[Git][security-tracker-team/security-tracker][master] Reserve DLA-3635-1 for node-browserify-sign
Yadd pushed to branch master at Debian Security Tracker / security-tracker Commits: a14aab60 by Yadd at 2023-10-29T07:40:43+04:00 Reserve DLA-3635-1 for node-browserify-sign - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[29 Oct 2023] DLA-3635-1 node-browserify-sign - security update + {CVE-2023-46234} + [buster] - node-browserify-sign 4.0.4-2+deb10u1 [28 Oct 2023] DLA-3634-1 nss - security update {CVE-2020-25648 CVE-2023-4421} [buster] - nss 2:3.42.1-1+deb10u7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a14aab601e01dd5295eccf72932b4ece43c09235 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a14aab601e01dd5295eccf72932b4ece43c09235 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3618-1 for node-babel
Yadd pushed to branch master at Debian Security Tracker / security-tracker Commits: eb9d9f71 by Yadd at 2023-10-14T08:00:53+04:00 Reserve DLA-3618-1 for node-babel - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[14 Oct 2023] DLA-3618-1 node-babel - security update + {CVE-2023-45133} + [buster] - node-babel 6.26.0+dfsg-3+deb10u1 [13 Oct 2023] DLA-3617-1 tomcat9 - security update {CVE-2023-24998 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648} [buster] - tomcat9 9.0.31-1~deb10u9 = data/dla-needed.txt = @@ -136,8 +136,6 @@ mosquitto (Markus Koschany) nghttp2 NOTE: 20231014: Added by Front-Desk (ta) -- -node-babel (Yadd) --- node-webpack NOTE: 20231005: Added by Front-Desk (Beuc) NOTE: 20231005: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb9d9f712302846c7d00ae455bcd992902ef3c16 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb9d9f712302846c7d00ae455bcd992902ef3c16 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim node-babel in dla-needed.txt
Yadd pushed to branch master at Debian Security Tracker / security-tracker Commits: cc713289 by Yadd at 2023-10-14T07:49:16+04:00 Claim node-babel in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -136,6 +136,8 @@ mosquitto (Markus Koschany) nghttp2 NOTE: 20231014: Added by Front-Desk (ta) -- +node-babel (Yadd) +-- node-webpack NOTE: 20231005: Added by Front-Desk (Beuc) NOTE: 20231005: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc713289f62d406c8c6ef078cfe90468471936e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc713289f62d406c8c6ef078cfe90468471936e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix lemonldap-ng version
Yadd pushed to branch master at Debian Security Tracker / security-tracker Commits: cab272a6 by Yadd at 2023-10-08T19:11:00+04:00 Fix lemonldap-ng version - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,6 +1,6 @@ [08 Oct 2023] DLA-3612-1 lemonldap-ng - security update {CVE-2023-44469} - [buster] - lemonldap-ng 2.0.2+ds-7+deb10u9 + [buster] - lemonldap-ng 2.0.2+ds-7+deb10u10 [08 Oct 2023] DLA-3611-1 inetutils - security update {CVE-2019-0053 CVE-2023-40303} [buster] - inetutils 2:1.9.4-7+deb10u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cab272a6d3b80e70022db5c5d468813a21a129b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cab272a6d3b80e70022db5c5d468813a21a129b8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3612-1 for lemonldap-ng
Yadd pushed to branch master at Debian Security Tracker / security-tracker Commits: 4afa9583 by Yadd at 2023-10-08T17:53:07+04:00 Reserve DLA-3612-1 for lemonldap-ng - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -1206,7 +1206,6 @@ CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer - lemonldap-ng 2.17.1+ds-1 [bookworm] - lemonldap-ng 2.16.1+ds-deb12u2 [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u5 - [buster] - lemonldap-ng (Minor issue) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2998 NOTE: https://security.lauritz-holtmann.de/post/sso-security-ssrf/ CVE-2023-44466 (An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[08 Oct 2023] DLA-3612-1 lemonldap-ng - security update + {CVE-2023-44469} + [buster] - lemonldap-ng 2.0.2+ds-7+deb10u9 [08 Oct 2023] DLA-3611-1 inetutils - security update {CVE-2019-0053 CVE-2023-40303} [buster] - inetutils 2:1.9.4-7+deb10u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4afa9583c6291967c27b336f036a42bfdb6fc79b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4afa9583c6291967c27b336f036a42bfdb6fc79b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2684-1 for lasso
Yadd pushed to branch master at Debian Security Tracker / security-tracker Commits: 67caa249 by Yadd at 2021-06-10T00:04:56+02:00 Reserve DLA-2684-1 for lasso - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[10 Jun 2021] DLA-2684-1 lasso - security update + {CVE-2021-28091} + [stretch] - lasso 2.5.0-5+deb9u1 [09 Jun 2021] DLA-2683-1 rxvt - security update {CVE-2017-7483 CVE-2021-33477} [stretch] - rxvt 1:2.7.10-7+deb9u2 = data/dla-needed.txt = @@ -51,8 +51,6 @@ gpac (Thorsten Alteholz) -- htmldoc (Chris Lamb) -- -lasso (Yadd) --- libxstream-java NOTE: 20210603: upstream changed the default security framework to a whitelist, NOTE: 20210603: we should consider checking rdeps and doing the same and announce View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67caa249399fd8bbb5b3f130b9a0a757396b7961 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67caa249399fd8bbb5b3f130b9a0a757396b7961 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim lasso in dla-needed.txt
Yadd pushed to branch master at Debian Security Tracker / security-tracker Commits: 68a4f27c by Yadd at 2021-06-09T23:47:57+02:00 Claim lasso in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -51,7 +51,7 @@ gpac (Thorsten Alteholz) -- htmldoc (Chris Lamb) -- -lasso (Abhijith PA) +lasso (Yadd) -- libxstream-java NOTE: 20210603: upstream changed the default security framework to a whitelist, View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a4f27c45a79008adf003e6fcba06ba3db8a3f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a4f27c45a79008adf003e6fcba06ba3db8a3f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits