Hi,
On 07/06/2021 09:40, Emilio Pozuelo Monfort wrote:
On 02/06/2021 14:24, Markus Koschany wrote:
Am Mittwoch, den 02.06.2021, 12:26 +0200 schrieb Emilio Pozuelo Monfort:
I think it is time
we declare the block list unsupported, asking users to switch to the
allow
list.
Thoughts?
I
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1840866e by Sylvain Beucler at 2021-06-18T18:34:46+02:00
dla: claim libxstream-java
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf1273c4 by Sylvain Beucler at 2021-06-18T18:19:27+02:00
CVE-2021-29505/libxstream-java: reference patch
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c44f06a by Sylvain Beucler at 2021-06-17T22:15:19+02:00
CVE-2018-1000211/ruby-doorkeeper: stretch ignored
- - - - -
7e0d8190 by Sylvain Beucler at 2021-06-17T22:15:20+02:00
CVE-2018-188/ruby
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2688-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
June 17, 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8890d64b by Sylvain Beucler at 2021-06-17T20:22:44+02:00
Reserve DLA-2688-1 for jetty9
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes
Hi Chris,
The script checks:
https://salsa.debian.org/webmaster-team/webwml/-/tree/master/english/lts/security/2021
Maybe you forgot to git-push there?
- Sylvain
On 14/06/2021 09:08, Chris Lamb wrote:
Hi Holger,
Just three DLAs have been reserved and haven't been published yet:
Thanks
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89c1207a by Sylvain Beucler at 2021-06-12T18:58:58+02:00
CVE-2019-10241/jetty: fix comment
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b7635f80 by Sylvain Beucler at 2021-06-11T18:43:27+02:00
dla: claim jetty9
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5a5580b by Sylvain Beucler at 2021-06-11T15:47:11+02:00
CVE-2021-28169/jetty: reference patch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
303b251d by Sylvain Beucler at 2021-06-10T18:32:30+02:00
dla: claim ruby-doorkeeper
- - - - -
19ac6194 by Sylvain Beucler at 2021-06-10T18:33:03+02:00
dla: ruby-doorkeeper: drop notes on CVE-2020
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
91e89727 by Sylvain Beucler at 2021-06-10T18:10:30+02:00
CVE-2021-28834/ruby-kramdown: stretch not-affected
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
24a4686b by Sylvain Beucler at 2021-06-10T17:06:10+02:00
dla: claim ruby-kramdown
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65b9d151 by Sylvain Beucler at 2021-06-09T19:07:46+02:00
dla: squid3: reference ELTS same-version upload
- - - - -
1 changed file:
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c2ea11b0 by Sylvain Beucler at 2021-06-09T19:04:16+02:00
dla: xmlbeans: report IRC discussion + ELTS status
- - - - -
1 changed file:
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
528df0ea by Sylvain Beucler at 2021-06-03T23:28:13+02:00
squid3/CVE-2021-28116: add upstream status
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b308cf2 by Sylvain Beucler at 2021-06-03T22:46:15+02:00
dla: squid3: reference elts work
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data
Hi,
I asked upstream for further information about this vulnerability:
https://bugs.squid-cache.org/show_bug.cgi?id=5131
Cheers!
Sylvain Beucler
Debian LTS Team
an-lts/2021/05/msg00081.html
– samba: dialogue with upstream on handling and testing security
issues in Debian
https://lists.debian.org/debian-security/2021/05/msg00010.html
https://lists.debian.org/debian-security/2021/05/msg00013.html
--
Sylvain Beucler
Debian LTS Team
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2667-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
May 26, 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a03ea860 by Sylvain Beucler at 2021-05-26T17:15:49+02:00
Reserve DLA-2667-1 for djvulibre
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12af51f2 by Sylvain Beucler at 2021-05-25T17:54:33+02:00
djvulibre: reference upstream patches
CVE-2021-3500
CVE-2021-32490
CVE-2021-32491
CVE-2021-32492
CVE-2021-32493
- - - - -
1 changed file
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5ac234a by Sylvain Beucler at 2021-05-25T17:18:04+02:00
dla: claim djvulibre
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla
Cheers!
Sylvain Beucler
Debian LTS Team
On 25/05/2021 15:52, Ola Lundqvist wrote:
Hi
I do not know the details of i2pd package.
For stretch we generally update only due to security reasons. There are
exceptions, but it needs to be a really good one. Like "if we do not
update the package is us
Hello Andrew,
On Tue, May 18, 2021 at 09:38:30AM +1200, Andrew Bartlett wrote:
> Yes, due to the various cycles, freeze windows and support lifetimes,
> Debian almost always ships unsupported Samba versions, and even if the
> series is supported, the point release is not, because those are not
>
specifically, which is extended support and is
usually performed by the LTS team without involving the package
maintainers, you may want to reach debian-...@lists.debian.org.
Cheers!
Sylvain Beucler
Debian LTS Team
On Wed, May 12, 2021 at 07:34:56PM +1200, Andrew Bartlett wrote:
> On Wed, 2021-05-12
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d33a4d2b by Sylvain Beucler at 2021-05-17T21:09:45+02:00
CVE-2021-30130/phpseclib: precise affected versions
- - - - -
1 changed file:
- data/CVE/list
Changes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2664-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
May 17, 2021
t; wrote:
Hi Sylvain
I have done some regression testing and it looks fine.
I'll try to reproduce the actual issue too.
// Ola
On Mon, 17 May 2021 at 11:09, Sylvain Beucler mailto:b...@beuc.net>> wrote:
Hi,
I thought you'd rebuild but here you go.
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57bf5a8f by Sylvain Beucler at 2021-05-17T16:32:01+02:00
Reserve DLA-2664-1 for curl
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes
Hi,
According to debian-security-support, golang packages are not
"unsupported" but with "limited support".
Currently some packages are updated in stable and rdeps are manually
bin-num'd (e.g. #946467), see also
https://www.debian.org/News/2020/20200718 for stretch-before-LTS.
It looks like
?
// Ola
On Sun, 16 May 2021 at 09:08, Ola Lundqvist <mailto:o...@inguza.com>> wrote:
Hi
I have reviewed the changes and it looks good.
I'll see if I can get some time to perform any relevant tests too.
// Ola
On Sat, 15 May 2021 at 23:34, Sylvain Beucler
://wiki.debian.org/LTS/TestSuites/curl
Cheers!
Sylvain
On 15/05/2021 23:22, Ola Lundqvist wrote:
Hi Sylvain
Great! Let me know if you want help with review, testing or something else.
// Ola
On Sat, 15 May 2021 at 23:18, Sylvain Beucler <mailto:b...@beuc.net>> wrote:
Hi,
I claimed it
Hi,
I claimed it yesterday and my work is mostly done.
Cheers!
Sylvain
On 15/05/2021 23:11, Ola Lundqvist wrote:
Hi Utkarsh
I have looked into your patch and I think it looks good. I do not fully
understand why all the changes in url.c were done but I think it looks
fine anyway.
The risk
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
557abac5 by Sylvain Beucler at 2021-05-14T19:08:45+02:00
dla: claim curl
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2661-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
May 14, 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d5b791b9 by Sylvain Beucler at 2021-05-14T15:16:10+02:00
Reserve DLA-2560-1 for jetty9
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac4780d1 by Sylvain Beucler at 2021-05-12T21:22:04+02:00
CVE-2019-10241/jetty: jessie not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fbdcc650 by Sylvain Beucler at 2021-05-12T11:16:25+02:00
CVE-2021-28165/jetty9: stretch ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5df94d08 by Sylvain Beucler at 2021-05-11T16:56:10+02:00
CVE-2021-28164/jetty9: stretch not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e8ca1d9 by Sylvain Beucler at 2021-05-11T16:25:41+02:00
CVE-2021-28163/jetty9: stretch not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6efb962b by Sylvain Beucler at 2021-05-11T12:32:57+02:00
CVE-2020-27223/jetty: stretch not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f694561d by Sylvain Beucler at 2021-05-10T19:00:56+02:00
CVE-2020-27218/jetty9: reference upstream issue
- - - - -
1f1ba2f2 by Sylvain Beucler at 2021-05-10T19:02:22+02:00
CVE-2020-27218/jetty9
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3098cdc by Sylvain Beucler at 2021-05-07T22:02:53+02:00
dla: jetty9: status update
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed434dea by Sylvain Beucler at 2021-05-04T18:50:28+02:00
Revert CVE-2021-28165/jetty9: stretch not-affected
This reverts commit 369b750e0e56ae70a90f5aa1435f91e5ece6e342.
Requires further
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac53d842 by Sylvain Beucler at 2021-05-04T17:57:32+02:00
CVE-2021-28163,CVE-2021-28164,CVE-2021-28165/jetty: add references
- - - - -
369b750e by Sylvain Beucler at 2021-05-04T18:41:31+02:00
CVE
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d0b31b1 by Sylvain Beucler at 2021-05-04T17:03:12+02:00
CVE-2019-10241/jetty: reference issue with patches
- - - - -
1bbb4b03 by Sylvain Beucler at 2021-05-04T17:03:13+02:00
CVE-2018-12536/jetty
anyway.
Fine by me.
- Sylvain
On 29/04/2021 22:16, Markus Koschany wrote:
Am Donnerstag, den 29.04.2021, 20:59 +0200 schrieb Salvatore Bonaccorso:
On Thu, Apr 29, 2021 at 06:29:33PM +0200, Sylvain Beucler wrote:
Hi,
I saw a batch of new CVEs were tracked for 'unbound', but not for the
stretch-sp
Hi,
I saw a batch of new CVEs were tracked for 'unbound', but not for the
stretch-specific 'unbound1.9' package[1].
I can go ahead and add '- unbound1.9' entries in data/CVE/list but I'm
not sure whether that's what we want. Should I?
[1]
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c8dde4a by Sylvain Beucler at 2021-04-27T19:07:42+02:00
CVE-2020-27223/jetty: reference patch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data
Hi,
On 16/04/2021 10:41, Sylvain Beucler wrote:
I dropped the version-based check and adapted the test suite:
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/9
pending review with secteam.
I think we are all OK with this particular change. Can you review the MR
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a7bdc86 by Sylvain Beucler at 2021-04-26T19:08:36+02:00
dla: claim jetty9
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2635-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
April 23, 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9268ea8f by Sylvain Beucler at 2021-04-23T20:10:48+02:00
Reserve DLA-2635-1 for libspring-java
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a60b526 by Sylvain Beucler at 2021-04-22T16:38:04+02:00
CVE-2018-1199,CVE-2018-1257,CVE-2018-1272,CVE-2020-5421/libspring-java: stretch
ignored
- - - - -
1 changed file:
- data/CVE/list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
From: Sylvain Beucler
To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2631-1] zabbix security update
- -
Debian LTS Advisory DLA-2631-1debian
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c5d2c12f by Sylvain Beucler at 2021-04-21T16:14:07+02:00
Reserve DLA-2631-1 for zabbix
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
098c199a by Sylvain Beucler at 2021-04-19T20:07:40+02:00
CVE-2021-27927/zabbix: stretch not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf14e408 by Sylvain Beucler at 2021-04-19T17:15:15+02:00
dla: add libspring-java and zabbix following factorable work with ELTS
- - - - -
1 changed file:
- data/dla-needed.txt
Changes
On Sat, 3 Apr 2021 21:55:20 + Holger Levsen
wrote:
I think this is a useful feature indeed and I'd be very happy about patches,
MRs or plain commits. debian-security-support is maintained in the Debian
group on Salsa, so any DD can commit, though I'll equally happily take
review requests
Hi,
On 17/04/2021 21:29, Holger Levsen wrote:
On Sat, Apr 17, 2021 at 05:42:11PM +0200, Sylvain Beucler wrote:
stretch however doesn't report the 3 packages I mentioned in my initial
mail. Should we fix it now?
because the packages are not listed in sec-support.ended9? if so, sure,
please
Hi,
On 17/04/2021 14:44, Holger Levsen wrote:
On Fri, Apr 16, 2021 at 03:47:49PM +0200, Moritz Mühlenhoff wrote:
These source package sets comes to mind:
- node-*
That would be super-noisy and will potentially clash with a lot of local
package state. I won't hurt to patch
Hi Anton,
On 17/04/2021 14:58, Anton Gladky wrote:
Dear LTS team,
I prepared and uploaded python2.7_2.7.13-2+deb9u5, fixing
two CVEs.
Unfortunately it fails on i386 due to timeout during the network
test. I believe that one more try should fix the problem, because
most of the other archs are
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3fc70c3f by Sylvain Beucler at 2021-04-16T17:32:15+02:00
CVE-2018-15756/libspring-java: reference tracker, commit and affected versions
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3553e162 by Sylvain Beucler at 2021-04-16T17:18:22+02:00
CVE-2018-11040/libspring-java: affected versions
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a8d57b0 by Sylvain Beucler at 2021-04-16T13:16:28+02:00
CVE-2018-11040/libspring-java: reference tracker and commit
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9db23ade by Sylvain Beucler at 2021-04-16T12:39:56+02:00
CVE-2018-11039/libspring-java: reference tracker and commits
- - - - -
1 changed file:
- data/CVE/list
Changes
Hi Security Team,
I'm proposing a couple changes in debian-security-support and I'd
welcome your review :)
1) Match ecosystems
https://bugs.debian.org/986333
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/10
Sometimes, entire ecosystems are affected by Debian
Hi Christoph,
Thanks a lot for your precisions,
On 13/04/2021 10:02, Christoph Biedl wrote:
Sylvain Beucler wrote...
We could not find a valid use case for this feature, while it is causing
some missing reports as with 'nodejs', as explained in the above BTS entry.
Did we miss something
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8de4f833 by Sylvain Beucler at 2021-04-14T18:52:04+02:00
CVE-2018-1271/libspring-java: fix reference
- - - - -
63d0c7e7 by Sylvain Beucler at 2021-04-14T18:57:16+02:00
CVE-2018-1257/libspring-java
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a470b1b by Sylvain Beucler at 2021-04-12T19:41:20+02:00
CVE-2016-5007/libspring-java: precision
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de721ac3 by Sylvain Beucler at 2021-04-09T19:08:22+02:00
dla: add note author
- - - - -
9564020e by Sylvain Beucler at 2021-04-09T19:10:46+02:00
CVE-2018-1199: further spring-security info
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2621-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
April 08, 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
812e955d by Sylvain Beucler at 2021-04-08T18:20:34+02:00
Reserve DLA-2621-1 for php-pear
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes
Hello Christoph,
I'm investigating an issue in 'debian-security-support' related to how
it includes/excludes packages by comparing the installed version and the
supported version, see:
https://bugs.debian.org/986581
At this point I'm inclined to drop all the version-based logic, because
Package: debian-security-support
Severity: normal
Hi,
In security-support-ended.debX, the 2nd field (version) is described as:
"last version with support".
If the currently installed version is higher, then it is not reported.
For instance, nodejs/4.8.2~dfsg-1 (stretch) is not reported
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4734874b by Sylvain Beucler at 2021-04-03T17:01:22+02:00
dla: claim php-pear
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65eb762a by Sylvain Beucler at 2021-04-03T16:20:37+02:00
dla: add ruby-nokogiri following conversation with initial triager
- - - - -
1 changed file:
- data/dla-needed.txt
Changes
Package: debian-security-support
Severity: normal
Hi,
Sometimes, entire ecosystems are affected by Debian support decisions.
These source package sets comes to mind:
- node-*
https://www.debian.org/releases/jessie/amd64/release-notes/ch-information.en.html#libv8
- golang-*
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b04df338 by Sylvain Beucler at 2021-04-02T18:32:03+02:00
CVE-2020-4051/dojo: reference patch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ef66630 by Sylvain Beucler at 2021-04-02T16:32:12+02:00
CVE-2020-13757/python-rsa: fix reason
There actually is a rdep (awscli)
- - - - -
47a206af by Sylvain Beucler at 2021-04-02T16:50:01+02:00
/debian-lts/2021/debian-lts.2021-03-25-14.58.html
--
Sylvain Beucler
Debian LTS Team
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2604-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
March 22, 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
faec5739 by Sylvain Beucler at 2021-03-22T19:09:57+01:00
Reserve DLA-2604-1 for dnsmasq
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a2f87caa by Sylvain Beucler at 2021-03-20T17:17:03+01:00
CVE-2020-25685,CVE-2020-25686/dnsmasq: stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8bf6e93a by Sylvain Beucler at 2021-03-20T12:22:07+01:00
dnsmasq: use https for patch links
- - - - -
6f231209 by Sylvain Beucler at 2021-03-20T13:04:07+01:00
CVE-2020-25686/dnsmasq: reference
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c0e1263c by Sylvain Beucler at 2021-03-19T17:12:10+01:00
dla: claim dnsmasq
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eaccec74 by Sylvain Beucler at 2021-03-19T16:02:54+01:00
glib2.0: stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97a0d902 by Sylvain Beucler at 2021-03-19T12:32:38+01:00
CVE-2021-25293/pillow: stretch not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d289b03d by Sylvain Beucler at 2021-03-18T22:42:14+01:00
CVE-2021-27921,CVE-2021-27922,CVE-2021-27923/pillow: stretch triage
- - - - -
aaa040ac by Sylvain Beucler at 2021-03-18T22:42:15+01:00
CVE
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
68aa9cef by Sylvain Beucler at 2021-03-17T18:49:16+01:00
CVE-2021-25292/pillow: stretch not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8988b98d by Sylvain Beucler at 2021-03-17T18:10:10+01:00
CVE-2021-25291/pillow: stretch not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2596-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
March 17, 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
208e4bad by Sylvain Beucler at 2021-03-17T13:42:41+01:00
Reserve DLA-2596-1 for shadow
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e838207a by Sylvain Beucler at 2021-03-16T14:27:21+01:00
dla: reference work on shadow
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ffdc5ede by Sylvain Beucler at 2021-03-15T13:33:09+01:00
CVE-2021-27921,CVE-2021-27922,CVE-2021-27923/pillow: reference patch
- - - - -
d923020f by Sylvain Beucler at 2021-03-15T14:09:10+01:00
CVE
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3cc5612c by Sylvain Beucler at 2021-03-13T20:11:00+01:00
dla: claim glib2.0
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2592-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
March 13, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2591-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
March 13, 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
537bcfc7 by Sylvain Beucler at 2021-03-13T19:10:17+01:00
Reserve DLA-2591-1 for golang-1.7
- - - - -
9dce6244 by Sylvain Beucler at 2021-03-13T19:12:24+01:00
Reserve DLA-2592-1 for golang-1.8
1101 - 1200 of 8895 matches
Mail list logo