[Git][security-tracker-team/security-tracker][master] Remove excessive notes for slirp dla-needed entry
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: bd78d7ae by Brian May at 2020-09-08T08:35:01+10:00 Remove excessive notes for slirp dla-needed entry - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -176,8 +176,8 @@ samba (Mike Gabriel) shiro (Roberto C. Sánchez) -- slirp - NOTE: Upstream patch for CVE-2020-8608 requires patches for NOTE: - NOTE: CVE-2020-7039 to be applied patched first, as they both patch NOTE: + NOTE: Upstream patch for CVE-2020-8608 requires patches for + NOTE: CVE-2020-7039 to be applied patched first, as they both patch NOTE: the same lines of code in tcp_subr.c (bam). -- snmptt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd78d7ae755f39758438d2841c32ff01074128cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd78d7ae755f39758438d2841c32ff01074128cc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
09dbe532 by security tracker role at 2020-09-07T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1130,6 +1130,7 @@ CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles
pinned TLS certificate veri
NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866
CVE-2020-24660
RESERVED
+ {DSA-4762-1 DLA-2367-1}
- lemonldap-ng 2.0.9+ds-1
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290
CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can
trigger ...)
@@ -20803,6 +20804,7 @@ CVE-2020-15167 (In Miller (command line utility) using
the configuration file su
NOTE:
https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw
CVE-2020-15166
RESERVED
+ {DSA-4761-1}
- zeromq3 4.3.3-1
NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3
NOTE:
https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
@@ -188866,7 +188868,7 @@ CVE-2017-11724 (The ReadMATImage function in
coders/mat.c in ImageMagick through
NOTE: https://github.com/ImageMagick/ImageMagick/issues/624
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5163756a1f829a561912dfdb74a0dae41d8ed8cf
CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in
coders/mat.c, ...)
- {DLA-2366-1 DLA-1785-1 DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
[stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09dbe5325216b1f63eb9a38581a0820a3e98
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09dbe5325216b1f63eb9a38581a0820a3e98
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for CVE-2020-7729 via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8996054e by Salvatore Bonaccorso at 2020-09-07T21:37:31+02:00 Track proposed update for CVE-2020-7729 via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -62,3 +62,5 @@ CVE-2020-8124 [buster] - node-url-parse 1.2.0-2+deb10u1 CVE-2020-13822 [buster] - node-elliptic 6.4.1~dfsg-1+deb10u1 +CVE-2020-7729 + [buster] - grunt 1.0.1-8+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8996054e63da0e29b7cedfd7e6342e6f488d2739 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8996054e63da0e29b7cedfd7e6342e6f488d2739 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-7729/grunt as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30203754 by Salvatore Bonaccorso at 2020-09-07T21:36:20+02:00 Mark CVE-2020-7729/grunt as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41346,6 +41346,7 @@ CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Inject NOT-FOR-US: bestzip nodejs module CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...) - grunt 1.3.0-1 (bug #969668) + [buster] - grunt (Minor issue) NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7 NOTE: https://snyk.io/vuln/SNYK-JS-GRUNT-597546 CVE-2020-7728 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30203754e481d53ceb829b620dc4423dccded31c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30203754e481d53ceb829b620dc4423dccded31c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24916/yaws
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cde260c7 by Salvatore Bonaccorso at 2020-09-07T21:21:17+02:00 Add CVE-2020-24916/yaws - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -605,8 +605,11 @@ CVE-2020-24918 RESERVED CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...) NOT-FOR-US: osTicket -CVE-2020-24916 +CVE-2020-24916 [OS command injection in Yaws web server] RESERVED + - yaws 2.0.8+dfsg-1 + NOTE: https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1 + NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection CVE-2020-24915 RESERVED CVE-2020-24914 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cde260c738fe8d61cd84ed5a3588e4d837cb2d1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cde260c738fe8d61cd84ed5a3588e4d837cb2d1d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24379/yaws
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1fe381ce by Salvatore Bonaccorso at 2020-09-07T21:19:15+02:00 Add CVE-2020-24379/yaws - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1729,8 +1729,11 @@ CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) throu NOT-FOR-US: GUnet Open eClass Platform CVE-2020-24380 RESERVED -CVE-2020-24379 +CVE-2020-24379 [XXE in Yaws web server] RESERVED + - yaws 2.0.8+dfsg-1 + NOTE: https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c + NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe CVE-2020-24378 RESERVED CVE-2020-24377 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe381ceac89577ead8b79b65752946250a35a6a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe381ceac89577ead8b79b65752946250a35a6a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lemonldap-ng DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0e0411e by Moritz Muehlenhoff at 2020-09-07T21:04:19+02:00
lemonldap-ng DSA
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[07 Sep 2020] DSA-4762-1 lemonldap-ng - security update
+ {CVE-2020-24660}
+ [buster] - lemonldap-ng 2.0.2+ds-7+deb10u5
[07 Sep 2020] DSA-4761-1 zeromq3 - security update
{CVE-2020-15166}
[buster] - zeromq3 4.3.1-4+deb10u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0e0411ed943f6764cc0406f67a32a876a8e6705
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0e0411ed943f6764cc0406f67a32a876a8e6705
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for zeromq3 update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b58d06e5 by Salvatore Bonaccorso at 2020-09-07T20:58:12+02:00
Reserve DSA number for zeromq3 update
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[07 Sep 2020] DSA-4761-1 zeromq3 - security update
+ {CVE-2020-15166}
+ [buster] - zeromq3 4.3.1-4+deb10u2
[06 Sep 2020] DSA-4760-1 qemu - security update
{CVE-2020-12829 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092}
[buster] - qemu 1:3.1+dfsg-8+deb10u8
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b58d06e5bd49d857588aa8e9101766fc6c067f3d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b58d06e5bd49d857588aa8e9101766fc6c067f3d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2020-15166/zeromq3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62ce6176 by Salvatore Bonaccorso at 2020-09-07T20:35:51+02:00 Reference upstream commit for CVE-2020-15166/zeromq3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20800,6 +20800,7 @@ CVE-2020-15166 - zeromq3 4.3.3-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m + NOTE: https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09 CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...) NOT-FOR-US: Chameleon Mini Live Debugger CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ce617620e23134014f10504a143e643d06e587 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ce617620e23134014f10504a143e643d06e587 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-12829/qemu: stretch not-affected
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9918f39f by Sylvain Beucler at 2020-09-07T19:55:34+02:00
CVE-2020-12829/qemu: stretch not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -26939,7 +26939,7 @@ CVE-2020-12830
CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the
SM501 disp ...)
{DSA-4760-1}
- qemu 1:5.0-12 (low; bug #961451)
- [stretch] - qemu (Minor issue)
+ [stretch] - qemu (SM501 only compiled for misc/sh4 where
it's not enabled as a graphics device yet; intrusive)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9918f39f4bb9d31112c1472a4dafbd774b91cd67
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9918f39f4bb9d31112c1472a4dafbd774b91cd67
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-15166/zeromq3 fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b7b1529 by Salvatore Bonaccorso at 2020-09-07T19:25:17+02:00 CVE-2020-15166/zeromq3 fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20797,7 +20797,7 @@ CVE-2020-15167 (In Miller (command line utility) using the configuration file su NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw CVE-2020-15166 RESERVED - - zeromq3 + - zeromq3 4.3.3-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b7b1529041781ccb97093e8dd39c9e779628086 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b7b1529041781ccb97093e8dd39c9e779628086 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-15166/zeromq3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 70fc4327 by Salvatore Bonaccorso at 2020-09-07T19:24:24+02:00 Add CVE-2020-15166/zeromq3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20797,6 +20797,9 @@ CVE-2020-15167 (In Miller (command line utility) using the configuration file su NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw CVE-2020-15166 RESERVED + - zeromq3 + NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3 + NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...) NOT-FOR-US: Chameleon Mini Live Debugger CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70fc43271073835cb8d13708ff74763b6930fe54 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70fc43271073835cb8d13708ff74763b6930fe54 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-12670,imagemagick: postponed
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f2537493 by Markus Koschany at 2020-09-07T19:08:01+02:00
CVE-2017-12670,imagemagick: postponed
Upstream patch appears to be incomplete. Needs further investigation.
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=
data/CVE/list
=
@@ -188857,9 +188857,11 @@ CVE-2017-11724 (The ReadMATImage function in
coders/mat.c in ImageMagick through
CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in
coders/mat.c, ...)
{DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
+ [stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
+ NOTE: Upstream patch is apparently incomplete. POC still triggers
segfault.
CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is
a missi ...)
{DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)
=
data/DLA/list
=
@@ -2,7 +2,7 @@
{CVE-2020-24660}
[stretch] - lemonldap-ng 1.9.7-3+deb9u4
[07 Sep 2020] DLA-2366-1 imagemagick - security update
- {CVE-2017-12140 CVE-2017-12429 CVE-2017-12430 CVE-2017-12435
CVE-2017-12563 CVE-2017-12643 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691
CVE-2017-12692 CVE-2017-12693 CVE-2017-12806 CVE-2017-12875 CVE-2017-13061
CVE-2017-13133 CVE-2017-13658 CVE-2017-13768 CVE-2017-14060 CVE-2017-14172
CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14249 CVE-2017-14341
CVE-2017-14400 CVE-2017-14505 CVE-2017-14532 CVE-2017-14624 CVE-2017-14625
CVE-2017-14626 CVE-2017-14739 CVE-2017-14741 CVE-2017-15015 CVE-2017-15017
CVE-2017-15281 CVE-2017-17682 CVE-2017-17914 CVE-2017-18209 CVE-2017-18211
CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445 CVE-2017-1000476 CVE-2018-16643
CVE-2018-16749 CVE-2018-18025 CVE-2019-11598 CVE-2019-13135 CVE-2019-13308
CVE-2019-13391 CVE-2019-15139}
+ {CVE-2017-12140 CVE-2017-12429 CVE-2017-12430 CVE-2017-12435
CVE-2017-12563 CVE-2017-12643 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692
CVE-2017-12693 CVE-2017-12806 CVE-2017-12875 CVE-2017-13061 CVE-2017-13133
CVE-2017-13658 CVE-2017-13768 CVE-2017-14060 CVE-2017-14172 CVE-2017-14173
CVE-2017-14174 CVE-2017-14175 CVE-2017-14249 CVE-2017-14341 CVE-2017-14400
CVE-2017-14505 CVE-2017-14532 CVE-2017-14624 CVE-2017-14625 CVE-2017-14626
CVE-2017-14739 CVE-2017-14741 CVE-2017-15015 CVE-2017-15017 CVE-2017-15281
CVE-2017-17682 CVE-2017-17914 CVE-2017-18209 CVE-2017-18211 CVE-2017-18271
CVE-2017-18273 CVE-2017-1000445 CVE-2017-1000476 CVE-2018-16643 CVE-2018-16749
CVE-2018-18025 CVE-2019-11598 CVE-2019-13135 CVE-2019-13308 CVE-2019-13391
CVE-2019-15139}
[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u10
[04 Sep 2020] DLA-2278-3 squid3 - regression update
[stretch] - squid3 3.5.23-5+deb9u4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2537493b4a90ecdb284e9688411f922d4cceaf5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2537493b4a90ecdb284e9688411f922d4cceaf5
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-5008/qemu: stretch ignored->not-affected
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 0623e8f1 by Sylvain Beucler at 2020-09-07T17:54:21+02:00 CVE-2019-5008/qemu: stretch ignored-not-affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -103718,11 +103718,12 @@ CVE-2018-20670 CVE-2019-5008 (hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dere ...) - qemu 1:3.1+dfsg-8 (low; bug #927439) [buster] - qemu 1:3.1+dfsg-8~deb10u1 - [stretch] - qemu (Minor issue) + [stretch] - qemu (Vulnerable code not present) [jessie] - qemu (Vulnerable code not present) - qemu-kvm NOTE: https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ad280559c68360c9f1cd7be063857853759e6a73 (4.0.0-rc0) + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=25c5d5acfbaa148b2da64b1f2c1401f87ebb0bb4 (MemoryRegionOps introduced in 2.12) CVE-2019-5007 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...) NOT-FOR-US: Foxit Reader and PhantomPDF CVE-2019-5006 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0623e8f19735fa1a2ade859388bc526644db4357 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0623e8f19735fa1a2ade859388bc526644db4357 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Reserve DLA-2368-1 for lemonldap-ng" (duplication)
Xavier Guimard pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3bcb2b1 by Xavier Guimard at 2020-09-07T17:20:59+02:00
Revert Reserve DLA-2368-1 for lemonldap-ng (duplication)
This reverts commit f19eebce6170dd86df1d5540a554fcf6db3011b4.
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,6 +1,3 @@
-[07 Sep 2020] DLA-2368-1 lemonldap-ng - security update
- {CVE-2020-24660}
- [stretch] - lemonldap-ng 1.9.7-3+deb9u4
[07 Sep 2020] DLA-2367-1 lemonldap-ng - security update
{CVE-2020-24660}
[stretch] - lemonldap-ng 1.9.7-3+deb9u4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3bcb2b10c1cd4e381ff9142a35d8930f497ad42
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3bcb2b10c1cd4e381ff9142a35d8930f497ad42
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2368-1 for lemonldap-ng
Xavier Guimard pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f19eebce by Xavier Guimard at 2020-09-07T17:20:16+02:00
Reserve DLA-2368-1 for lemonldap-ng
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[07 Sep 2020] DLA-2368-1 lemonldap-ng - security update
+ {CVE-2020-24660}
+ [stretch] - lemonldap-ng 1.9.7-3+deb9u4
[07 Sep 2020] DLA-2367-1 lemonldap-ng - security update
{CVE-2020-24660}
[stretch] - lemonldap-ng 1.9.7-3+deb9u4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f19eebce6170dd86df1d5540a554fcf6db3011b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f19eebce6170dd86df1d5540a554fcf6db3011b4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2367-1 for lemonldap-ng
Xavier Guimard pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3129a27b by Xavier Guimard at 2020-09-07T17:19:22+02:00
Reserve DLA-2367-1 for lemonldap-ng
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[07 Sep 2020] DLA-2367-1 lemonldap-ng - security update
+ {CVE-2020-24660}
+ [stretch] - lemonldap-ng 1.9.7-3+deb9u4
[07 Sep 2020] DLA-2366-1 imagemagick - security update
{CVE-2017-12140 CVE-2017-12429 CVE-2017-12430 CVE-2017-12435
CVE-2017-12563 CVE-2017-12643 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691
CVE-2017-12692 CVE-2017-12693 CVE-2017-12806 CVE-2017-12875 CVE-2017-13061
CVE-2017-13133 CVE-2017-13658 CVE-2017-13768 CVE-2017-14060 CVE-2017-14172
CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14249 CVE-2017-14341
CVE-2017-14400 CVE-2017-14505 CVE-2017-14532 CVE-2017-14624 CVE-2017-14625
CVE-2017-14626 CVE-2017-14739 CVE-2017-14741 CVE-2017-15015 CVE-2017-15017
CVE-2017-15281 CVE-2017-17682 CVE-2017-17914 CVE-2017-18209 CVE-2017-18211
CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445 CVE-2017-1000476 CVE-2018-16643
CVE-2018-16749 CVE-2018-18025 CVE-2019-11598 CVE-2019-13135 CVE-2019-13308
CVE-2019-13391 CVE-2019-15139}
[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u10
=
data/dla-needed.txt
=
@@ -92,9 +92,6 @@ jupyter-notebook
--
kleopatra
--
-lemonldap-ng
- NOTE: 20200907: Vulnerable to CVE-2020-24660
---
libxml2 (Markus Koschany)
--
linux (Ben Hutchings)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3129a27b45a1167760bf44a03f4f1dc5f2d2d999
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3129a27b45a1167760bf44a03f4f1dc5f2d2d999
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update dla-needed.txt: add lemonldap-ng
Xavier Guimard pushed to branch master at Debian Security Tracker / security-tracker Commits: dedf0852 by Xavier Guimard at 2020-09-07T15:03:59+00:00 Update dla-needed.txt: add lemonldap-ng - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -92,6 +92,9 @@ jupyter-notebook -- kleopatra -- +lemonldap-ng + NOTE: 20200907: Vulnerable to CVE-2020-24660 +-- libxml2 (Markus Koschany) -- linux (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dedf08529e71d6202565b848b410ac13f06352e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dedf08529e71d6202565b848b410ac13f06352e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-11334/qemu: postponed->ignored
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4af34862 by Sylvain Beucler at 2020-09-07T15:56:51+02:00
CVE-2017-11334/qemu: postponed-ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -190224,7 +190224,7 @@ CVE-2017-11524 (The WriteBlob function in
MagickCore/blob.c in ImageMagick befor
CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU
(aka Quick ...)
{DSA-3925-1}
- qemu 1:2.8+dfsg-7 (bug #869173)
- [jessie] - qemu (Minor issue, root DoS, backport caused Xen
regression in Ubuntu and was reverted)
+ [jessie] - qemu (Minor issue, root DoS, Xen regression,
multiple refactorings after 2.5, no reproducer)
[wheezy] - qemu (Minor issue)
- qemu-kvm
[wheezy] - qemu-kvm (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af348626f64869cfa431d01b8b07eeb9bf91a27
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af348626f64869cfa431d01b8b07eeb9bf91a27
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] qemu/CVE-2019-12067: 1 year later, no news
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: f610867a by Sylvain Beucler at 2020-09-07T15:41:00+02:00 qemu/CVE-2019-12067: 1 year later, no news - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -83644,7 +83644,7 @@ CVE-2019-12067 [ide: ahci: add check to avoid null dereference] [jessie] - qemu (Minor issue, can be fixed along in future update) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html - NOTE: patch not sanctioned as of 20190909 + NOTE: patch not sanctioned as of 20200907 NOTE: patched function introduced in 2014/2.1.50 but affected code pre-existed NOTE: https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc CVE-2019-12066 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f610867a41d7dc904ec206968af8688524dc3413 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f610867a41d7dc904ec206968af8688524dc3413 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim gnutls28, shiro
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 5295d431 by Roberto C. Sánchez at 2020-09-07T07:54:01-04:00 LTS: claim gnutls28, shiro - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -75,7 +75,7 @@ freerdp (Mike Gabriel) gnome-shell (Mike Gabriel) NOTE: 20200829: https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/41 (sunweaver) -- -gnutls28 +gnutls28 (Roberto C. Sánchez) -- golang-go.crypto -- @@ -173,7 +173,7 @@ samba (Mike Gabriel) NOTE: 20200830: Will remove this entry and mark all current CVEs as postponed. But first I need to know were the patches are (ola). NOTE: 20200903: As discussed internally, I will look into Samba AD CVEs and revisit the risk assessment, plus fix the more severe issues (sunweaver) -- -shiro +shiro (Roberto C. Sánchez) -- slirp NOTE: Upstream patch for CVE-2020-8608 requires patches for NOTE: View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5295d431548f46cb06d300635a2e1d9e9ee2f621 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5295d431548f46cb06d300635a2e1d9e9ee2f621 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 6 commits: data/dla-needed.txt: Triage gnutls28 for stretch LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e4ca473 by Chris Lamb at 2020-09-07T12:38:33+01:00 data/dla-needed.txt: Triage gnutls28 for stretch LTS. - - - - - 0e8743f7 by Chris Lamb at 2020-09-07T12:39:04+01:00 data/dla-needed.txt: Triage grunt for stretch LTS. - - - - - 4c684814 by Chris Lamb at 2020-09-07T12:39:11+01:00 data/dla-needed.txt: Claim grunt. - - - - - 21f1c5d8 by Chris Lamb at 2020-09-07T12:41:16+01:00 data/dla-needed.txt: Triage kleopatra for stretch LTS (CVE-2020-24972). - - - - - 842f9aed by Chris Lamb at 2020-09-07T12:43:30+01:00 data/dla-needed.txt: Triage python-pip for stretch LTS (CVE-2019-20916). - - - - - 4154f5b9 by Chris Lamb at 2020-09-07T12:43:40+01:00 data/dla-needed.txt: Claim python-pip. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -75,10 +75,14 @@ freerdp (Mike Gabriel) gnome-shell (Mike Gabriel) NOTE: 20200829: https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/41 (sunweaver) -- +gnutls28 +-- golang-go.crypto -- golang-golang-x-net-dev -- +grunt (Chris Lamb) +-- guacamole-client (Mike Gabriel) -- jetty9 (Markus Koschany) @@ -86,6 +90,8 @@ jetty9 (Markus Koschany) jupyter-notebook NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby) -- +kleopatra +-- libxml2 (Markus Koschany) -- linux (Ben Hutchings) @@ -115,6 +121,8 @@ php-horde-trean (Mike Gabriel) puma NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby) -- +python-pip (Chris Lamb) +-- qemu (Abhijith PA) NOTE: 20200824: currently all are minor issues. Reduce frequent upload (abhijith) NOTE: 20200901: CVE-2020-14364 is rather not a minor issue. check for stretch. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b17f95df039d947e3d05b158710ccb73dff9cb3...4154f5b90c53f401272cfe662be8ef0df1afea1b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b17f95df039d947e3d05b158710ccb73dff9cb3...4154f5b90c53f401272cfe662be8ef0df1afea1b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-16093 and CVE-2020-24660 adressed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b17f95d by Salvatore Bonaccorso at 2020-09-07T12:37:04+02:00
CVE-2020-16093 and CVE-2020-24660 adressed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1127,7 +1127,7 @@ CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles
pinned TLS certificate veri
NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866
CVE-2020-24660
RESERVED
- - lemonldap-ng
+ - lemonldap-ng 2.0.9+ds-1
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290
CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can
trigger ...)
- gnutls28 3.6.15-1 (bug #969547)
@@ -18518,6 +18518,7 @@ CVE-2020-16094 (In imap_scan_tree_recursive in Claws
Mail through 3.17.6, a mali
NOTE:
https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
CVE-2020-16093
RESERVED
+ - lemonldap-ng 2.0.9+ds-1
CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the
network p ...)
{DSA-4760-1}
- qemu 1:5.1+dfsg-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b17f95df039d947e3d05b158710ccb73dff9cb3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b17f95df039d947e3d05b158710ccb73dff9cb3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24660/lemonldap-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e10fcce9 by Salvatore Bonaccorso at 2020-09-07T10:53:55+02:00 Add CVE-2020-24660/lemonldap-ng - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1127,6 +1127,8 @@ CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate veri NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866 CVE-2020-24660 RESERVED + - lemonldap-ng + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290 CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can trigger ...) - gnutls28 3.6.15-1 (bug #969547) NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e10fcce95ac6ac7ca033d3b9eb70ef408bf9717d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e10fcce95ac6ac7ca033d3b9eb70ef408bf9717d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0047763e by security tracker role at 2020-09-07T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -18517,6 +18517,7 @@ CVE-2020-16094 (In imap_scan_tree_recursive in Claws
Mail through 3.17.6, a mali
CVE-2020-16093
RESERVED
CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the
network p ...)
+ {DSA-4760-1}
- qemu 1:5.1+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
@@ -19035,7 +19036,7 @@ CVE-2020-15865 (A Remote Code Execution vulnerability
in Stimulsoft (aka Stimuls
CVE-2020-15864
RESERVED
CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before
07-20-2 ...)
- {DLA-2288-1}
+ {DSA-4760-1 DLA-2288-1}
- qemu 1:5.0-12
NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
@@ -22940,6 +22941,7 @@ CVE-2020-14365 [dnf module install packages with no GPG
signature]
- ansible
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB
emulator ...)
+ {DSA-4760-1}
- qemu 1:5.1+dfsg-4 (bug #968947)
NOTE: https://xenbits.xen.org/xsa/advisory-335.html
NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3
@@ -26929,6 +26931,7 @@ CVE-2020-12831 (** DISPUTED ** An issue was discovered
in FRRouting FRR (aka Fre
CVE-2020-12830
RESERVED
CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the
SM501 disp ...)
+ {DSA-4760-1}
- qemu 1:5.0-12 (low; bug #961451)
[stretch] - qemu (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
@@ -73021,7 +73024,7 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43
Q16 allows remote attackers
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1554
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing
component ...)
- {DSA-4712-1 DLA-1968-1}
+ {DSA-4712-1 DLA-2366-1 DLA-1968-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #941670)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
@@ -79903,7 +79906,7 @@ CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom
firmware V2.02.03 uses th
CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in
MindPalette Na ...)
NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in
MagickCore/fourier.c has ...)
- {DSA-4712-1}
+ {DSA-4712-1 DLA-2366-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931633)
[jessie] - imagemagick (minor, wait for upstream to clear
patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588
@@ -80122,7 +80125,7 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory
leaks at AcquireMagickMemory
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in
MagickCor ...)
- {DSA-4712-1}
+ {DSA-4712-1 DLA-2366-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931447)
[jessie] - imagemagick (minor, wait for upstream to clear
patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
@@ -80634,7 +80637,7 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an
integer overflow vulnerabilit
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value"
vulnera ...)
- {DSA-4712-1 DLA-1888-1}
+ {DSA-4712-1 DLA-2366-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #932079)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d
(7.x)
@@ -85033,7 +85036,7 @@ CVE-2019-11599 (The coredump implementation in the
Linux kernel before 5.0.10 do
NOTE: https://marc.info/?l=linux-mm=155355419911404=2
NOTE:
[Git][security-tracker-team/security-tracker][master] reclaim curl
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 875c5859 by Thorsten Alteholz at 2020-09-07T09:06:51+02:00 reclaim curl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -52,7 +52,8 @@ condor NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o (roberto) NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto) -- -curl +curl (Thorsten Alteholz) + NOTE: 20200907: testing package (thorsten) -- eclipse-wtp -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/875c585979f510bfa3595b47ef2ff8fe84d7a6ba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/875c585979f510bfa3595b47ef2ff8fe84d7a6ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen pushed to branch master at Debian Security Tracker / security-tracker Commits: 40e150ba by Holger Levsen at 2020-09-07T09:00:17+02:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Holger Levsen hol...@layer-acht.org - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -52,7 +52,7 @@ condor NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o (roberto) NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto) -- -curl (Thorsten Alteholz) +curl -- eclipse-wtp -- @@ -173,7 +173,7 @@ slirp -- snmptt -- -squid3 (Markus Koschany) +squid3 -- sympa NOTE: 20200525: Incomplete patch. Not the complete patch is made public. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40e150ba440e08644534b827c7d3f8b69a2d24bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40e150ba440e08644534b827c7d3f8b69a2d24bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2366-1 for imagemagick
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a86ab3d by Markus Koschany at 2020-09-07T08:39:24+02:00
Reserve DLA-2366-1 for imagemagick
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[07 Sep 2020] DLA-2366-1 imagemagick - security update
+ {CVE-2017-12140 CVE-2017-12429 CVE-2017-12430 CVE-2017-12435
CVE-2017-12563 CVE-2017-12643 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691
CVE-2017-12692 CVE-2017-12693 CVE-2017-12806 CVE-2017-12875 CVE-2017-13061
CVE-2017-13133 CVE-2017-13658 CVE-2017-13768 CVE-2017-14060 CVE-2017-14172
CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14249 CVE-2017-14341
CVE-2017-14400 CVE-2017-14505 CVE-2017-14532 CVE-2017-14624 CVE-2017-14625
CVE-2017-14626 CVE-2017-14739 CVE-2017-14741 CVE-2017-15015 CVE-2017-15017
CVE-2017-15281 CVE-2017-17682 CVE-2017-17914 CVE-2017-18209 CVE-2017-18211
CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445 CVE-2017-1000476 CVE-2018-16643
CVE-2018-16749 CVE-2018-18025 CVE-2019-11598 CVE-2019-13135 CVE-2019-13308
CVE-2019-13391 CVE-2019-15139}
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u10
[04 Sep 2020] DLA-2278-3 squid3 - regression update
[stretch] - squid3 3.5.23-5+deb9u4
[04 Sep 2020] DLA-2365-1 netty-3.9 - security update
=
data/dla-needed.txt
=
@@ -80,8 +80,6 @@ golang-golang-x-net-dev
--
guacamole-client (Mike Gabriel)
--
-imagemagick (Markus Koschany)
---
jetty9 (Markus Koschany)
--
jupyter-notebook
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a86ab3d0598e5e7c7cc26f1494654a5d8d0d0d6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a86ab3d0598e5e7c7cc26f1494654a5d8d0d0d6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove four remaining no-dsa tags from imagemagick CVE.
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3579fede by Markus Koschany at 2020-09-07T08:23:17+02:00
Remove four remaining no-dsa tags from imagemagick CVE.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -125428,7 +125428,6 @@ CVE-2018-16750 (In ImageMagick 7.0.7-29 and earlier,
a memory leak in the format
CVE-2018-16749 (In ImageMagick 7.0.7-29 and earlier, a missing NULL check in
ReadOneJN ...)
{DLA-1530-1}
- imagemagick 8:6.9.10.2+dfsg-2 (low)
- [stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1119
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4
CVE-2018-16748
@@ -181115,7 +181114,6 @@ CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory
exhaustion vulnerability in Rea
CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in
ReadWPGImage in ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105)
- [stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/654
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4
@@ -188848,14 +188846,12 @@ CVE-2017-11724 (The ReadMATImage function in
coders/mat.c in ImageMagick through
CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in
coders/mat.c, ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
- [stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is
a missi ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)
- [stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was
found i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3579fede0cd8615344db2d2eb3383098418d08f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3579fede0cd8615344db2d2eb3383098418d08f2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
