Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a59b672c by security tracker role at 2021-04-13T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,25 @@ +CVE-2021-3496 + RESERVED +CVE-2021-30641 + RESERVED +CVE-2021-30640 + RESERVED +CVE-2021-30639 + RESERVED +CVE-2020-36321 + RESERVED +CVE-2020-36320 + RESERVED +CVE-2020-36319 + RESERVED +CVE-2019-25028 + RESERVED +CVE-2019-25027 + RESERVED +CVE-2018-25007 + RESERVED +CVE-2017-20003 + RESERVED CVE-2021-30638 RESERVED CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...) @@ -1008,10 +1030,10 @@ CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. syn NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918 CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...) NOT-FOR-US: PHP-Nuke -CVE-2021-30176 - RESERVED -CVE-2021-30175 - RESERVED +CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows SQL Inj ...) + TODO: check +CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...) + TODO: check CVE-2021-30174 RESERVED CVE-2021-30173 @@ -1441,12 +1463,12 @@ CVE-2021-30001 RESERVED CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...) NOT-FOR-US: LATRIX -CVE-2021-29999 - RESERVED -CVE-2021-29998 - RESERVED -CVE-2021-29997 - RESERVED +CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There is a ...) + TODO: check +CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...) + TODO: check +CVE-2021-29997 (XML External Entity Resolution (XXE) in Helix ALM. The XML Import func ...) + TODO: check CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...) NOT-FOR-US: marktext CVE-2021-29995 @@ -2664,14 +2686,14 @@ CVE-2021-29440 RESERVED CVE-2021-29439 RESERVED -CVE-2021-29438 - RESERVED -CVE-2021-29437 - RESERVED -CVE-2021-29436 - RESERVED -CVE-2021-29435 - RESERVED +CVE-2021-29438 (The Nextcloud dialogs library (npm package @nextcloud/dialogs) before ...) + TODO: check +CVE-2021-29437 (ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth ...) + TODO: check +CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + TODO: check +CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin framewo ...) + TODO: check CVE-2021-29434 RESERVED CVE-2021-29433 @@ -2684,10 +2706,10 @@ CVE-2021-29430 RESERVED CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...) TODO: check -CVE-2021-29428 - RESERVED -CVE-2021-29427 - RESERVED +CVE-2021-29428 (In Gradle before version 7.0, on Unix-like systems, the system tempora ...) + TODO: check +CVE-2021-29427 (In Gradle from version 5.1 and before version 7.0 there is a vulnerabi ...) + TODO: check CVE-2021-29426 RESERVED CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...) @@ -3717,8 +3739,8 @@ CVE-2021-28975 RESERVED CVE-2021-28974 RESERVED -CVE-2021-28973 - RESERVED +CVE-2021-28973 (The XML Import functionality of the Administration console in Perforce ...) + TODO: check CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices ...) NOT-FOR-US: Central Management of FireEye EX 3500 devices CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticat ...) @@ -4480,12 +4502,12 @@ CVE-2021-28649 RESERVED CVE-2021-28648 RESERVED -CVE-2021-28647 - RESERVED -CVE-2021-28646 - RESERVED -CVE-2021-28645 - RESERVED +CVE-2021-28647 (Trend Micro Password Manager version 5 (Consumer) is vulnerable to a D ...) + TODO: check +CVE-2021-28646 (An insecure file permissions vulnerability in Trend Micro Apex One, Ap ...) + TODO: check +CVE-2021-28645 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) + TODO: check CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists ...) {DLA-2596-1} - shadow 1:4.5-1 (bug #914957) @@ -4955,8 +4977,8 @@ CVE-2021-28423 RESERVED CVE-2021-28422 RESERVED -CVE-2021-28421 - RESERVED +CVE-2021-28421 (FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/f ...) + TODO: check CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...) NOT-FOR-US: Seo Panel CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnera ...) @@ -6892,30 +6914,30 @@ CVE-2021-27611 RESERVED CVE-2021-27610 RESERVED -CVE-2021-27609 - RESERVED +CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...) + TODO: check CVE-2021-27608 RESERVED CVE-2021-27607 RESERVED CVE-2021-27606 RESERVED -CVE-2021-27605 - RESERVED +CVE-2021-27605 (SAP's HCM Travel Management Fiori Apps V2, version - 608, does not per ...) + TODO: check CVE-2021-27604 RESERVED -CVE-2021-27603 - RESERVED -CVE-2021-27602 - RESERVED -CVE-2021-27601 - RESERVED -CVE-2021-27600 - RESERVED +CVE-2021-27603 (An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABA ...) + TODO: check +CVE-2021-27602 (SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice appl ...) + TODO: check +CVE-2021-27601 (SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a ...) + TODO: check +CVE-2021-27600 (SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15. ...) + TODO: check CVE-2021-27599 RESERVED -CVE-2021-27598 - RESERVED +CVE-2021-27598 (SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions ...) + TODO: check CVE-2021-27597 RESERVED CVE-2021-27596 (When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) fil ...) @@ -12686,14 +12708,14 @@ CVE-2021-25255 RESERVED CVE-2021-25254 RESERVED -CVE-2021-25253 - RESERVED +CVE-2021-25253 (An improper access control vulnerability in Trend Micro Apex One, Tren ...) + TODO: check CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...) NOT-FOR-US: Trend Micro CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...) NOT-FOR-US: Trend Micro -CVE-2021-25250 - RESERVED +CVE-2021-25250 (An improper access control vulnerability in Trend Micro Apex One, Tren ...) + TODO: check CVE-2021-25249 (An out-of-bounds write information disclosure vulnerability in Trend M ...) NOT-FOR-US: Trend Micro CVE-2021-25248 (An out-of-bounds read information disclosure vulnerability in Trend Mi ...) @@ -16736,8 +16758,8 @@ CVE-2021-23374 RESERVED CVE-2021-23373 RESERVED -CVE-2021-23372 - RESERVED +CVE-2021-23372 (All versions of package mongo-express are vulnerable to Denial of Serv ...) + TODO: check CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on a date- ...) NOT-FOR-US: Node chrono-node CVE-2021-23370 (This affects the package swiper before 6.5.1. ...) @@ -16959,18 +16981,18 @@ CVE-2021-23283 RESERVED CVE-2021-23282 RESERVED -CVE-2021-23281 - RESERVED -CVE-2021-23280 - RESERVED -CVE-2021-23279 - RESERVED -CVE-2021-23278 - RESERVED -CVE-2021-23277 - RESERVED -CVE-2021-23276 - RESERVED +CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...) + TODO: check +CVE-2021-23280 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...) + TODO: check +CVE-2021-23279 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...) + TODO: check +CVE-2021-23278 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...) + TODO: check +CVE-2021-23277 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...) + TODO: check +CVE-2021-23276 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...) + TODO: check CVE-2021-23275 RESERVED CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...) @@ -18080,16 +18102,16 @@ CVE-2021-22722 RESERVED CVE-2021-22721 RESERVED -CVE-2021-22720 - RESERVED -CVE-2021-22719 - RESERVED -CVE-2021-22718 - RESERVED -CVE-2021-22717 - RESERVED -CVE-2021-22716 - RESERVED +CVE-2021-22720 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + TODO: check +CVE-2021-22719 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + TODO: check +CVE-2021-22718 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + TODO: check +CVE-2021-22717 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + TODO: check +CVE-2021-22716 (A CWE-269: Improper Privilege Management vulnerability exists in C-Bus ...) + TODO: check CVE-2021-22715 RESERVED CVE-2021-22714 (A CWE-119:Improper restriction of operations within the bounds of a me ...) @@ -18664,8 +18686,8 @@ CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Br NOT-FOR-US: Micro Focus CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...) NOT-FOR-US: Micro Focus -CVE-2021-22505 - RESERVED +CVE-2021-22505 (Escalation of privileges vulnerability in Micro Focus Operations Agent ...) + TODO: check CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...) NOT-FOR-US: Micro Focus CVE-2021-22503 @@ -20163,8 +20185,8 @@ CVE-2021-21786 RESERVED CVE-2021-21785 RESERVED -CVE-2021-21784 - RESERVED +CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...) + TODO: check CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...) - gsoap <unfixed> NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245 @@ -20272,12 +20294,12 @@ CVE-2021-21733 RESERVED CVE-2021-21732 RESERVED -CVE-2021-21731 - RESERVED -CVE-2021-21730 - RESERVED -CVE-2021-21729 - RESERVED +CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE product.Th ...) + TODO: check +CVE-2021-21730 (A ZTE product is impacted by improper access control vulnerability. Th ...) + TODO: check +CVE-2021-21729 (Some ZTE products have CSRF vulnerability. Because some pages lack CSR ...) + TODO: check CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because a certa ...) NOT-FOR-US: ZTE CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...) @@ -21470,8 +21492,8 @@ CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before 2.5 NOT-FOR-US: libpulse-binding rust crate CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format (.GIF) forma ...) NOT-FOR-US: SAP -CVE-2021-21492 - RESERVED +CVE-2021-21492 (SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, ...) + TODO: check CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on WebDynpro ...) NOT-FOR-US: SAP CVE-2021-21490 @@ -21484,14 +21506,14 @@ CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary autho NOT-FOR-US: SAP CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 6 ...) NOT-FOR-US: SAP -CVE-2021-21485 - RESERVED +CVE-2021-21485 (An unauthorized attacker may be able to entice an administrator to inv ...) + TODO: check CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be bypassed i ...) NOT-FOR-US: SAP -CVE-2021-21483 - RESERVED -CVE-2021-21482 - RESERVED +CVE-2021-21483 (Under certain conditions SAP Solution Manager, version - 720, allows a ...) + TODO: check +CVE-2021-21482 (SAP NetWeaver Master Data Management, versions - 710, 710.750, allows ...) + TODO: check CVE-2021-21481 (The MigrationService, which is part of SAP NetWeaver versions 7.10, 7. ...) NOT-FOR-US: SAP CVE-2021-21480 (SAP MII allows users to create dashboards and save them as JSP through ...) @@ -22215,8 +22237,8 @@ CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in a NOTE: https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261 CVE-2021-21400 (wire-webapp is an open-source front end for Wire, a secure collaborati ...) NOT-FOR-US: wire-webapp -CVE-2021-21399 - RESERVED +CVE-2021-21399 (Ampache is a web based audio/video streaming application and file mana ...) + TODO: check CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) NOT-FOR-US: PrestaShop CVE-2021-21397 @@ -31606,11 +31628,11 @@ CVE-2021-1407 (Multiple vulnerabilities in the web-based management interface of NOT-FOR-US: Cisco CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...) NOT-FOR-US: Cisco -CVE-2021-1405 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...) +CVE-2021-1405 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...) - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790) [buster] - clamav <no-dsa> (clamav is updated via -updates) NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html -CVE-2021-1404 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...) +CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...) - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790) [buster] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1) [stretch] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1) @@ -32289,8 +32311,8 @@ CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFPa NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1215 NOTE: https://github.com/slic3r/Slic3r/issues/5061 NOTE: https://github.com/slic3r/Slic3r/pull/5063 -CVE-2020-28590 - RESERVED +CVE-2020-28590 (An out-of-bounds read vulnerability exists in the Obj File TriangleMes ...) + TODO: check CVE-2020-28589 RESERVED CVE-2020-28588 [lib/syscall: fix syscall registers retrieval on 32-bit platforms] @@ -34218,14 +34240,14 @@ CVE-2021-0473 RESERVED CVE-2021-0472 RESERVED -CVE-2021-0471 - RESERVED +CVE-2021-0471 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) + TODO: check CVE-2021-0470 RESERVED CVE-2021-0469 RESERVED -CVE-2021-0468 - RESERVED +CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an insecure ...) + TODO: check CVE-2021-0467 RESERVED CVE-2021-0466 @@ -34270,48 +34292,48 @@ CVE-2021-0447 RESERVED - linux 4.15.4-1 [stretch] - linux 4.9.228-1 -CVE-2021-0446 - RESERVED -CVE-2021-0445 - RESERVED -CVE-2021-0444 - RESERVED -CVE-2021-0443 - RESERVED -CVE-2021-0442 - RESERVED +CVE-2021-0446 (In ImportVCardActivity, there is a possible way to bypass user consent ...) + TODO: check +CVE-2021-0445 (In start of WelcomeActivity.java, there is a possible residual profile ...) + TODO: check +CVE-2021-0444 (In onActivityResult of QuickContactActivity.java, there is an unnecess ...) + TODO: check +CVE-2021-0443 (In several functions of ScreenshotHelper.java and related files, there ...) + TODO: check +CVE-2021-0442 (In updateInfo of android_hardware_input_InputApplicationHandle.cpp, th ...) + TODO: check CVE-2021-0441 RESERVED CVE-2021-0440 RESERVED -CVE-2021-0439 - RESERVED -CVE-2021-0438 - RESERVED -CVE-2021-0437 - RESERVED -CVE-2021-0436 - RESERVED -CVE-2021-0435 - RESERVED +CVE-2021-0439 (In setPowerModeWithHandle of com_android_server_power_PowerManagerServ ...) + TODO: check +CVE-2021-0438 (In several functions of InputDispatcher.cpp, WindowManagerService.java ...) + TODO: check +CVE-2021-0437 (In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. Th ...) + TODO: check +CVE-2021-0436 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) + TODO: check +CVE-2021-0435 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak o ...) + TODO: check CVE-2021-0434 RESERVED -CVE-2021-0433 - RESERVED -CVE-2021-0432 - RESERVED -CVE-2021-0431 - RESERVED -CVE-2021-0430 - RESERVED -CVE-2021-0429 - RESERVED -CVE-2021-0428 - RESERVED -CVE-2021-0427 - RESERVED -CVE-2021-0426 - RESERVED +CVE-2021-0433 (In onCreate of DeviceChooserActivity.java, there is a possible way to ...) + TODO: check +CVE-2021-0432 (In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPulle ...) + TODO: check +CVE-2021-0431 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds re ...) + TODO: check +CVE-2021-0430 (In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of boun ...) + TODO: check +CVE-2021-0429 (In pollOnce of ALooper.cpp, there is possible memory corruption due to ...) + TODO: check +CVE-2021-0428 (In getSimSerialNumber of TelephonyManager.java, there is a possible wa ...) + TODO: check +CVE-2021-0427 (In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible ...) + TODO: check +CVE-2021-0426 (In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a pos ...) + TODO: check CVE-2021-0425 RESERVED CVE-2021-0424 @@ -34362,8 +34384,8 @@ CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to improper NOT-FOR-US: MediaTek CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condition. ...) NOT-FOR-US: MediaTek -CVE-2021-0400 - RESERVED +CVE-2021-0400 (In injectBestLocation and handleUpdateLocation of GnssLocationProvider ...) + TODO: check CVE-2021-0399 (In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruptio ...) - linux <not-affected> (Android-specific xt_qtaguid code) NOTE: https://source.android.com/security/bulletin/2021-03-01 @@ -37840,14 +37862,14 @@ CVE-2020-27238 RESERVED CVE-2020-27237 RESERVED -CVE-2020-27236 - RESERVED -CVE-2020-27235 - RESERVED -CVE-2020-27234 - RESERVED -CVE-2020-27233 - RESERVED +CVE-2020-27236 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) + TODO: check +CVE-2020-27235 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) + TODO: check +CVE-2020-27234 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) + TODO: check +CVE-2020-27233 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) + TODO: check CVE-2020-27232 RESERVED CVE-2020-27231 @@ -37856,10 +37878,10 @@ CVE-2020-27230 RESERVED CVE-2020-27229 RESERVED -CVE-2020-27228 - RESERVED -CVE-2020-27227 - RESERVED +CVE-2020-27228 (An incorrect default permissions vulnerability exists in the installat ...) + TODO: check +CVE-2020-27227 (An exploitable unatuhenticated command injection exists in the OpenCli ...) + TODO: check CVE-2020-27226 RESERVED CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help Subsyst ...) @@ -68737,12 +68759,12 @@ CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine o NOT-FOR-US: Foxit CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL function ...) NOT-FOR-US: OpenEMR -CVE-2020-13568 - RESERVED +CVE-2020-13568 (SQL injection vulnerability exists in phpGACL 3.3.7. A specially craft ...) + TODO: check CVE-2020-13567 RESERVED -CVE-2020-13566 - RESERVED +CVE-2020-13566 (SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially craf ...) + TODO: check CVE-2020-13565 (An open redirect vulnerability exists in the return_page redirection f ...) NOT-FOR-US: OpenEMR CVE-2020-13564 (A cross-site scripting vulnerability exists in the template functional ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59b672c7c5e5da1c8f5a310ff4795c556a58eb5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59b672c7c5e5da1c8f5a310ff4795c556a58eb5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits