:
=
data/dla-needed.txt
=
@@ -61,7 +61,7 @@ exempi
NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further
analysis
NOTE: 20220517: is needed.
--
-filezilla
+filezilla (Andreas Rönnquist)
NOTE: 20220523: Harmonize with Debian 10.4 (1 CVE) (Beuc
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d81c0d46 by Anton Gladky at 2022-05-23T23:01:19+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky gl...@debian.org
- - - - -
1 changed file:
-
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c9d6b35 by Salvatore Bonaccorso at 2022-05-23T22:36:29+02:00
Add CVE-2021-4258{5,6}/libredwg
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0517d408 by Salvatore Bonaccorso at 2022-05-23T22:35:54+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1e1a7c1 by Salvatore Bonaccorso at 2022-05-23T22:26:43+02:00
Drop notes for CVE-2022-1588 (was incorrectly assigned)
- - - - -
1 changed file:
- data/CVE/list
Changes:
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
69cf35a1 by Salvatore Bonaccorso at 2022-05-23T22:24:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fdf487ff by Salvatore Bonaccorso at 2022-05-23T22:20:20+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18141a62 by Salvatore Bonaccorso at 2022-05-23T22:18:18+02:00
Add upstream commits for CVE-2022-3097{4,5}/mujs
- - - - -
1 changed file:
- data/CVE/list
Changes:
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
673fc2da by security tracker role at 2022-05-23T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -112,9 +112,13 @@ lemonldap-ng
NOTE: 20220523: Harmonize with Debian 10.4 (1 CVE) and 10.5 (regression fix)
(Beuc/front-desk)
--
libdbi-perl
- NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to
CVE-2014-10401 (Beuc/front-desk)
+ NOTE: 20220523: Harmonize
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ac6ae16 by Moritz Muehlenhoff at 2022-05-23T18:19:44+02:00
one ATS issue fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
=
@@ -88,6 +88,7 @@ haproxy
--
horizon
NOTE: 20220523: Harmonize with DSA-4820-1 (1 CVE) (Beuc/front-desk)
+ NOTE: 20220523: part of OpenStack (Beuc/front-desk)
--
icingaweb2 (Abhijith PA)
NOTE:
https://people.debian.org/~abhijith/upload/mruby
-needed.txt
=
@@ -110,6 +110,10 @@ kvmtool
lemonldap-ng
NOTE: 20220523: Harmonize with Debian 10.4 (1 CVE) and 10.5 (regression fix)
(Beuc/front-desk)
--
+libdbi-perl
+ NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to
CVE-2014-10401 (Beuc
-needed.txt
=
@@ -107,6 +107,9 @@ kvmtool
NOTE: 20220402: stretch-specific, orphaned package (Beuc/front-desk)
NOTE: 20220402: CVE-2021-45464 looks critical, check with upstream for
acknowledgments/fixes (Beuc/front-desk)
--
+lemonldap-ng
+ NOTE: 20220523
=
@@ -100,6 +100,9 @@ intel-microcode (Stefano Rivera)
irssi
NOTE: 20220523: Harmonize with Debian 10.11 (1 CVE) (Beuc/front-desk)
--
+isync
+ NOTE: 20220523: Harmonize with Debian 10.10 and possibly 11.2 (3 CVEs)
(Beuc/front-desk)
+--
kvmtool
NOTE
=
@@ -97,6 +97,9 @@ icingaweb2 (Abhijith PA)
intel-microcode (Stefano Rivera)
NOTE: 20220213: please recheck
--
+irssi
+ NOTE: 20220523: Harmonize with Debian 10.11 (1 CVE) (Beuc/front-desk)
+--
kvmtool
NOTE: 20220402: stretch-specific, orphaned package
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ff225a9 by Moritz Muehlenhoff at 2022-05-23T16:45:31+02:00
mariadb-10.6 fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
665760cf by Moritz Muehlenhoff at 2022-05-23T16:42:08+02:00
one grafana issue n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
+48,9 @@ cyrus-imapd
NOTE: 20220523: Harmonize with DSA-4590-1 and Debian 10.11 (2 CVEs)
(Beuc/front-desk)
--
debian-security-support (Utkarsh)
- NOTE: 20220402: need to update the list of unsupported packages (Beuc)
- NOTE: 20220402: check debian/README.source, sync with h01ger, and announce
=
@@ -82,6 +82,9 @@ glib2.0
golang-go.crypto
NOTE: 20220331: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 ->
DLA-2453-1/DLA-2454-1/DLA-2455-1; also check buster status (Beuc)
--
+haproxy
+ NOTE: 20220523: Harmonize with Debian 10.0 and 10.6 (3 C
yet. (Anton)
--
+glib2.0
+ NOTE: 20220523: Harmonize with Debian 10.10 (3 CVEs) (Beuc/front-desk)
+--
golang-go.crypto
NOTE: 20220331: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 ->
DLA-2453-1/DLA-2454-1/DLA-2455-1; also check buster status (Beuc)
--
View it on GitLab:
ht
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
90e8ed4c by Sylvain Beucler at 2022-05-23T15:21:48+02:00
CVE-2018-1000825/freecol: stretch end-of-life
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
=
@@ -60,6 +60,9 @@ exempi
NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further
analysis
NOTE: 20220517: is needed.
--
+filezilla
+ NOTE: 20220523: Harmonize with Debian 10.4 (1 CVE) (Beuc/front-desk)
+--
firefox-esr (Emilio)
NOTE
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
93fe2045 by Sylvain Beucler at 2022-05-23T15:09:05+02:00
CVE-2018-20196/faad2: drop postponed entry for stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e4353990 by Sylvain Beucler at 2022-05-23T15:05:21+02:00
CVE-2020-20902/ffmpeg: fixed through DLA-3010-1
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6abf09a9 by Sylvain Beucler at 2022-05-23T14:37:23+02:00
CVE-2018-20196/faad2: fixed through DSA-4522-1
- - - - -
1 changed file:
- data/DSA/list
Changes:
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d98e18b7 by Sylvain Beucler at 2022-05-23T14:18:48+02:00
CVE-2022-28181,CVE-2022-28185/nvidia-graphics-drivers-legacy-340xx: stretch
ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43f35b06 by Neil Williams at 2022-05-23T12:20:28+01:00
CVE-2022-29222/snowflake unfixed 1011458
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
/dla-needed.txt
=
@@ -28,7 +28,7 @@ atftp
avahi
NOTE: 20220523: Harmonize with Debian 10.9 (1 Debian-specific CVE)
(Beuc/front-desk)
--
-cgal (Andreas Rönnquist)
+cgal
NOTE: 20220421: many no-dsa issues, please check, whether it is possible to
fix them
Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8a6cd24 by Neil Williams at 2022-05-23T11:18:00+01:00
CVE-2022-29189-90/snowflake unfixed 1011457
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aeaf4251 by Neil Williams at 2022-05-23T11:02:36+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1cce431c by Neil Williams at 2022-05-23T10:29:10+01:00
CVE-2022-24434/node-superagent not-affected, vulnerable code in added test
support
- - - - -
1 changed file:
- data/CVE/list
Changes:
Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
533234ea by Neil Williams at 2022-05-23T10:10:40+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e3c133e by Sylvain Beucler at 2022-05-23T11:03:03+02:00
CVE-2018-1311/xerces-c: harmonize triaging with buster
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=
@@ -53,6 +53,9 @@ debian-security-support (Utkarsh)
NOTE: 20220502: backport prepped, will contact Holger for more details.
(utkarsh)
NOTE: 20220516: in review, will also co-help Holger to maintain this.
(utkarsh)
--
+dpdk
+ NOTE: 20220523: Harmonize
-needed.txt
=
@@ -43,6 +43,9 @@ clamav (Emilio)
curl (Emilio)
NOTE: 20220510: Programming language C.
--
+cyrus-imapd
+ NOTE: 20220523: Harmonize with DSA-4590-1 and Debian 10.11 (2 CVEs)
(Beuc/front-desk)
+--
debian-security-support (Utkarsh)
NOTE: 20220402
:
=
data/dla-needed.txt
=
@@ -22,6 +22,12 @@ amd64-microcode
asterisk (Abhijith PA)
NOTE: 20220424: programming language C
--
+atftp
+ NOTE: 20220523: Harmonize with Debian 10.12 (1 CVE) (Beuc/front-desk)
+--
+avahi
+ NOTE: 20220523: Harmonize with Debian 10.9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
475f3a04 by Salvatore Bonaccorso at 2022-05-23T10:10:55+02:00
Remove postponed entry for CVE-2021-33515/dovecot in bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f6fa7cda by security tracker role at 2022-05-23T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f590002 by Emilio Pozuelo Monfort at 2022-05-23T09:50:27+02:00
lts: take firefox-esr
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d049c4ca by Emilio Pozuelo Monfort at 2022-05-23T09:44:36+02:00
Reserve DLA-3020-1 for thunderbird
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
209bdb15 by Moritz Muehlenhoff at 2022-05-23T09:39:23+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
(Christoph Berg)
NOTE: 20220523: cf. DSA-5135-1/DSA-5136-1 (Beuc/front-desk)
--
puma (Markus Koschany)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87be61558c056a5ce89b5d85ea941f83da171c44
--
View it on GitLab:
https://salsa.debian.org
-needed.txt
=
@@ -124,6 +124,9 @@ pdns
NOTE: 20220506: package builds but does not run a test suite, and I lack the
NOTE: 20220506: know-how for testing manually (enrico)
--
+postgresql-9.6
+ NOTE: 20220523: cf. DSA-5135-1/DSA-5136-1 (Beuc/front-desk)
+--
puma
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f83f29fa by Salvatore Bonaccorso at 2022-05-23T08:07:40+02:00
Adjust source package name in CVE-2022-23639
- - - - -
1 changed file:
- data/CVE/list
Changes:
45 matches
Mail list logo