date:20191211

[Git][security-tracker-team/security-tracker][master] Several chroimium issues fixed in unstable

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
174d0af1 by Salvatore Bonaccorso at 2019-12-12T07:01:21Z
Several chroimium issues fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -22720,85 +22720,85 @@ CVE-2019-13766
 CVE-2019-13765
RESERVED
 CVE-2019-13764 (Type confusion in JavaScript in Google Chrome prior to 
79.0.3945.79 al ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13763 (Insufficient policy enforcement in payments in Google Chrome 
prior to  ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13762 (Insufficient policy enforcement in downloads in Google Chrome 
on Windo ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13761 (Incorrect security UI in Omnibox in Google Chrome prior to 
79.0.3945.7 ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13760
RESERVED
 CVE-2019-13759 (Incorrect security UI in interstitials in Google Chrome prior 
to 79.0. ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13758 (Insufficient policy enforcement in navigation in Google Chrome 
on Andr ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13757 (Incorrect security UI in Omnibox in Google Chrome prior to 
79.0.3945.7 ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13756 (Incorrect security UI in printing in Google Chrome prior to 
79.0.3945. ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13755 (Insufficient policy enforcement in extensions in Google Chrome 
prior t ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13754 (Insufficient policy enforcement in extensions in Google Chrome 
prior t ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13753 (Out of bounds read in SQLite in Google Chrome prior to 
79.0.3945.79 al ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13752 (Out of bounds read in SQLite in Google Chrome prior to 
79.0.3945.79 al ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13751 (Uninitialized data in SQLite in Google Chrome prior to 
79.0.3945.79 al ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13750 (Insufficient data validation in SQLite in Google Chrome prior 
to 79.0. ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13749 (Incorrect security UI in Omnibox in Google Chrome on iOS prior 
to 79.0 ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13748 (Insufficient policy enforcement in developer tools in Google 
Chrome pr ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13747 (Uninitialized data in rendering in Google Chrome on Android 
prior to 7 ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13746 (Insufficient policy enforcement in Omnibox in Google Chrome 
prior to 7 ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13745 (Insufficient policy enforcement in audio in Google Chrome 
prior to 79. ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13744 (Insufficient policy enforcement in cookies in Google Chrome 
prior to 7 ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13743 (Incorrect security UI in external protocol handling in Google 
Chrome p ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13742 (Incorrect security UI in Omnibox in Google Chrome on iOS prior 
to 79.0 ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13741 (Insufficient validation of untrusted input in Blink in Google 
Chrome p ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13740 (Incorrect security UI in sharing in Google Chrome prior to 
79.0.3945.7 ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13739 (Insufficient policy enforcement in Omnibox in Google Chrome 
prior to 7 ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13738 (Insufficient policy enforcement in navigation in Google Chrome 
prior t ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13737 (Insufficient policy enforcement in autocomplete in Google 
Chrome prior ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13736 (Integer overflow in PDFium in Google Chrome prior to 
79.0.3945.79 allo ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13735 (Out of bounds write in JavaScript in Google Chrome prior to 
79.0.3945. ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13734 (Out of bounds write in SQLite in Google Chrome prior to 
79.0.3945.79 a ...)
-   - chromium 
+   - chromium 79.0.3945.79-1
 CVE-2019-13733
RESERVED
 CVE-2019-13732 (Use-after-free in WebAudio in Google Chrome prior

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19339 as NFU

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2063a1b1 by Salvatore Bonaccorso at 2019-12-12T06:28:11Z
Add CVE-2019-19339 as NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3762,6 +3762,7 @@ CVE-2019-19340
RESERVED
 CVE-2019-19339
RESERVED
+   NOT-FOR-US: Red Hat specific kpatch update which was incomplete to 
address CVE-2018-12207
 CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest -  incomplete fix for 
TAA (CVE-2019-11135)]
RESERVED
- linux  (Only affects specific distro kernels which do 
not include commit e1d38b63acd8)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2063a1b19873e23b7f744c8ecb4e2f1f443dd6eb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2063a1b19873e23b7f744c8ecb4e2f1f443dd6eb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-19687/keystone

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4cc58e66 by Salvatore Bonaccorso at 2019-12-11T22:15:34Z
Add Debian bug reference for CVE-2019-19687/keystone

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1324,7 +1324,7 @@ CVE-2019-19689
 CVE-2019-19688
RESERVED
 CVE-2019-19687 (OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data 
Leakage in th ...)
-   - keystone 
+   - keystone  (bug #946614)
[buster] - keystone  (Vulnerable code introduced later)
[stretch] - keystone  (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/8



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cc58e6654eaaeecc6e75a8642925e54928fd321

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cc58e6654eaaeecc6e75a8642925e54928fd321
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2019-14870 as no-dsa for jessie

2019-12-11 Thread Thorsten Alteholz



Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
53275b5d by Thorsten Alteholz at 2019-12-11T21:43:42Z
mark CVE-2019-14870 as no-dsa for jessie

- - - - -
709ed0da by Thorsten Alteholz at 2019-12-11T21:44:13Z
mark CVE-2019-14861 as no-dsa for jessie

- - - - -
3a04f424 by Thorsten Alteholz at 2019-12-11T21:47:40Z
mark CVEs for libsixel as no-dsa in jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1433,21 +1433,25 @@ CVE-2019-19638 (An issue was discovered in libsixel 
1.8.2. There is a heap-based
- libsixel 
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/102
 CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer 
overflo ...)
- libsixel 
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/105
 CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer 
overflo ...)
- libsixel 
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/104
 CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a 
heap-based buffe ...)
- libsixel 
[buster] - libsixel  (Minor issue)
[stretch] - libsixel  (Minor issue)
+   [jessie] - libsixel  (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/103
 CVE-2019-19634
RESERVED
@@ -19141,9 +19145,11 @@ CVE-2019-14870 (All Samba versions 4.x.x before 
4.9.17, 4.10.x before 4.10.11 an
- samba 
[buster] - samba  (Minor issue)
[stretch] - samba  (Minor issue)
+   [jessie] - samba  (Minor issue)
- heimdal 
[buster] - heimdal  (Minor issue)
[stretch] - heimdal  (Minor issue)
+   [jessie] - heimdal  (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14870.html
NOTE: https://github.com/heimdal/heimdal/pull/663
NOTE: https://github.com/heimdal/heimdal/pull/664 (port to 7.1 branch)
@@ -19199,6 +19205,7 @@ CVE-2019-14861 (All Samba versions 4.x.x before 4.9.17, 
4.10.x before 4.10.11 an
- samba 
[buster] - samba  (Minor issue)
[stretch] - samba  (Minor issue)
+   [jessie] - samba  (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14861.html
 CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin 
Resource ...)
NOT-FOR-US: Syndesis



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8822ae813b90c9ce772ee7fb27a188ca5504c8e...3a04f424ce81b6073cc344051b040b4c90491e0b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8822ae813b90c9ce772ee7fb27a188ca5504c8e...3a04f424ce81b6073cc344051b040b4c90491e0b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19687/keystone

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e8822ae8 by Salvatore Bonaccorso at 2019-12-11T21:37:51Z
Add CVE-2019-19687/keystone

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1324,7 +1324,11 @@ CVE-2019-19689
 CVE-2019-19688
RESERVED
 CVE-2019-19687 (OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data 
Leakage in th ...)
-   TODO: check
+   - keystone 
+   [buster] - keystone  (Vulnerable code introduced later)
+   [stretch] - keystone  (Vulnerable code introduced later)
+   NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/8
+   NOTE: https://bugs.launchpad.net/keystone/+bug/1855080
 CVE-2019-19686
RESERVED
 CVE-2019-19685 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable 
to CSRF ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8822ae813b90c9ce772ee7fb27a188ca5504c8e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8822ae813b90c9ce772ee7fb27a188ca5504c8e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-19645/sqlite3

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e17bd477 by Salvatore Bonaccorso at 2019-12-11T21:29:20Z
Add Debian bug reference for CVE-2019-19645/sqlite3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1411,7 +1411,7 @@ CVE-2019-19646 (pragma.c in SQLite through 3.30.1 
mishandles NOT NULL in an inte
NOTE: 
https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
NOTE: 
https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
 CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger 
infinite  ...)
-   - sqlite3 
+   - sqlite3  (bug #946612)
NOTE: 
https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
 CVE-2019-19644
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e17bd477b691bdf588ae78e66690a8ce3f9d307c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e17bd477b691bdf588ae78e66690a8ce3f9d307c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1da36d89 by Salvatore Bonaccorso at 2019-12-11T20:55:48Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1398,9 +1398,9 @@ CVE-2019-19652
 CVE-2019-19651
RESERVED
 CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a 
remote au ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a 
remote un ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 
3.11.0, ...)
- yara 
NOTE: https://github.com/VirusTotal/yara/issues/1178
@@ -3535,7 +3535,7 @@ CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a 
configuration where SSL
 CVE-2019-19374
RESERVED
 CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 
5.5.0.3, 5. ...)
-   TODO: check
+   NOT-FOR-US: Squiz Matrix CMS
 CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal 
vulnera ...)
NOT-FOR-US: rConfig
 CVE-2019-19371
@@ -4780,7 +4780,7 @@ CVE-2019-18962
 CVE-2019-18961
RESERVED
 CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...)
-   TODO: check
+   NOT-FOR-US: AWS Firecracker
 CVE-2019-18959
RESERVED
 CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the 
directory where  ...)
@@ -4830,7 +4830,7 @@ CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 
3.47.18 with the Script Par
 CVE-2019-18936
RESERVED
 CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 
contains a .N ...)
-   TODO: check
+   NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
 CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the 
ipsec modul ...)
- unbound  (unimportant)
[stretch] - unbound  (ipsecmod module introduced later)
@@ -8539,11 +8539,11 @@ CVE-2019-18381 (Norton Password Manager, prior to 
6.6.2.5, may be susceptible to
 CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions 
6.x.x,  ...)
NOT-FOR-US: Symantec
 CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be 
susceptible to a s ...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be 
susceptible to a c ...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be 
susceptible to a p ...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2019-18376
RESERVED
 CVE-2019-18375
@@ -12185,7 +12185,7 @@ CVE-2019-17272 (All versions of ONTAP Select Deploy 
administration utility are s
 CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the 
ajax/api/hook/getHookList ...)
NOT-FOR-US: vBulletin
 CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform 
direct Opera ...)
-   TODO: check
+   NOT-FOR-US: Yachtcontrol
 CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to 
execute arbitr ...)
NOT-FOR-US: Intellian Remote Access
 CVE-2019-17268
@@ -18682,11 +18682,11 @@ CVE-2019-15011
 CVE-2019-15010
RESERVED
 CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian 
Fisheye and  ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian 
Fisheye and Cr ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2019-15007 (The review resource in Atlassian Fisheye and Crucible before 
version 4 ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2019-15006
RESERVED
 CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior 
to versio ...)
@@ -21624,7 +21624,7 @@ CVE-2019-14253 (An issue was discovered in 
servletcontroller in the secure porta
 CVE-2019-14252 (An issue was discovered in the secure portal in Publisure 
2.1.2. Once  ...)
NOT-FOR-US: Publisure
 CVE-2019-14251 (An issue was discovered in T24 in TEMENOS Channels R15.01. The 
login p ...)
-   TODO: check
+   NOT-FOR-US: T24 in TEMENOS Channels R15.01
 CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in 
GNU Binuti ...)
- binutils 2.33-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924
@@ -59291,71 +59291,71 @@ CVE-2019-1492
 CVE-2019-1491
RESERVED
 CVE-2019-1490 (A spoofing vulnerability exists when a Skype for Business 
Server does  ...)
-   TODO: check
+   NOT-FOR-US: Skype
 CVE-2019-1489 (An information disclosure vulnerability exists when the Windows 
Remote ...)
-

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19725/sysstat

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d042c0f6 by Salvatore Bonaccorso at 2019-12-11T20:29:42Z
Add CVE-2019-19725/sysstat

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,9 @@
 CVE-2019-19726
RESERVED
 CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst 
in sa_co ...)
-   TODO: check
+   - sysstat 
+   NOTE: https://github.com/sysstat/sysstat/issues/242
+   NOTE: 
https://github.com/sysstat/sysstat/commit/a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed
 CVE-2019-19724
RESERVED
 CVE-2019-19723



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d042c0f687256328654c346a12f7cfe42d2210f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d042c0f687256328654c346a12f7cfe42d2210f9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fc3bcb8f by Salvatore Bonaccorso at 2019-12-11T20:25:44Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -48847,7 +48847,7 @@ CVE-2019-4717
 CVE-2019-4716
RESERVED
 CVE-2019-4715 (IBM Spectrum Scale 4.2 and 5.0 could allow a remote 
authenticated atta ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2019-4714
RESERVED
 CVE-2019-4713
@@ -48947,7 +48947,7 @@ CVE-2019-4667
 CVE-2019-4666
RESERVED
 CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site 
scripting.  ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2019-4664
RESERVED
 CVE-2019-4663 (IBM WebSphere Application Server - Liberty is vulnerable to 
cross-site ...)
@@ -252780,7 +252780,7 @@ CVE-2013-5980
 CVE-2013-5979 (Directory traversal vulnerability in Spring Signage Xibo 1.2.x 
before  ...)
NOT-FOR-US: Xibo
 CVE-2013-5978 (Multiple cross-site scripting (XSS) vulnerabilities in 
products.php in ...)
-   TODO: check
+   NOT-FOR-US: Cart66 Lite plugin for WordPress
 CVE-2013-5977 (Cross-site request forgery (CSRF) vulnerability in 
Cart66Product.php i ...)
NOT-FOR-US: Cart66 Lite plugin for WordPress
 CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy 
logout p ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc3bcb8f2207c98ae11038c2a504f0485aab445c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc3bcb8f2207c98ae11038c2a504f0485aab445c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove obsolete WIP note

2019-12-11 Thread Utkarsh Gupta



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b47aee0f by Utkarsh Gupta at 2019-12-11T20:15:48Z
Remove obsolete WIP note

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -46,7 +46,6 @@ libexif
 libjackson-json-java (Adrian Bunk)
 --
 libjpeg-turbo
-  NOTE: 20191118: WIP. (utkarsh2102)
   NOTE: 20191125: Huh, too big a patch; checking what works and what doesn't. 
(utkarsh2102)
 --
 libmatio (Adrian Bunk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b47aee0fdc3e74cd3a6c86d60a240cb71b1b1123

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b47aee0fdc3e74cd3a6c86d60a240cb71b1b1123
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1150583d by security tracker role at 2019-12-11T20:10:27Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,15 @@
+CVE-2019-19726
+   RESERVED
+CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst 
in sa_co ...)
+   TODO: check
+CVE-2019-19724
+   RESERVED
+CVE-2019-19723
+   RESERVED
+CVE-2019-19722
+   RESERVED
+CVE-2019-19721
+   RESERVED
 CVE-2020-3109
RESERVED
 CVE-2020-3108
@@ -1383,10 +1395,10 @@ CVE-2019-19652
RESERVED
 CVE-2019-19651
RESERVED
-CVE-2019-19650
-   RESERVED
-CVE-2019-19649
-   RESERVED
+CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a 
remote au ...)
+   TODO: check
+CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a 
remote un ...)
+   TODO: check
 CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 
3.11.0, ...)
- yara 
NOTE: https://github.com/VirusTotal/yara/issues/1178
@@ -2598,28 +2610,22 @@ CVE-2019-19585
RESERVED
 CVE-2019-19584
RESERVED
-CVE-2019-19583 [VMX: VMentry failure with debug exceptions and blocked states]
-   RESERVED
+CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86 
HVM/PVH gue ...)
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-308.html
-CVE-2019-19582
-   RESERVED
+CVE-2019-19582 (An issue was discovered in Xen through 4.12.x allowing x86 
guest OS us ...)
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
-CVE-2019-19581
-   RESERVED
+CVE-2019-19581 (An issue was discovered in Xen through 4.12.x allowing 32-bit 
Arm gues ...)
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
-CVE-2019-19580
-   RESERVED
+CVE-2019-19580 (An issue was discovered in Xen through 4.12.x allowing x86 PV 
guest OS ...)
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-310.html
-CVE-2019-19578
-   RESERVED
+CVE-2019-19578 (An issue was discovered in Xen through 4.12.x allowing x86 PV 
guest OS ...)
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-309.html
-CVE-2019-19577
-   RESERVED
+CVE-2019-19577 (An issue was discovered in Xen through 4.12.x allowing x86 AMD 
HVM gue ...)
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-311.html
 CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing 
attackers to ga ...)
@@ -3526,8 +3532,8 @@ CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a 
configuration where SSL
NOT-FOR-US: Octopus Deploy
 CVE-2019-19374
RESERVED
-CVE-2019-19373
-   RESERVED
+CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 
5.5.0.3, 5. ...)
+   TODO: check
 CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal 
vulnera ...)
NOT-FOR-US: rConfig
 CVE-2019-19371
@@ -4771,8 +4777,8 @@ CVE-2019-18962
RESERVED
 CVE-2019-18961
RESERVED
-CVE-2019-18960
-   RESERVED
+CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...)
+   TODO: check
 CVE-2019-18959
RESERVED
 CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the 
directory where  ...)
@@ -4821,8 +4827,8 @@ CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 
3.47.18 with the Script Par
NOT-FOR-US: eQ-3 Homematic
 CVE-2019-18936
RESERVED
-CVE-2019-18935
-   RESERVED
+CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 
contains a .N ...)
+   TODO: check
 CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the 
ipsec modul ...)
- unbound  (unimportant)
[stretch] - unbound  (ipsecmod module introduced later)
@@ -8530,12 +8536,12 @@ CVE-2019-18381 (Norton Password Manager, prior to 
6.6.2.5, may be susceptible to
NOT-FOR-US: Norton Password Manager
 CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions 
6.x.x,  ...)
NOT-FOR-US: Symantec
-CVE-2019-18379
-   RESERVED
-CVE-2019-18378
-   RESERVED
-CVE-2019-18377
-   RESERVED
+CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be 
susceptible to a s ...)
+   TODO: check
+CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be 
susceptible to a c ...)
+   TODO: check
+CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be 
susceptible to a p ...)
+   TODO: check
 CVE-2019-18376
RESERVED
 CVE-2019-18375
@@ -12018,6 +12024,7 @@ CVE-2019-17359 (The ASN.1 parser in Bouncy Castle 
Crypto (aka BC Java) 1.63 can
NOTE: 
https://github.com/bcgit/bc-java/commit/b1bc75254f5fea633a49a751a1a7339056f97856
 CVE-2019-17358
RESERVED
+

[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-1209{4,5}/php-horde as no-dsa for buster and stretch

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7bd7f641 by Salvatore Bonaccorso at 2019-12-11T20:06:44Z
Mark CVE-2019-1209{4,5}/php-horde as no-dsa for buster and stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -28289,10 +28289,14 @@ CVE-2019-12095 (Horde Trean, as used in Horde 
Groupware Webmail Edition through
[buster] - php-horde-trean  (Minor issue)
[stretch] - php-horde-trean  (Minor issue)
- php-horde 5.2.21+debian0-1
+   [buster] - php-horde  (Minor issue; can be fixed via point 
release)
+   [stretch] - php-horde  (Minor issue; can be fixed via point 
release)
NOTE: 
https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75
NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS)
 CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via 
an admin ...)
- php-horde 
+   [buster] - php-horde  (Minor issue)
+   [stretch] - php-horde  (Minor issue)
NOTE: https://bugs.horde.org/ticket/14926 (for the reflected XSS)
 CVE-2019-12093
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bd7f641ab8eec978c4f501f5ba8b3170cdb5aa4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bd7f641ab8eec978c4f501f5ba8b3170cdb5aa4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-12095/php-horde-trean as no-dsa

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
001240fb by Salvatore Bonaccorso at 2019-12-11T20:05:16Z
Mark CVE-2019-12095/php-horde-trean as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -28286,6 +28286,8 @@ CVE-2019-12096
RESERVED
 CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition 
through 5.2.22 ...)
- php-horde-trean 
+   [buster] - php-horde-trean  (Minor issue)
+   [stretch] - php-horde-trean  (Minor issue)
- php-horde 5.2.21+debian0-1
NOTE: 
https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75
NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/001240fb0efa4ebdab383a2e8199194995fc7af7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/001240fb0efa4ebdab383a2e8199194995fc7af7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update entry for intel-microcode

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
583a51a0 by Salvatore Bonaccorso at 2019-12-11T20:04:10Z
Update entry for intel-microcode

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -30,7 +30,7 @@ glusterfs/oldstable
 graphicsmagick/oldstable
 --
 intel-microcode (carnil)
-  Followup for more support for other CPUs pending
+  Followup for more support for other CPUs pending, regression fixes, wait for 
more information
 --
 jruby/oldstable
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/583a51a061cd029a7540f97765961c970ed27d50

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/583a51a061cd029a7540f97765961c970ed27d50
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19603/sqlite3

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aba0e2ac by Salvatore Bonaccorso at 2019-12-11T20:03:09Z
Add CVE-2019-19603/sqlite3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1520,7 +1520,8 @@ CVE-2019-19604 (Arbitrary command execution is possible 
in Git before 2.20.2, 2.
NOTE: by the bug.
NOTE: 
https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
 CVE-2019-19603 (SQLite 3.30.1, during handling of CREATE TABLE and CREATE VIEW 
stateme ...)
-   TODO: check
+   - sqlite3 
+   NOTE: 
https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
 CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l 
because of ...)
- texlive-bin 
NOTE: https://github.com/pkubowicz/opendetex/issues/60



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aba0e2ac966de8b40bb3fe440c5f217613e2fdde

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aba0e2ac966de8b40bb3fe440c5f217613e2fdde
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process two NFUs

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6ac4f695 by Salvatore Bonaccorso at 2019-12-11T19:59:20Z
Process two NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1226,7 +1226,7 @@ CVE-2019-19709 (MediaWiki through 1.33.1 allows attackers 
to bypass the Title_bl
 CVE-2019-19708 (The VisualEditor extension through 1.34 for MediaWiki allows 
XSS via p ...)
TODO: check
 CVE-2019-19707 (On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with 
firmware thr ...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2019-19706
RESERVED
 CVE-2019-19705
@@ -1236,7 +1236,7 @@ CVE-2019-19704
 CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP 
Authoriza ...)
TODO: check
 CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an 
XML Ext ...)
-   TODO: check
+   NOT-FOR-US: Modoboa
 CVE-2018-21033
RESERVED
 CVE-2018-21032



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ac4f69546df68232761fcf1679f23b51fe3a1b9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ac4f69546df68232761fcf1679f23b51fe3a1b9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19720/yabasic

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9937e768 by Salvatore Bonaccorso at 2019-12-11T19:46:11Z
Add CVE-2019-19720/yabasic

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1199,7 +1199,8 @@ CVE-2020-2511
 CVE-2020-2510
RESERVED
 CVE-2019-19720 (Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() 
functio ...)
-   TODO: check
+   - yabasic 
+   NOTE: https://github.com/marcIhm/yabasic/issues/36
 CVE-2019-19719 (Tableau Server 10.3 through 2019.4 on Windows and Linux allows 
XSS via ...)
TODO: check
 CVE-2019-19718



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9937e768fd4f55ebb651c06d4c72796178ad951e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9937e768fd4f55ebb651c06d4c72796178ad951e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2019-15681/libvncserver fixed in unstable

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a257db70 by Salvatore Bonaccorso at 2019-12-11T19:39:50Z
CVE-2019-15681/libvncserver fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -16551,7 +16551,7 @@ CVE-2019-15682 (RDesktop version 1.8.4 contains 
multiple out-of-bound access rea
 CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a 
contains ...)
{DLA-2014-1 DLA-1979-1 DLA-1977-1}
[experimental] - libvncserver 0.9.12+dfsg-1
-   - libvncserver  (low; bug #943793)
+   - libvncserver 0.9.12+dfsg-3 (low; bug #943793)
[buster] - libvncserver  (Minor issue)
[stretch] - libvncserver  (Minor issue)
- italc 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a257db7005a7bf6ec6c59866bb3c2851c1202fa3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a257db7005a7bf6ec6c59866bb3c2851c1202fa3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Three davical issues fixed in unstable (CVE-2019-1834{5,6,7})

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
08799b08 by Salvatore Bonaccorso at 2019-12-11T19:34:18Z
Three davical issues fixed in unstable (CVE-2019-1834{5,6,7})

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -8601,18 +8601,18 @@ CVE-2019-18348 (An issue was discovered in urllib2 in 
Python 2.x through 2.7.17
NOTE: not the case in all suites, but the issue is minor in general and 
would
NOTE: tend to a no-dsa/ignored tag in those suites.
 CVE-2019-18347 (A stored XSS issue was discovered in DAViCal through 1.1.8. It 
does no ...)
-   - davical  (bug #946343)
+   - davical 1.1.9.2-1 (bug #946343)
NOTE: 
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/
NOTE: 
https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
NOTE: 
https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
 CVE-2019-18346 (A CSRF issue was discovered in DAViCal through 1.1.8. If an 
authentica ...)
-   - davical  (bug #946343)
+   - davical 1.1.9.2-1 (bug #946343)
NOTE: 
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/
NOTE: 
https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
NOTE: 
https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
 CVE-2019-18345
RESERVED
-   - davical  (bug #946343)
+   - davical 1.1.9.2-1 (bug #946343)
NOTE: 
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/
NOTE: 
https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
NOTE: 
https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/08799b083f9abe063bffeb0a666bbce869b8e51a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/08799b083f9abe063bffeb0a666bbce869b8e51a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] heimdal no-dsa

2019-12-11 Thread Moritz Muehlenhoff



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b1450dc3 by Moritz Muehlenhoff at 2019-12-11T18:00:06Z
heimdal no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -19128,6 +19128,8 @@ CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 
4.10.x before 4.10.11 an
[buster] - samba  (Minor issue)
[stretch] - samba  (Minor issue)
- heimdal 
+   [buster] - heimdal  (Minor issue)
+   [stretch] - heimdal  (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14870.html
NOTE: https://github.com/heimdal/heimdal/pull/663
NOTE: https://github.com/heimdal/heimdal/pull/664 (port to 7.1 branch)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1450dc31d71650e66a0f3c94b7ddec1143854bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1450dc31d71650e66a0f3c94b7ddec1143854bc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 4 commits: Remove doubled note

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
56d58f45 by Salvatore Bonaccorso at 2019-12-11T12:20:03Z
Remove doubled note

- - - - -
b2d2a69b by Salvatore Bonaccorso at 2019-12-11T12:20:54Z
Add CVE-2019-19578/xen

- - - - -
afdb8a4d by Salvatore Bonaccorso at 2019-12-11T12:25:52Z
Add CVE-2019-19580/xen

- - - - -
ce630709 by Salvatore Bonaccorso at 2019-12-11T12:26:27Z
Add CVE-2019-19577/xen

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2599,7 +2599,7 @@ CVE-2019-19584
 CVE-2019-19583 [VMX: VMentry failure with debug exceptions and blocked states]
RESERVED
- xen 
-   NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-308.html
+   NOTE: https://xenbits.xen.org/xsa/advisory-308.html
 CVE-2019-19582
RESERVED
- xen 
@@ -2610,10 +2610,16 @@ CVE-2019-19581
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
 CVE-2019-19580
RESERVED
+   - xen 
+   NOTE: https://xenbits.xen.org/xsa/advisory-310.html
 CVE-2019-19578
RESERVED
+   - xen 
+   NOTE: https://xenbits.xen.org/xsa/advisory-309.html
 CVE-2019-19577
RESERVED
+   - xen 
+   NOTE: https://xenbits.xen.org/xsa/advisory-311.html
 CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing 
attackers to ga ...)
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-306.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/23c08ac14863020e07980698186990173aad022b...ce6307095f848e25aea73b498bdc649463733247

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/23c08ac14863020e07980698186990173aad022b...ce6307095f848e25aea73b498bdc649463733247
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1958{1,2}/xen

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
23c08ac1 by Salvatore Bonaccorso at 2019-12-11T12:19:24Z
Add CVE-2019-1958{1,2}/xen

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2602,8 +2602,12 @@ CVE-2019-19583 [VMX: VMentry failure with debug 
exceptions and blocked states]
NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-308.html
 CVE-2019-19582
RESERVED
+   - xen 
+   NOTE: https://xenbits.xen.org/xsa/advisory-307.html
 CVE-2019-19581
RESERVED
+   - xen 
+   NOTE: https://xenbits.xen.org/xsa/advisory-307.html
 CVE-2019-19580
RESERVED
 CVE-2019-19578



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23c08ac14863020e07980698186990173aad022b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23c08ac14863020e07980698186990173aad022b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19583/xen

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6a70deac by Salvatore Bonaccorso at 2019-12-11T12:17:18Z
Add CVE-2019-19583/xen

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2596,8 +2596,10 @@ CVE-2019-19585
RESERVED
 CVE-2019-19584
RESERVED
-CVE-2019-19583
+CVE-2019-19583 [VMX: VMentry failure with debug exceptions and blocked states]
RESERVED
+   - xen 
+   NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-308.html
 CVE-2019-19582
RESERVED
 CVE-2019-19581



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a70deac7068dca12e69ebd1183ae635d36bbabd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a70deac7068dca12e69ebd1183ae635d36bbabd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] data/DLA/list: Correct reference to CVE-2019-17358 in cacti.

2019-12-11 Thread Chris Lamb



Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62510cf2 by Chris Lamb at 2019-12-11T11:48:55Z
data/DLA/list: Correct reference to CVE-2019-17358 in cacti.

- - - - -


1 changed file:

- data/DLA/list


Changes:

=
data/DLA/list
=
@@ -1,5 +1,5 @@
 [11 Dec 2019] DLA-2032-1 cacti - security update
-   {CVE-2019-17357}
+   {CVE-2019-17358}
[jessie] - cacti 0.8.8b+dfsg-8+deb8u8
 [10 Dec 2019] DLA-2031-1 freeimage - security update
{CVE-2019-12211 CVE-2019-12213}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/62510cf28890db6c82136e894e86aeb44c6dce3d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/62510cf28890db6c82136e894e86aeb44c6dce3d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2032-1 for cacti

2019-12-11 Thread Chris Lamb



Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2485d9de by Chris Lamb at 2019-12-11T11:43:04Z
Reserve DLA-2032-1 for cacti

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[11 Dec 2019] DLA-2032-1 cacti - security update
+   {CVE-2019-17357}
+   [jessie] - cacti 0.8.8b+dfsg-8+deb8u8
 [10 Dec 2019] DLA-2031-1 freeimage - security update
{CVE-2019-12211 CVE-2019-12213}
[jessie] - freeimage 3.15.4-4.2+deb8u2


=
data/dla-needed.txt
=
@@ -15,8 +15,6 @@ ansible
   NOTE: CVE-2019-14846 should be an easy fix.
   NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. 
(utkarsh2102)
 --
-cacti (Chris Lamb)
---
 clamav (Hugo Lefeuvre)
   NOTE: waiting for 0.102.1 to enter stretch/buster.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2485d9de517560219efd76e5785bd67aa307a2b7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2485d9de517560219efd76e5785bd67aa307a2b7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim cacti.

2019-12-11 Thread Chris Lamb



Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5b57dd4 by Chris Lamb at 2019-12-11T10:19:34Z
data/dla-needed.txt: Claim cacti.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -15,7 +15,7 @@ ansible
   NOTE: CVE-2019-14846 should be an easy fix.
   NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. 
(utkarsh2102)
 --
-cacti
+cacti (Chris Lamb)
 --
 clamav (Hugo Lefeuvre)
   NOTE: waiting for 0.102.1 to enter stretch/buster.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5b57dd4bbca975bf7e996c7c1c552dcf535ae30

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5b57dd4bbca975bf7e996c7c1c552dcf535ae30
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2019-17357 in cacti for jessie LTS.

2019-12-11 Thread Chris Lamb



Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b0454a6 by Chris Lamb at 2019-12-11T10:17:30Z
Triage CVE-2019-17357 in cacti for jessie LTS.

- - - - -
88ea58ce by Chris Lamb at 2019-12-11T10:18:47Z
data/dla-needed.txt: Triage cacti for jessie LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -12010,6 +12010,7 @@ CVE-2019-17358
 CVE-2019-17357
RESERVED
- cacti 
+   [jessie] - cacti  (Vulnerable code not present)
NOTE: https://github.com/Cacti/cacti/issues/3025
NOTE: 
https://github.com/Cacti/cacti/commit/d6dc48503bbcde0717e7a93df7638fd4796200f4
 CVE-2019-17356 (The Infinite Design application 3.4.12 for Android sends a 
username an ...)


=
data/dla-needed.txt
=
@@ -15,6 +15,8 @@ ansible
   NOTE: CVE-2019-14846 should be an easy fix.
   NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. 
(utkarsh2102)
 --
+cacti
+--
 clamav (Hugo Lefeuvre)
   NOTE: waiting for 0.102.1 to enter stretch/buster.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/77feac01d2afd62b60b044b1057aaff6d3c1e9b5...88ea58cece9b3a0e21f0c352da0dd4f7a5542add

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/77feac01d2afd62b60b044b1057aaff6d3c1e9b5...88ea58cece9b3a0e21f0c352da0dd4f7a5542add
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
77feac01 by security tracker role at 2019-12-11T08:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,1245 @@
+CVE-2020-3109
+   RESERVED
+CVE-2020-3108
+   RESERVED
+CVE-2020-3107
+   RESERVED
+CVE-2020-3106
+   RESERVED
+CVE-2020-3105
+   RESERVED
+CVE-2020-3104
+   RESERVED
+CVE-2020-3103
+   RESERVED
+CVE-2020-3102
+   RESERVED
+CVE-2020-3101
+   RESERVED
+CVE-2020-3100
+   RESERVED
+CVE-2020-3099
+   RESERVED
+CVE-2020-3098
+   RESERVED
+CVE-2020-3097
+   RESERVED
+CVE-2020-3096
+   RESERVED
+CVE-2020-3095
+   RESERVED
+CVE-2020-3094
+   RESERVED
+CVE-2020-3093
+   RESERVED
+CVE-2020-3092
+   RESERVED
+CVE-2020-3091
+   RESERVED
+CVE-2020-3090
+   RESERVED
+CVE-2020-3089
+   RESERVED
+CVE-2020-3088
+   RESERVED
+CVE-2020-3087
+   RESERVED
+CVE-2020-3086
+   RESERVED
+CVE-2020-3085
+   RESERVED
+CVE-2020-3084
+   RESERVED
+CVE-2020-3083
+   RESERVED
+CVE-2020-3082
+   RESERVED
+CVE-2020-3081
+   RESERVED
+CVE-2020-3080
+   RESERVED
+CVE-2020-3079
+   RESERVED
+CVE-2020-3078
+   RESERVED
+CVE-2020-3077
+   RESERVED
+CVE-2020-3076
+   RESERVED
+CVE-2020-3075
+   RESERVED
+CVE-2020-3074
+   RESERVED
+CVE-2020-3073
+   RESERVED
+CVE-2020-3072
+   RESERVED
+CVE-2020-3071
+   RESERVED
+CVE-2020-3070
+   RESERVED
+CVE-2020-3069
+   RESERVED
+CVE-2020-3068
+   RESERVED
+CVE-2020-3067
+   RESERVED
+CVE-2020-3066
+   RESERVED
+CVE-2020-3065
+   RESERVED
+CVE-2020-3064
+   RESERVED
+CVE-2020-3063
+   RESERVED
+CVE-2020-3062
+   RESERVED
+CVE-2020-3061
+   RESERVED
+CVE-2020-3060
+   RESERVED
+CVE-2020-3059
+   RESERVED
+CVE-2020-3058
+   RESERVED
+CVE-2020-3057
+   RESERVED
+CVE-2020-3056
+   RESERVED
+CVE-2020-3055
+   RESERVED
+CVE-2020-3054
+   RESERVED
+CVE-2020-3053
+   RESERVED
+CVE-2020-3052
+   RESERVED
+CVE-2020-3051
+   RESERVED
+CVE-2020-3050
+   RESERVED
+CVE-2020-3049
+   RESERVED
+CVE-2020-3048
+   RESERVED
+CVE-2020-3047
+   RESERVED
+CVE-2020-3046
+   RESERVED
+CVE-2020-3045
+   RESERVED
+CVE-2020-3044
+   RESERVED
+CVE-2020-3043
+   RESERVED
+CVE-2020-3042
+   RESERVED
+CVE-2020-3041
+   RESERVED
+CVE-2020-3040
+   RESERVED
+CVE-2020-3039
+   RESERVED
+CVE-2020-3038
+   RESERVED
+CVE-2020-3037
+   RESERVED
+CVE-2020-3036
+   RESERVED
+CVE-2020-3035
+   RESERVED
+CVE-2020-3034
+   RESERVED
+CVE-2020-3033
+   RESERVED
+CVE-2020-3032
+   RESERVED
+CVE-2020-3031
+   RESERVED
+CVE-2020-3030
+   RESERVED
+CVE-2020-3029
+   RESERVED
+CVE-2020-3028
+   RESERVED
+CVE-2020-3027
+   RESERVED
+CVE-2020-3026
+   RESERVED
+CVE-2020-3025
+   RESERVED
+CVE-2020-3024
+   RESERVED
+CVE-2020-3023
+   RESERVED
+CVE-2020-3022
+   RESERVED
+CVE-2020-3021
+   RESERVED
+CVE-2020-3020
+   RESERVED
+CVE-2020-3019
+   RESERVED
+CVE-2020-3018
+   RESERVED
+CVE-2020-3017
+   RESERVED
+CVE-2020-3016
+   RESERVED
+CVE-2020-3015
+   RESERVED
+CVE-2020-3014
+   RESERVED
+CVE-2020-3013
+   RESERVED
+CVE-2020-3012
+   RESERVED
+CVE-2020-3011
+   RESERVED
+CVE-2020-3010
+   RESERVED
+CVE-2020-3009
+   RESERVED
+CVE-2020-3008
+   RESERVED
+CVE-2020-3007
+   RESERVED
+CVE-2020-3006
+   RESERVED
+CVE-2020-3005
+   RESERVED
+CVE-2020-3004
+   RESERVED
+CVE-2020-3003
+   RESERVED
+CVE-2020-3002
+   RESERVED
+CVE-2020-3001
+   RESERVED
+CVE-2020-3000
+   RESERVED
+CVE-2020-2999
+   RESERVED
+CVE-2020-2998
+   RESERVED
+CVE-2020-2997
+   RESERVED
+CVE-2020-2996
+   RESERVED
+CVE-2020-2995
+   RESERVED
+CVE-2020-2994
+   RESERVED
+CVE-2020-2993
+   RESERVED
+CVE-2020-2992
+   RESERVED
+CVE-2020-2991
+   RESERVED
+CVE-2020-2990
+   RESERVED
+CVE-2020-2989
+   RESERVED
+CVE-2020-2988
+   RESERVED
+CVE-2020-2987
+   RESERVED
+CVE-2020-2986
+   RESERVED
+CVE-2020-2985
+   RESERVED
+CVE-2020-2984
+   RESERVED
+CVE-2020-2983
+   RESERVED
+CVE-2020-2982
+   RESERVED
+CVE-2020-2981
+   RESERVED
+CVE-2020-2980
+   RESERVED
+CVE-2020-2979
+   RESERVED
+CVE-2020-2978
+   RESERVED
+CVE-2020-2977
+   RESERVED
+CVE-2020-2976
+   RESERVED
+CVE-2020-2975
+   RESERVED
+CVE-2020-2974
+   RESERVED
+CVE-2020-2973
+   RESERVED
+CVE-2020-2972
+   RESERVED
+CVE-2020-2971
+   RESERVED
+CVE-2020-2970
+   RESERVED
+CVE-2020-2969
+   RESERVED
+CVE-2020-2968
+   RESERVED
+CVE-2020-2967
+   RESERVED
+CVE-2020-2966
+   RESERVED
+CVE-2020-2965
+   RESERVED
+CVE-2020-29

[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19617/phpmyadmin as no-dsa

2019-12-11 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4715c08e by Salvatore Bonaccorso at 2019-12-11T08:01:49Z
Mark CVE-2019-19617/phpmyadmin as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -238,6 +238,7 @@ CVE-2019-19618
 CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git 
information, relat ...)
{DLA-2024-1}
- phpmyadmin 4:4.9.2+dfsg1-1
+   [stretch] - phpmyadmin  (Minor issue)
NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9
 CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in 
the Xtivia ...)
NOT-FOR-US: Microsoft Dynamics NAV



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4715c08e131ec220ce93e4abc60162903ab7f0ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4715c08e131ec220ce93e4abc60162903ab7f0ff
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Several chroimium issues fixed in unstable

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19339 as NFU

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-19687/keystone

[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2019-14870 as no-dsa for jessie

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19687/keystone

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-19645/sqlite3

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19725/sysstat

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Git][security-tracker-team/security-tracker][master] Remove obsolete WIP note

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-1209{4,5}/php-horde as no-dsa for buster and stretch

[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-12095/php-horde-trean as no-dsa

[Git][security-tracker-team/security-tracker][master] Update entry for intel-microcode

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19603/sqlite3

[Git][security-tracker-team/security-tracker][master] Process two NFUs

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19720/yabasic

[Git][security-tracker-team/security-tracker][master] CVE-2019-15681/libvncserver fixed in unstable

[Git][security-tracker-team/security-tracker][master] Three davical issues fixed in unstable (CVE-2019-1834{5,6,7})

[Git][security-tracker-team/security-tracker][master] heimdal no-dsa

[Git][security-tracker-team/security-tracker][master] 4 commits: Remove doubled note

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1958{1,2}/xen

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-19583/xen

[Git][security-tracker-team/security-tracker][master] data/DLA/list: Correct reference to CVE-2019-17358 in cacti.

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2032-1 for cacti

[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim cacti.

[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2019-17357 in cacti for jessie LTS.

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19617/phpmyadmin as no-dsa

29 matches

Site Navigation

Mail list logo

Footer information