esr - security update
+ {CVE-2021-38493}
+ [stretch] - firefox-esr 78.14.0esr-1~deb9u1
[05 Sep 2021] DLA-2755-1 btrbk - security update
{CVE-2021-38173}
[stretch] - btrbk 0.24.0-1+deb9u1
=
data/dla-needed.txt
=
@@ -29,8 +29,6 @@ cacti (Roberto C. Sánchez)
debian-archive-keyring (Utkarsh)
NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
--
-firefox-esr (Emilio)
---
firmware-nonfree
NOTE: 20210731: WIP:
https://salsa.debian.org/lts-team/packages/firmware-nonfree
NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding
possible "ignore" tag
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c633ade25c050d716ca4fafe364c9aa79f977c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c633ade25c050d716ca4fafe364c9aa79f977c0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] knot-resolver, btrbk spu/opsu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f99030e2 by Moritz Mühlenhoff at 2021-09-10T11:00:23+02:00 knot-resolver, btrbk spu/opsu - - - - - 2 changed files: - data/next-oldstable-point-update.txt - data/next-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -113,3 +113,5 @@ CVE-2021-2389 [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 CVE-2021-2372 [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 +CVE-2021-38173 + [buster] - btrbk 0.27.1-1+deb10u1 = data/next-point-update.txt = @@ -34,3 +34,7 @@ CVE-2021-33582 [bullseye] - cyrus-imapd 3.2.6-2+deb11u1 CVE-2021-3749 [bullseye] - node-axios 0.21.1+dfsg-1+deb11u1 +CVE-2021-40083 + [bullseye] - knot-resolver 5.3.1-1+deb11u1 +CVE-2021-38173 + [bullseye] - btrbk 0.27.1-1.1+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f99030e2c9ba6e2b6caee0f3ad723fe661b3da59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f99030e2c9ba6e2b6caee0f3ad723fe661b3da59 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08881576 by Salvatore Bonaccorso at 2021-09-10T10:52:21+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14871,13 +14871,13 @@ CVE-2021-34348 CVE-2021-34347 RESERVED CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) - TODO: check + NOT-FOR-US: QNAP CVE-2022-20001 RESERVED CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...) @@ -28809,13 +28809,13 @@ CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...) NOT-FOR-US: TIBCO CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...) NOT-FOR-US: QNAP CVE-2021-28813 (A vulnerability involving insecure storage of sensitive information ha ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-28812 (A command injection vulnerability has been reported to affect certain ...) NOT-FOR-US: QNAP CVE-2021-28811 (If exploited, this command injection vulnerability could allow remote ...) @@ -81370,37 +81370,37 @@ CVE-2020-19297 CVE-2020-19296 RESERVED CVE-2020-19295 (A reflected cross-site scripting (XSS) vulnerability in the /weibo/top ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19294 (A stored cross-site scripting (XSS) vulnerability in the /article/comm ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19293 (A stored cross-site scripting (XSS) vulnerability in the /article/add ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19292 (A stored cross-site scripting (XSS) vulnerability in the /question/ask ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19291 (A stored cross-site scripting (XSS) vulnerability in the /weibo/publis ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19290 (A stored cross-site scripting (XSS) vulnerability in the /weibo/commen ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19289 (A stored cross-site scripting (XSS) vulnerability in the /member/pictu ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19288 (A stored cross-site scripting (XSS) vulnerability in the /localhost/u ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19287 (A stored cross-site scripting (XSS) vulnerability in the /group/post c ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19286 (A stored cross-site scripting (XSS) vulnerability in the /question/det ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19285 (A stored cross-site scripting (XSS) vulnerability in the /group/apply ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19284 (A stored cross-site scripting (XSS) vulnerability in the /group/commen ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19283 (A reflected cross-site scripting (XSS) vulnerability in the /newVersio ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19282 (A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 a ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the /manage/login ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows ...) - TODO: check + NOT-FOR-US: Jeesns CVE-2020-19279 RESERVED CVE-2020-19278 @@ -183770,7 +183770,7 @@ CVE-2018-19959 CVE-2018-19958 RESERVED CVE-2018-19957 (A vulnerability involving insufficient HTTP security headers has been ...) - TODO: check + NOT-FOR-US: QNAP CVE-2018-19956 (The cross-site scripting vulnerability has been reported to affect ear ...) NOT-FOR-US: QNAP CVE-2018-19955 (The cross-site scripting vulnerability has been reported to affect ear ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0888157698cf1d439035567ae53c7ae1668e5874 -- View
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3920{0,1}/wordpress
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81a0aee1 by Salvatore Bonaccorso at 2021-09-10T10:48:28+02:00
Add CVE-2021-3920{0,1}/wordpress
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3748,9 +3748,12 @@ CVE-2021-39202 (WordPress is a free and open-source
content management system wr
- wordpress (Vulnerable code introduced later)
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297
CVE-2021-39201 (WordPress is a free and open-source content management system
written ...)
- TODO: check
+ - wordpress
+ NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v
CVE-2021-39200 (WordPress is a free and open-source content management system
written ...)
- TODO: check
+ - wordpress
+ [buster] - wordpress (Vulnerable code introduced later
in 5.2)
+ NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5
CVE-2021-39199 (remark-html is an open source nodejs library which compiles
Markdown t ...)
NOT-FOR-US: Node remark-html
CVE-2021-39198
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81a0aee129a3fd49bd1db699c565c4e53b888e4b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81a0aee129a3fd49bd1db699c565c4e53b888e4b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two wordpress issues only affecting 5.8 beta versions
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ab1e70ec by Salvatore Bonaccorso at 2021-09-10T10:45:21+02:00 Process two wordpress issues only affecting 5.8 beta versions - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3742,9 +3742,11 @@ CVE-2021-39205 CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) TODO: check CVE-2021-39203 (WordPress is a free and open-source content management system written ...) - TODO: check + - wordpress (Only affects 5.8 beta 1; vulnerable code introduced later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6 CVE-2021-39202 (WordPress is a free and open-source content management system written ...) - TODO: check + - wordpress (Vulnerable code introduced later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297 CVE-2021-39201 (WordPress is a free and open-source content management system written ...) TODO: check CVE-2021-39200 (WordPress is a free and open-source content management system written ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1e70eccd6659ca0ca11f3e0f02fcda54a1082b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1e70eccd6659ca0ca11f3e0f02fcda54a1082b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2021-3781 in ghostscript for stretch LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c8ea3d3 by Chris Lamb at 2021-09-10T09:23:20+01:00 Triage CVE-2021-3781 in ghostscript for stretch LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -88,6 +88,7 @@ CVE-2021-3781 [Include device specifier strings in access validation] RESERVED - ghostscript 9.53.3~dfsg-8 (bug #994011) [buster] - ghostscript (Vulnerable code introduced later) + [stretch] - ghostscript (Vulnerable code introduced later) NOTE: https://twitter.com/ducnt_/status/1434534373416574983 NOTE: https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704342 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8ea3d35828eb51a85748ef8ca6a028b1576c28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8ea3d35828eb51a85748ef8ca6a028b1576c28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2020-19750 in gpac for stretch LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d7f1083 by Chris Lamb at 2021-09-10T09:22:32+01:00 Triage CVE-2020-19750 in gpac for stretch LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -80385,6 +80385,7 @@ CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool CVE-2020-19750 (An issue was discovered in gpac 0.8.0. The strdup function in box_code ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1262 NOTE: https://github.com/gpac/gpac/commit/3fcf66c6031da966cf33ee89bcbefa2f8bec4b02 (v0.9.0-preview~20) CVE-2020-19749 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d7f10838ddf8846650b040e51bcb983576acdd1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d7f10838ddf8846650b040e51bcb983576acdd1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 25a483c1 by security tracker role at 2021-09-10T08:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2021-40849 + RESERVED +CVE-2021-40848 + RESERVED +CVE-2021-40847 + RESERVED +CVE-2021-40846 + RESERVED +CVE-2021-40845 + RESERVED +CVE-2021-40844 + RESERVED +CVE-2021-40843 + RESERVED +CVE-2021-40842 + RESERVED +CVE-2021-40841 + RESERVED +CVE-2021-40840 + RESERVED +CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...) + TODO: check +CVE-2021-40838 + RESERVED CVE-2021-40837 RESERVED CVE-2021-40836 @@ -3710,20 +3734,20 @@ CVE-2021-39208 RESERVED CVE-2021-39207 RESERVED -CVE-2021-39206 - RESERVED +CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) + TODO: check CVE-2021-39205 RESERVED -CVE-2021-39204 - RESERVED -CVE-2021-39203 - RESERVED -CVE-2021-39202 - RESERVED -CVE-2021-39201 - RESERVED -CVE-2021-39200 - RESERVED +CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) + TODO: check +CVE-2021-39203 (WordPress is a free and open-source content management system written ...) + TODO: check +CVE-2021-39202 (WordPress is a free and open-source content management system written ...) + TODO: check +CVE-2021-39201 (WordPress is a free and open-source content management system written ...) + TODO: check +CVE-2021-39200 (WordPress is a free and open-source content management system written ...) + TODO: check CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...) NOT-FOR-US: Node remark-html CVE-2021-39198 @@ -3809,8 +3833,8 @@ CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and - matrix-synapse 1.41.1-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2 NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1) -CVE-2021-39162 - RESERVED +CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) + TODO: check CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...) @@ -14840,14 +14864,14 @@ CVE-2021-34348 RESERVED CVE-2021-34347 RESERVED -CVE-2021-34346 - RESERVED -CVE-2021-34345 - RESERVED -CVE-2021-34344 - RESERVED -CVE-2021-34343 - RESERVED +CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + TODO: check +CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + TODO: check +CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + TODO: check +CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + TODO: check CVE-2022-20001 RESERVED CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...) @@ -18730,8 +18754,8 @@ CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storag - nextcloud-server (bug #941708) CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) -CVE-2021-32724 - RESERVED +CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...) + TODO: check CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...) NOT-FOR-US: Prism CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...) @@ -28778,14 +28802,14 @@ CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing NOT-FOR-US: TIBCO CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...) NOT-FOR-US: TIBCO -CVE-2021-28816 - RESERVED +CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + TODO: check CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...) NOT-FOR-US: QNAP -CVE-2021-28813 - RESERVED +CVE-2021-28813 (A vulnerability involving insecure storage of sensitive information ha ...) + TODO: check CVE-2021-28812 (A command
[Git][security-tracker-team/security-tracker][master] Remove erroneous bug reference for gpac
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: e12e10d8 by Neil Williams at 2021-09-10T07:50:58+01:00 Remove erroneous bug reference for gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -80353,7 +80353,7 @@ CVE-2020-19752 (The find_color_or_error function in gifsicle 1.92 contains a NUL NOTE: https://github.com/kohler/gifsicle/issues/140 NOTE: https://github.com/kohler/gifsicle/commit/eb9e083dcc0050996d79de2076ddc76011ad2f10 (v1.93) CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool functi ...) - - gpac 1.0.1+dfsg1-2 (bug #993979) + - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) [stretch] - gpac (Vulnerable code introduced later) NOTE: https://github.com/gpac/gpac/issues/1272 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12e10d88ab5a1f311ffbb115b0a22004d620480 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12e10d88ab5a1f311ffbb115b0a22004d620480 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take Update dla-needed.txt
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 65571a4a by Anton Gladky at 2021-09-10T06:11:13+00:00 LTS: take Update dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -41,7 +41,7 @@ grilo (Thorsten Alteholz) krb5 (Adrian Bunk) NOTE: 20210905: testing fixes -- -libxstream-java +libxstream-java (Anton Gladky) NOTE: 20210901: See thread at https://www.mail-archive.com/debian-lts@lists.debian.org/msg09588.html -- linux (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65571a4a89699e4486016e65e7247e66554162cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65571a4a89699e4486016e65e7247e66554162cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
