[Git][security-tracker-team/security-tracker][master] 2 commits: update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 7776373b by Thorsten Alteholz at 2023-07-30T23:33:39+02:00 update note - - - - - 36c7fadb by Thorsten Alteholz at 2023-07-30T23:33:39+02:00 claim amanda - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,7 +21,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -amanda +amanda (Thorsten Alteholz) NOTE: 20230730: Added by Front-Desk (apo) -- cairosvg (gladk) @@ -141,7 +141,7 @@ rails ring (Thorsten Alteholz) NOTE: 20221120: Added by Front-Desk (ta) NOTE: 20230507: testing package - NOTE: 20230716: testing package, not all tests pass yet + NOTE: 20230730: testing package, not all tests pass yet -- ruby-loofah NOTE: 20221231: Added by Front-Desk (ola) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bdc959b6a1ec130ec9970e70826f1b35d2383fc...36c7fadb74d6b19bcac9f89bb1167e782368efe6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bdc959b6a1ec130ec9970e70826f1b35d2383fc...36c7fadb74d6b19bcac9f89bb1167e782368efe6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: update note for slirp
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c1d8909 by Thorsten Alteholz at 2020-12-20T17:41:05+01:00 update note for slirp - - - - - 8d657e6d by Thorsten Alteholz at 2020-12-20T17:41:05+01:00 update notes for openjpeg2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -119,6 +119,7 @@ openjdk-8 (Emilio) NOTE: 20201215: regression update (Emilio) -- openjpeg2 (Thorsten Alteholz) + NOTE: 20201220: more CVEs appeared -- p11-kit (Adrian Bunk) -- @@ -170,6 +171,7 @@ slirp (Thorsten Alteholz) NOTE: Upstream patch for CVE-2020-8608 requires patches for NOTE: CVE-2020-7039 to be applied patched first, as they both patch NOTE: the same lines of code in tcp_subr.c (bam). + NOTE: update has to done in sid->buster->stretch -- snapd NOTE: Needs rebuild for CVE-2019-11840 in golang-go.crypto. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/56cccb3889127589cbb6a5c5d1e99c7bc668e719...8d657e6dbb0ffe7dcb6d5b343836bbea038c0615 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/56cccb3889127589cbb6a5c5d1e99c7bc668e719...8d657e6dbb0ffe7dcb6d5b343836bbea038c0615 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Update note for ceph in dla-needed.txt.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: cbbc1cfd by Chris Lamb at 2020-04-09T12:15:07+01:00 Update note for ceph in dla-needed.txt. - - - - - 3f108000 by Chris Lamb at 2020-04-09T12:15:07+01:00 Update note for ceph in jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -17,6 +17,9 @@ bluez (Emilio) NOTE: 20200330: wip -- ceph (Chris Lamb) + NOTE: 20200408: Upstream patch for CVE-2020-1760 does not cleanly apply; no + NOTE: 20200408: std::any_of and lack of parsing of request state means no + NOTE: 20200408: handy "is_anonymous" method. (lamby) -- graphicsmagick (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b940cf27d063e187cf4985adae42725df790116e...3f1080008c1514965342604fc1dd673f1ca7c261 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b940cf27d063e187cf4985adae42725df790116e...3f1080008c1514965342604fc1dd673f1ca7c261 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Update note for CVE-2020-1957 in hiro after upstream investigation.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 307848b6 by Chris Lamb at 2020-03-28T09:32:39+00:00 Update note for CVE-2020-1957 in hiro after upstream investigation. - - - - - 28f1f7cd by Chris Lamb at 2020-03-28T09:32:46+00:00 Triage CVE-2020-1957 in shiro for jessie LTS. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22294,7 +22294,10 @@ CVE-2020-1958 RESERVED CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...) - shiro (bug #955018) + [jessie] - shiro (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 + NOTE: Possibly introduced in https://github.com/lamby/shiro/commit/a380b7d27be549e612d11ee04a84ac177677323c (1.5.0+) + NOTE: Possible fix at https://github.com/apache/shiro/pull/203 CVE-2020-1956 RESERVED CVE-2020-1955 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e17683e2ddbb47e2188e36806c1d582811696cca...28f1f7cd6057e52bb888159baa4e1d78b0603e1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e17683e2ddbb47e2188e36806c1d582811696cca...28f1f7cd6057e52bb888159baa4e1d78b0603e1d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Update note for pdfresurrect in jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 16726651 by Chris Lamb at 2020-03-03T10:43:12-08:00 Update note for pdfresurrect in jessie LTS. - - - - - 2666c7dc by Chris Lamb at 2020-03-03T10:43:39-08:00 Claim pdfresurrect for jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -53,8 +53,9 @@ nova (Thorsten Alteholz) opendmarc (Thorsten Alteholz) NOTE: 20200302: still testing package, original patch does not seem to be enough, still ongoing -- -pdfresurrect +pdfresurrect (Chris Lamb) NOTE: 20200302: no upstream patch yet (lamby) + NOTE: 20200303: upstream patch now available (lamby) -- php5 (Utkarsh Gupta) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/44c5e13377b3c564bd1afc287b253279ced723e3...2666c7dcb15a9a182960af29d33e58f25463072c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/44c5e13377b3c564bd1afc287b253279ced723e3...2666c7dcb15a9a182960af29d33e58f25463072c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c759bb3 by Thorsten Alteholz at 2019-09-29T21:10:49Z update note - - - - - c4faa798 by Thorsten Alteholz at 2019-09-29T21:11:28Z add python2.7 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -99,6 +99,7 @@ netty (Mike Gabriel) nghttp2 -- opendmarc (Thorsten Alteholz) + NOTE: 20190929: testing package -- openjpeg2 -- @@ -107,6 +108,8 @@ pam-python -- poppler (Thorsten Alteholz) -- +python2.7 +-- radare2 NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/69dacf3e61bc96d42ba6ee5a5d17aed0493be8e2...c4faa798103c9ac007f1e5c2fec098bebf86c2c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/69dacf3e61bc96d42ba6ee5a5d17aed0493be8e2...c4faa798103c9ac007f1e5c2fec098bebf86c2c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: update note for bind9
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 448a3049 by Thorsten Alteholz at 2019-05-26T17:46:18Z update note for bind9 - - - - - 14c63ada by Thorsten Alteholz at 2019-05-26T17:48:04Z update note for wpa - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -19,6 +19,7 @@ axis -- bind9 (Thorsten Alteholz) NOTE: 20190512: test package + NOTE: 20190526: test package failed, probably not vulnerable -- claws-mail NOTE: 20190408: patch not yet available @@ -127,6 +128,7 @@ wordpress -- wpa (Thorsten Alteholz) NOTE: 20190512: test package + NOTE: 20190526: tests failed, comparing with Stretch version -- xen (worked on by credativ) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9752b83a773e6ad65866e48a818463a628be355...14c63adaa51ed795ddc18369396d0b6655fc2b85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9752b83a773e6ad65866e48a818463a628be355...14c63adaa51ed795ddc18369396d0b6655fc2b85 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: cecefeb0 by Thorsten Alteholz at 2019-04-14T20:38:51Z update note - - - - - 7f0b3146 by Thorsten Alteholz at 2019-04-14T20:40:00Z claim gpac - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -41,7 +41,7 @@ ghostscript (Sylvain Beucler) NOTE: 20190327: https://lists.debian.org/debian-lts/2019/03/msg00122.html NOTE: 20190409: will backport 9.27 following stable-security (cf. dsa-needed.txt) -- -gpac +gpac (Thorsten Alteholz) -- gradle NOTE: 20190412: unless you believe http->https would cause significant breakage; @@ -127,6 +127,7 @@ systemd (Mike Gabriel) NOTE: 20190409: easily backportable to system in jessie. -- wget (Thorsten Alteholz) + NOTE: test package -- wireshark (Hugo Lefeuvre) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/44e021a6d6838395ee246b49b35a850dfd1e2038...7f0b31466f50e4f6ecee2bc41a6e165fda91bc34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/44e021a6d6838395ee246b49b35a850dfd1e2038...7f0b31466f50e4f6ecee2bc41a6e165fda91bc34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
