[Git][security-tracker-team/security-tracker][master] Reclaim qt4-x11
Scarlett Gately Moore pushed to branch master at Debian Security Tracker / security-tracker Commits: 70dc0fcd by Scarlett Moore at 2023-07-05T04:57:05-07:00 Reclaim qt4-x11 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -184,7 +184,7 @@ python-os-brick NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. -- -qt4-x11 +qt4-x11 (sgmoore) NOTE: 20230612: Added by Front-Desk (apo) NOTE: 20230615: VCS: https://salsa.debian.org/qt-kde-team/qt/qt4-x11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70dc0fcdd552b8e0cc720765c52f789331b14659 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70dc0fcdd552b8e0cc720765c52f789331b14659 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim golang-yaml.v2
Scarlett Gately Moore pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ecbede3 by Scarlett Moore at 2023-06-29T04:57:47-07:00 Reclaim golang-yaml.v2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -71,7 +71,7 @@ fusiondirectory (Abhijith PA) glib2.0 (santiago) NOTE: 20230612: Added by Front-Desk (apo) -- -golang-yaml.v2 +golang-yaml.v2 (sgmoore) NOTE: 20230125: Added by Front-Desk (gladk) NOTE: 20230525: In review with utkarsh. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ecbede30a8413bccb70bcae446b912e28b24a1b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ecbede30a8413bccb70bcae446b912e28b24a1b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add VCS entry for qt4-x11
Scarlett Gately Moore pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d2cef31 by Scarlett Moore at 2023-06-15T09:56:43-07:00 Add VCS entry for qt4-x11 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -159,6 +159,7 @@ python3.7 (Adrian Bunk) -- qt4-x11 (sgmoore) NOTE: 20230612: Added by Front-Desk (apo) + NOTE: 20230615: VCS: https://salsa.debian.org/qt-kde-team/qt/qt4-x11 -- rails NOTE: 20220909: Re-added due to regression (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d2cef31024ef5223ab08f9097c57ecc7185fd26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d2cef31024ef5223ab08f9097c57ecc7185fd26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim qt4-x11
Scarlett Gately Moore pushed to branch master at Debian Security Tracker / security-tracker Commits: 10c665da by Scarlett Moore at 2023-06-13T06:14:31-07:00 claim qt4-x11 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -152,7 +152,7 @@ python3.7 (Adrian Bunk) NOTE: 20230220: Added by Front-Desk (ola) NOTE: 20230228: Waiting for actual upstream fix for CVE-2023-24329. (bunk) -- -qt4-x11 +qt4-x11 (sgmoore) NOTE: 20230612: Added by Front-Desk (apo) -- rails View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10c665dae1fadbeba34f1b8c87390268c6feb3af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10c665dae1fadbeba34f1b8c87390268c6feb3af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add notes for golang-yaml.v2 and python-oslo.privsep.
Scarlett Gately Moore pushed to branch master at Debian Security Tracker / security-tracker Commits: be768f13 by Scarlett Moore at 2023-05-25T08:14:28-07:00 Add notes for golang-yaml.v2 and python-oslo.privsep. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -55,6 +55,7 @@ golang-yaml.v2 (sgmoore) NOTE: 20230125: Programming language: Go. NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't). + NOTE: 20230525: In review with utkarsh. -- hdf5 NOTE: 20230318: Programming language: C. @@ -143,6 +144,8 @@ php-cas python-oslo.privsep NOTE: 20221231: Programming language: Python. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git + NOTE: 20230525: CVE-2022-38065 has been marked as Won't-fix/Hardening opportunity. + NOTE: 20230525: It was mentioned the fix was easy but tedious. It is consumer design flaw issue. -- python3.7 NOTE: 20230220: Programming language: Python. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be768f13700c4e433387c4e84eb0283a6cb3fb5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be768f13700c4e433387c4e84eb0283a6cb3fb5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Scarlett Gately Moore pushed to branch master at Debian Security Tracker / security-tracker Commits: 0fb19973 by Scarlett Moore at 2023-05-04T10:43:53-07:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9122,11 +9122,11 @@ CVE-2023-1387 (Grafana is an open-source platform for monitoring and observabili CVE-2023-1386 RESERVED CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing due to ...) - TODO: check + NOT-FOR-US: Amazon Fire TV Stick 3rd gen CVE-2023-1384 (The setMediaSource function on the amzn.thin.pl service does not sanit ...) - TODO: check + NOT-FOR-US: Amazon Fire TV Stick 3rd gen CVE-2023-1383 (An Improper Enforcement of Behavioral Workflow vulnerability in the ex ...) - TODO: check + NOT-FOR-US: Amazon Fire TV Stick 3rd gen CVE-2023-1382 (A data race flaw was found in the Linux kernel, between where con is a ...) - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fb19973c3ebda380b3d6aeec69e267cd2ee55ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fb19973c3ebda380b3d6aeec69e267cd2ee55ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3392-1 for ruby-rack
Scarlett Gately Moore pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
03a216fa by Scarlett Moore at 2023-04-17T06:28:46-07:00
Reserve DLA-3392-1 for ruby-rack
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[17 Apr 2023] DLA-3392-1 ruby-rack - security update
+ {CVE-2023-27530 CVE-2023-27539}
+ [buster] - ruby-rack 2.0.6-3+deb10u3
[12 Apr 2023] DLA-3391-1 firefox-esr - security update
{CVE-2023-1945 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536
CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
[buster] - firefox-esr 102.10.0esr-1~deb10u1
=
data/dla-needed.txt
=
@@ -283,10 +283,6 @@ ruby-loofah (dleidert)
NOTE: 20230403: See "RFC: ruby-loofah 2.2.3-1+deb10u2" thread on debian-lts
list. (lamby)
NOTE: 20230403: Everything ready, just waiting for
ruby-rails-html-sanitizer/utkarsh (dleidert)
--
-ruby-rack ( utkarsh & sgmoore )
- NOTE: 20230313: Programming language: Ruby.
- NOTE: 20230313: VCS: https://salsa.debian.org/lts-team/packages/ruby-rack.git
---
ruby-rails-html-sanitizer
NOTE: 20221231: Programming language: Ruby.
NOTE: 20221231: VCS:
https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03a216fa84a1e02b9dd9ff1560af8b1db85f1ebd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03a216fa84a1e02b9dd9ff1560af8b1db85f1ebd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim ruby-rack ( with utkarsh as mentor )
Scarlett Gately Moore pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d1461ca by Scarlett Moore at 2023-04-05T10:51:21-07:00 Claim ruby-rack ( with utkarsh as mentor ) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -257,7 +257,7 @@ ruby-loofah (dleidert) NOTE: 20230403: See "RFC: ruby-loofah 2.2.3-1+deb10u2" thread on debian-lts list. (lamby) NOTE: 20230403: Everything ready, just waiting for ruby-rails-html-sanitizer/utkarsh (dleidert) -- -ruby-rack +ruby-rack ( utkarsh & sgmoore ) NOTE: 20230313: Programming language: Ruby. NOTE: 20230313: VCS: https://salsa.debian.org/lts-team/packages/ruby-rack.git -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1461caa7465a504b6219e42f26f10f732efb9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1461caa7465a504b6219e42f26f10f732efb9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
