Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7532679e by security tracker role at 2018-07-14T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -4469,6 +4469,7 @@ CVE-2017-18288 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exis CVE-2017-18287 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ...) NOT-FOR-US: PvPGN Stats (relates to pvpgn, but the PHP utilities allowing integration with a PvPGN game server) CVE-2018-12233 (In the ea_get function in fs/jfs/xattr.c in the Linux kernel through ...) + {DLA-1423-1 DLA-1422-1} - linux 4.17.3-1 NOTE: https://lkml.org/lkml/2018/6/2/2 CVE-2018-12232 (In net/socket.c in the Linux kernel through 4.17.1, there is a race ...) @@ -5400,6 +5401,7 @@ CVE-2018-1002200 [arbitrary file write vulnerability / arbitrary code execution NOTE: https://github.com/codehaus-plexus/plexus-archiver/pull/87 NOTE: https://github.com/codehaus-plexus/plexus-archiver/commit/58bc24e465c0842981692adbf6d75680298989de CVE-2018-1000204 (** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles ...) + {DLA-1423-1 DLA-1422-1} - linux 4.16.12-1 NOTE: Fixed by: https://git.kernel.org/linus/a45b599ad808c3c982fdcdc12b0b8611c2f92824 CVE-2018-1000203 (Soar Labs Soar Coin version up to and including git commit ...) @@ -6267,6 +6269,7 @@ CVE-2018-11507 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3 - flif <unfixed> (bug #902188) NOTE: https://github.com/FLIF-hub/FLIF/issues/509 CVE-2018-11506 (The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel ...) + {DLA-1423-1 DLA-1422-1} - linux 4.16.16-1 NOTE: Fixed by: https://git.kernel.org/linus/f7068114d45ec55996b9040e98111afa56e010fe CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows attackers to ...) @@ -7756,7 +7759,7 @@ CVE-2018-10942 (modules/attributewizardpro/file_upload.php in the Attribute Wiza CVE-2018-10941 RESERVED CVE-2018-10940 (The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the ...) - {DLA-1392-1} + {DLA-1423-1 DLA-1422-1 DLA-1392-1} - linux 4.16.12-1 NOTE: Fixed by: https://git.kernel.org/linus/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before ...) @@ -7894,38 +7897,45 @@ CVE-2018-10884 RESERVED CVE-2018-10883 RESERVED + {DLA-1423-1} - linux 4.17.3-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200071 CVE-2018-10882 RESERVED + {DLA-1423-1} - linux 4.17.3-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200069 CVE-2018-10881 RESERVED + {DLA-1423-1} - linux 4.17.3-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200015 CVE-2018-10880 RESERVED + {DLA-1423-1} - linux 4.17.3-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200005 CVE-2018-10879 RESERVED + {DLA-1423-1} - linux 4.17.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596806 CVE-2018-10878 RESERVED + {DLA-1423-1} - linux 4.17.3-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199865 CVE-2018-10877 RESERVED + {DLA-1423-1} - linux 4.17.3-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199417 CVE-2018-10876 RESERVED + {DLA-1423-1} - linux 4.17.3-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199403 -CVE-2018-10875 - RESERVED +CVE-2018-10875 (A flaw was found in ansible. ansible.cfg is read from the current ...) - ansible 2.6.1+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596533 NOTE: https://github.com/ansible/ansible/pull/42070 @@ -8002,6 +8012,7 @@ CVE-2018-10854 RESERVED CVE-2018-10853 [kvm: guest userspace to guest kernel write] RESERVED + {DLA-1423-1 DLA-1422-1} - linux 4.16.16-1 NOTE: Fixed by: https://git.kernel.org/linus/3c9fa24ca7c9c47605672916491f79e8ccacb9e6 CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the available ...) @@ -9979,12 +9990,14 @@ CVE-2018-10089 CVE-2018-10088 (Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and ...) NOT-FOR-US: XiongMai uc-httpd CVE-2018-10124 (The kill_something_info function in kernel/signal.c in the Linux kernel ...) + {DLA-1423-1} - linux 4.13.4-1 [stretch] - linux <ignored> (Minor issue) [jessie] - linux <ignored> (Minor issue) [wheezy] - linux <ignored> (Minor issue) NOTE: Fixed by: https://git.kernel.org/linus/4ea77014af0d6205b05503d1c7aac6eace11d473 (4.13-rc1) CVE-2018-10087 (The kernel_wait4 function in kernel/exit.c in the Linux kernel before ...) + {DLA-1423-1} - linux 4.13.4-1 [stretch] - linux <ignored> (Minor issue) [jessie] - linux <ignored> (Minor issue) @@ -10146,6 +10159,7 @@ CVE-2018-10023 (Catfish CMS V4.7.21 allows XSS via the pinglun parameter to ...) CVE-2018-10022 RESERVED CVE-2018-10021 (** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel ...) + {DLA-1423-1} - linux 4.15.17-1 [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/318aaf34f1179b39fa9c30fa0f3288b645beee39 (4.16-rc7) @@ -11466,6 +11480,7 @@ CVE-2018-9423 NOT-FOR-US: Android Media Framework CVE-2018-9422 RESERVED + {DLA-1422-1} - linux 4.6.1-1 NOTE: https://git.kernel.org/linus/65d8fc777f6dcfee12785c057a6b57f679641c90 CVE-2018-9421 @@ -12239,6 +12254,7 @@ CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot in CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers ...) NOT-FOR-US: Z-BlogPHP CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...) + {DLA-1423-1} - linux 4.11.6-1 (unimportant) NOTE: https://git.kernel.org/linus/1572e45a924f254d9570093abde46430c3172e3d CVE-2015-9259 (In Docker Notary before 0.1, the checkRoot function in ...) @@ -20089,6 +20105,7 @@ CVE-2018-6414 CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of ...) NOT-FOR-US: Hikvision Camera DS-2CD9111-S CVE-2018-6412 (In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c ...) + {DLA-1423-1} - linux 4.16.5-1 (unimportant) [wheezy] - linux 3.2.102-1 NOTE: https://marc.info/?l=linux-fbdev&m=151734425901499&w=2 @@ -22089,6 +22106,7 @@ CVE-2018-5816 CVE-2018-5815 RESERVED CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and ...) + {DLA-1423-1 DLA-1422-1} - linux 4.16.12-1 NOTE: https://git.kernel.org/linus/22076557b07c12086eeb16b8ce2b0b735f7a27e7 NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e @@ -27741,7 +27759,7 @@ CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 CVE-2018-3666 RESERVED CVE-2018-3665 (System software utilizing Lazy FP state restore technique on systems ...) - {DSA-4232-1} + {DSA-4232-1 DLA-1422-1} - linux 4.6.1-1 - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-267.html @@ -27802,7 +27820,7 @@ CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and NOTE: No software mitigations planned to be implemented in src:linux NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...) - {DSA-4210-1} + {DSA-4210-1 DLA-1423-1} - intel-microcode 3.20180703.1 - linux 4.16.12-1 [wheezy] - linux <ignored> (Too much work to backport) @@ -35109,7 +35127,7 @@ CVE-2018-1132 (A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attack CVE-2018-1131 (Infinispan permits improper deserialization of trusted data via XML ...) NOT-FOR-US: infinispan CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null pointer ...) - {DLA-1392-1} + {DLA-1423-1 DLA-1422-1 DLA-1392-1} - linux 4.15.17-1 NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2 CVE-2018-1129 (A flaw was found in the way signature calculation was handled by cephx ...) @@ -35163,6 +35181,7 @@ CVE-2018-1121 (procps-ng, procps is vulnerable to a process hiding through race NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1 NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt CVE-2018-1120 (A flaw was found affecting the Linux kernel before version 4.17. By ...) + {DLA-1423-1} - linux 4.16.12-1 NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1 NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt @@ -35170,6 +35189,7 @@ CVE-2018-1120 (A flaw was found affecting the Linux kernel before version 4.17. CVE-2018-1119 REJECTED CVE-2018-1118 (Linux kernel vhost since version 4.8 does not properly initialize ...) + {DLA-1423-1} - linux 4.17.3-1 [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) @@ -35283,7 +35303,7 @@ CVE-2018-1094 (The ext4_fill_super function in fs/ext4/super.c in the Linux kern [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199183 CVE-2018-1093 (The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux ...) - {DSA-4188-1 DLA-1392-1} + {DSA-4188-1 DLA-1422-1 DLA-1392-1} - linux 4.15.17-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199181 CVE-2018-1092 (The ext4_iget function in fs/ext4/inode.c in the Linux kernel through ...) @@ -35392,7 +35412,7 @@ CVE-2018-1067 (In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that NOTE: Issue is incomplete fix for CVE-2016-4993 NOTE: Fixed by https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b86 (1.4.25.Final) CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL pointer ...) - {DSA-4188-1 DSA-4187-1} + {DSA-4188-1 DSA-4187-1 DLA-1422-1} - linux 4.11.6-1 [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/cabfb3680f78981d26c078a26e5c748531257ebb @@ -50233,20 +50253,20 @@ CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c NOTE: Fixed in 1.59 beta 9 NOTE: https://robotattack.org/ -CVE-2017-13097 - RESERVED -CVE-2017-13096 - RESERVED -CVE-2017-13095 - RESERVED -CVE-2017-13094 - RESERVED -CVE-2017-13093 - RESERVED -CVE-2017-13092 - RESERVED -CVE-2017-13091 - RESERVED +CVE-2017-13097 (The P1735 IEEE standard describes flawed methods for encrypting ...) + TODO: check +CVE-2017-13096 (The P1735 IEEE standard describes flawed methods for encrypting ...) + TODO: check +CVE-2017-13095 (The P1735 IEEE standard describes flawed methods for encrypting ...) + TODO: check +CVE-2017-13094 (The P1735 IEEE standard describes flawed methods for encrypting ...) + TODO: check +CVE-2017-13093 (The P1735 IEEE standard describes flawed methods for encrypting ...) + TODO: check +CVE-2017-13092 (The P1735 IEEE standard describes flawed methods for encrypting ...) + TODO: check +CVE-2017-13091 (The P1735 IEEE standard describes flawed methods for encrypting ...) + TODO: check CVE-2017-13090 (The retr.c:fd_read_body() function is called when processing OK ...) {DSA-4008-1 DLA-1149-1} - wget 1.19.2-1 (bug #879957) @@ -73294,7 +73314,7 @@ CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and NOTE: https://01.org/security/advisories/intel-oss-10003 - linux-grsec <removed> CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and ...) - {DSA-4188-1 DSA-4187-1} + {DSA-4188-1 DSA-4187-1 DLA-1423-1 DLA-1422-1} - linux 4.15.11-1 - nvidia-graphics-drivers 384.111-1 (bug #886852) [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) @@ -73386,7 +73406,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi CVE-2017-5716 REJECTED CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and ...) - {DSA-4213-1 DSA-4188-1 DSA-4187-1 DLA-1369-1} + {DSA-4213-1 DSA-4188-1 DSA-4187-1 DLA-1422-1 DLA-1369-1} - linux 4.15.11-1 - intel-microcode 3.20180425.1 [jessie] - intel-microcode 3.20180425.1~deb8u1 @@ -88835,44 +88855,44 @@ CVE-2016-9502 REJECTED CVE-2016-9501 REJECTED -CVE-2016-9500 - RESERVED -CVE-2016-9499 - RESERVED -CVE-2016-9498 - RESERVED -CVE-2016-9497 - RESERVED -CVE-2016-9496 - RESERVED -CVE-2016-9495 - RESERVED -CVE-2016-9494 - RESERVED -CVE-2016-9493 - RESERVED -CVE-2016-9492 - RESERVED -CVE-2016-9491 - RESERVED +CVE-2016-9500 (Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft ...) + TODO: check +CVE-2016-9499 (Accellion FTP server prior to version FTA_9_12_220 only returns the ...) + TODO: check +CVE-2016-9498 (ManageEngine Applications Manager 12 and 13, allows unserialization of ...) + TODO: check +CVE-2016-9497 (Hughes high-performance broadband satellite modems, models HN7740S ...) + TODO: check +CVE-2016-9496 (Hughes high-performance broadband satellite modems, models HN7740S ...) + TODO: check +CVE-2016-9495 (Hughes high-performance broadband satellite modems, models HN7740S ...) + TODO: check +CVE-2016-9494 (Hughes high-performance broadband satellite modems, models HN7740S ...) + TODO: check +CVE-2016-9493 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...) + TODO: check +CVE-2016-9492 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...) + TODO: check +CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 allows an authenticated ...) + TODO: check CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 suffer from a ...) NOT-FOR-US: ManageEngine Applications Manager -CVE-2016-9489 - RESERVED +CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13, an authenticated user ...) + TODO: check CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 suffer from ...) NOT-FOR-US: ManageEngine Applications Manager -CVE-2016-9487 - RESERVED -CVE-2016-9486 - RESERVED -CVE-2016-9485 - RESERVED -CVE-2016-9484 - RESERVED -CVE-2016-9483 - RESERVED -CVE-2016-9482 - RESERVED +CVE-2016-9487 (EpubCheck 4.0.1 does not properly restrict resolving external entities ...) + TODO: check +CVE-2016-9486 (On Windows endpoints, the SecureConnector agent must run under the ...) + TODO: check +CVE-2016-9485 (On Windows endpoints, the SecureConnector agent must run under the ...) + TODO: check +CVE-2016-9484 (The generated PHP form code does not properly validate user input ...) + TODO: check +CVE-2016-9483 (The PHP form code generated by PHP FormMail Generator deserializes ...) + TODO: check +CVE-2016-9482 (Code generated by PHP FormMail Generator may allow a remote ...) + TODO: check CVE-2014-9912 (The get_icu_disp_value_src_php function in ...) - php5 5.6.0+dfsg-1 [wheezy] - php5 5.4.34-0+deb7u1 @@ -98655,8 +98675,8 @@ CVE-2016-6582 (The Doorkeeper gem before 4.2.0 for Ruby might allow remote attac NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/875 CVE-2016-6579 REJECTED -CVE-2016-6578 - RESERVED +CVE-2016-6578 (CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a ...) + TODO: check CVE-2016-6577 RESERVED CVE-2016-6576 @@ -98677,58 +98697,58 @@ CVE-2016-6569 RESERVED CVE-2016-6568 RESERVED -CVE-2016-6567 - RESERVED -CVE-2016-6566 - RESERVED -CVE-2016-6565 - RESERVED -CVE-2016-6564 - RESERVED -CVE-2016-6563 - RESERVED -CVE-2016-6562 - RESERVED +CVE-2016-6567 (SHDesigns' Resident Download Manager provides firmware update ...) + TODO: check +CVE-2016-6566 (The valueAsString parameter inside the JSON payload contained by the ...) + TODO: check +CVE-2016-6565 (The Imagely NextGen Gallery plugin for Wordpress prior to version ...) + TODO: check +CVE-2016-6564 (Android devices with code from Ragentek contain a privileged binary ...) + TODO: check +CVE-2016-6563 (Processing malformed SOAP messages when performing the HNAP Login ...) + TODO: check +CVE-2016-6562 (On iOS and Android devices, the ShoreTel Mobility Client app version ...) + TODO: check CVE-2016-6561 (illumos smbsrv NULL pointer dereference allows system crash. ...) NOT-FOR-US: illumos CVE-2016-6560 (illumos osnet-incorporation bcopy() and bzero() implementations make ...) NOT-FOR-US: illumos -CVE-2016-6559 - RESERVED -CVE-2016-6558 - RESERVED -CVE-2016-6557 - RESERVED +CVE-2016-6559 (Improper bounds checking of the obuf variable in the link_ntoa() ...) + TODO: check +CVE-2016-6558 (A command injection vulnerability exists in apply.cgi on the ASUS ...) + TODO: check +CVE-2016-6557 (In ASUS RP-AC52 access points with firmware version 1.0.1.1s and ...) + TODO: check CVE-2016-6556 RESERVED CVE-2016-6555 RESERVED -CVE-2016-6554 - RESERVED -CVE-2016-6553 - RESERVED -CVE-2016-6552 - RESERVED -CVE-2016-6551 - RESERVED +CVE-2016-6554 (Synology NAS servers DS107, firmware version 3.1-1639 and prior, and ...) + TODO: check +CVE-2016-6553 (Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses ...) + TODO: check +CVE-2016-6552 (Green Packet DX-350 uses non-random default credentials of: ...) + TODO: check +CVE-2016-6551 (Intellian Satellite TV antennas t-Series and v-Series, firmware ...) + TODO: check CVE-2016-6550 (The U by BB&T app 1.5.4 and earlier for iOS does not properly verify ...) NOT-FOR-US: BB&T -CVE-2016-6549 - RESERVED -CVE-2016-6548 - RESERVED -CVE-2016-6547 - RESERVED -CVE-2016-6546 - RESERVED -CVE-2016-6545 - RESERVED -CVE-2016-6544 - RESERVED -CVE-2016-6543 - RESERVED -CVE-2016-6542 - RESERVED +CVE-2016-6549 (The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, ...) + TODO: check +CVE-2016-6548 (The Zizai Tech Nut mobile app makes requests via HTTP instead of ...) + TODO: check +CVE-2016-6547 (The Zizai Tech Nut mobile app stores the account password used to ...) + TODO: check +CVE-2016-6546 (The iTrack Easy mobile application stores the account password used to ...) + TODO: check +CVE-2016-6545 (Session cookies are not used for maintaining valid sessions in iTrack ...) + TODO: check +CVE-2016-6544 (getgps data in iTrack Easy can be modified without authentication by ...) + TODO: check +CVE-2016-6543 (A captured MAC/device ID of an iTrack Easy can be registered under ...) + TODO: check +CVE-2016-6542 (The iTrack device tracking ID number, also called "LosserID" in the ...) + TODO: check CVE-2016-6541 (TrackR Bravo device allows unauthenticated pairing, which enables ...) NOT-FOR-US: TrackR CVE-2016-6540 (Unauthenticated access to the cloud-based service maintained by TrackR ...) @@ -189350,8 +189370,8 @@ CVE-2013-0572 (Cross-site scripting (XSS) vulnerability in IBM Document Connect NOT-FOR-US: IBM Document Connect for Application Support Facility CVE-2013-0571 (Cross-site scripting (XSS) vulnerability in IBM Document Connect for ...) NOT-FOR-US: IBM Document Connect for Application Support Facility -CVE-2013-0570 - RESERVED +CVE-2013-0570 (The Fibre Channel over Ethernet (FCoE) feature in IBM System ...) + TODO: check CVE-2013-0569 (Cross-site scripting (XSS) vulnerability in the Communities component ...) NOT-FOR-US: IBM Connections CVE-2013-0568 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7532679e2d45b88a428eac96f1b1a6b39eb0fa04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7532679e2d45b88a428eac96f1b1a6b39eb0fa04 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits