[Git][security-tracker-team/security-tracker][master] Add tracking of CVE-2019-18277/haproxy update via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 928a0966 by Salvatore Bonaccorso at 2020-01-27T07:51:59+01:00 Add tracking of CVE-2019-18277/haproxy update via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -131,6 +131,8 @@ CVE-2019-15692 [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 CVE-2019-15691 [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-18277 + [buster] - haproxy 1.8.19-1+deb10u1 CVE-2019-14814 [buster] - linux 4.19.87-1 CVE-2019-14815 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/928a09667d3b0c9079b2a1d484b81794f3d5fe0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/928a09667d3b0c9079b2a1d484b81794f3d5fe0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2079-1 for otrs2
Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
916b510d by Abhijith PA at 2020-01-27T10:12:54+05:30
Reserve DLA-2079-1 for otrs2
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[27 Jan 2020] DLA-2079-1 otrs2 - security update
+ {CVE-2020-1765 CVE-2020-1766 CVE-2020-1767}
+ [jessie] - otrs2 3.3.18-1+deb8u13
[27 Jan 2020] DLA-2078-1 libxmlrpc3-java - security update
{CVE-2019-17570}
[jessie] - libxmlrpc3-java 3.1.3-7+deb8u1
=
data/dla-needed.txt
=
@@ -82,8 +82,6 @@ openjdk-7 (Emilio)
--
openjpeg2 (Mike Gabriel)
--
-otrs2 (Abhijith PA)
---
python-pysaml2 (Abhijith PA)
--
python-reportlab (Hugo Lefeuvre)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/916b510da3af818c78f0da34dd0034dadb7ed2c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/916b510da3af818c78f0da34dd0034dadb7ed2c0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Update status of nss in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a1ce305 by Markus Koschany at 2020-01-27T00:13:42+01:00
Update status of nss in dla-needed.txt
- - - - -
f670723e by Markus Koschany at 2020-01-27T00:14:48+01:00
Reserve DLA-2078-1 for libxmlrpc3-java
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[27 Jan 2020] DLA-2078-1 libxmlrpc3-java - security update
+ {CVE-2019-17570}
+ [jessie] - libxmlrpc3-java 3.1.3-7+deb8u1
[27 Jan 2020] DLA-2077-1 tomcat7 - security update
{CVE-2019-12418 CVE-2019-17563}
[jessie] - tomcat7 7.0.56-3+really7.0.99-1
=
data/dla-needed.txt
=
@@ -67,13 +67,13 @@ libmatio (Adrian Bunk)
libsolv
NOTE: 20200123: Mike is maintainer
--
-libxmlrpc3-java (Markus Koschany)
---
linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
--
nss (Markus Koschany)
+ NOTE: 20200127: Fix for CVE-2019-17023 requires more work and testing but
+ NOTE: release is planned for this week.
--
opendmarc (Thorsten Alteholz)
NOTE: 20200119: still testing package, original patch does not seem to be
enough, still ongoing
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/35a00b7ab908ed8510dc604301faee7655480c07...f670723e4a92b7b99501a6bd86e05a4077f5f0a8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/35a00b7ab908ed8510dc604301faee7655480c07...f670723e4a92b7b99501a6bd86e05a4077f5f0a8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2077-1 for tomcat7
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35a00b7a by Markus Koschany at 2020-01-27T00:11:59+01:00
Reserve DLA-2077-1 for tomcat7
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[27 Jan 2020] DLA-2077-1 tomcat7 - security update
+ {CVE-2019-12418 CVE-2019-17563}
+ [jessie] - tomcat7 7.0.56-3+really7.0.99-1
[26 Jan 2020] DLA-2076-1 slirp - security update
{CVE-2020-7039}
[jessie] - slirp 1:1.0.17-7+deb8u1
=
data/dla-needed.txt
=
@@ -138,10 +138,6 @@ storebackup (Utkarsh Gupta)
--
suricata (Mike Gabriel)
--
-tomcat7 (Markus Koschany)
- NOTE: 20200115: https://people.debian.org/~apo/tomcat7/
- NOTE: 20200115: waiting for sunweaver's review
---
tomcat8 (Abhijith PA)
NOTE: 20200106: Almost done. Working on failing testcase.
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a00b7ab908ed8510dc604301faee7655480c07
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a00b7ab908ed8510dc604301faee7655480c07
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 55ef83fd by Adrian Bunk at 2020-01-27T00:10:26+02:00 dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -50,7 +50,7 @@ libexif (Hugo Lefeuvre) NOTE: 20200111: to get access to the reproducer. (hle) -- libjackson-json-java (Adrian Bunk) - NOTE: 20200112: work is ongoing + NOTE: 20200127: work is ongoing -- libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. @@ -62,7 +62,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20200112: work is ongoing + NOTE: 20200127: work is ongoing -- libsolv NOTE: 20200123: Mike is maintainer View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55ef83fdcdd6b23ba32040ff32950594c92a522e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55ef83fdcdd6b23ba32040ff32950594c92a522e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-4303 will be fixed
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: f47381fc by Thorsten Alteholz at 2020-01-26T22:48:10+01:00 CVE-2016-4303 will be fixed - - - - - e0251c23 by Thorsten Alteholz at 2020-01-26T22:48:10+01:00 add iperf3 - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -197541,7 +197541,6 @@ CVE-2016-4304 (A denial of service vulnerability exists in the syscall filtering NOT-FOR-US: Kaspersky Internet Security KLIF driver CVE-2016-4303 (The parse_string function in cjson.c in the cJSON library mishandles U ...) - iperf3 3.1.3-1 (bug #827116) - [jessie] - iperf3 (Minor issue) NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc NOTE: https://github.com/esnet/iperf/commit/f01a9ca8f7e878e438a53687dabe30b7f7222912 (3.1.x) NOTE: http://www.talosintel.com/reports/TALOS-2016-0164/ = data/dla-needed.txt = @@ -33,6 +33,9 @@ ibus NOTE: 20191210: See https://bugs.debian.org/941018 NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176 -- +iperf3 (Thorsten Alteholz) + NOTE: maintainer prepared update +-- jackson-databind NOTE: 20200105: Can be postponed again. (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/895c965340ffe535f215ea1426356581ab56c52b...e0251c234381f988317baf3b91a59c4af10c317a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/895c965340ffe535f215ea1426356581ab56c52b...e0251c234381f988317baf3b91a59c4af10c317a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2019-19344 does not affect samba in jessie
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aba89204 by Roberto C. Sánchez at 2020-01-26T16:44:00-05:00
CVE-2019-19344 does not affect samba in jessie
- - - - -
1f2a3d7e by Roberto C. Sánchez at 2020-01-26T16:44:04-05:00
Mark CVE-2019-14902, CVE-2019-14907 as minor for samba in jessie
- - - - -
895c9653 by Roberto C. Sánchez at 2020-01-26T16:45:03-05:00
LTS/remove samba from dla-needed.txt, no open issues remain
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -15627,6 +15627,7 @@ CVE-2019-19344 (There is a use-after-free issue in all
samba 4.9.x versions befo
- samba
[buster] - samba (Minor issue)
[stretch] - samba (Only affects Samba 4.9 onwards)
+ [jessie] - samba (Only affects Samba 4.9 onwards)
NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
CVE-2019-19343
RESERVED
@@ -31172,6 +31173,7 @@ CVE-2019-14907 (All samba versions 4.9.x before 4.9.18,
4.10.x before 4.10.12 an
- samba
[buster] - samba (Minor issue)
[stretch] - samba (Minor issue)
+ [jessie] - samba (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did
not fix ...)
NOT-FOR-US: Specific CVE assignment for incorrect/incomplete fix of
CVE-2019-13616 in RHEL 7
@@ -31195,6 +31197,7 @@ CVE-2019-14902 (There is an issue in all samba 4.11.x
versions before 4.11.5, al
- samba
[buster] - samba (Minor issue)
[stretch] - samba (Minor issue)
+ [jessie] - samba (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html
CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all
versions 3.x.x ...)
{DLA-2068-1}
=
data/dla-needed.txt
=
@@ -109,8 +109,6 @@ salt
NOTE: 20200118: very similar code passage in salt/jessie's
salt/client/api.py file.
NOTE: 20200118: Needs to be checked, if that code is vulnerable or not.
--
-samba (Roberto C. Sánchez)
---
slurm-llnl
NOTE: 20191125: up for testing
https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
NOTE: Regression found. (abhijith)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6...895c965340ffe535f215ea1426356581ab56c52b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6...895c965340ffe535f215ea1426356581ab56c52b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2076-1 for slirp
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd50b28f by Thorsten Alteholz at 2020-01-26T22:38:40+01:00
Reserve DLA-2076-1 for slirp
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[26 Jan 2020] DLA-2076-1 slirp - security update
+ {CVE-2020-7039}
+ [jessie] - slirp 1:1.0.17-7+deb8u1
[26 Jan 2020] DLA-2075-1 jsoup - security update
{CVE-2015-6748}
[jessie] - jsoup 1.8.1-1+deb8u1
=
data/dla-needed.txt
=
@@ -111,8 +111,6 @@ salt
--
samba (Roberto C. Sánchez)
--
-slirp (Thorsten Alteholz)
---
slurm-llnl
NOTE: 20191125: up for testing
https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
NOTE: Regression found. (abhijith)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e07338e by Thorsten Alteholz at 2020-01-26T22:34:50+01:00
update note
- - - - -
c35565ac by Thorsten Alteholz at 2020-01-26T22:34:51+01:00
CVE-2015-6748 will be fixed
- - - - -
acb9120d by Thorsten Alteholz at 2020-01-26T22:35:39+01:00
Reserve DLA-2075-1 for jsoup
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -216745,7 +216745,6 @@ CVE-2015-6738
RESERVED
CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
...)
- jsoup 1.8.3-1 (bug #797275)
- [jessie] - jsoup (Minor issue)
[wheezy] - jsoup (Minor issue)
NOTE: https://github.com/jhy/jsoup/pull/582
NOTE: https://hibernate.atlassian.net/browse/HV-1012
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[26 Jan 2020] DLA-2075-1 jsoup - security update
+ {CVE-2015-6748}
+ [jessie] - jsoup 1.8.1-1+deb8u1
[23 Jan 2020] DLA-2074-1 python-apt - security update
{CVE-2019-15795 CVE-2019-15796}
[jessie] - python-apt 0.9.3.13
=
data/dla-needed.txt
=
@@ -119,7 +119,7 @@ slurm-llnl
--
sqlite3 (Thorsten Alteholz)
NOTE: 20191212: look at no-dsa as well
- NOTE: 20200112: WIP
+ NOTE: 20200126: WIP
--
squid3
NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02...acb9120d35c27d0f919ddbd55600f08036f95254
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02...acb9120d35c27d0f919ddbd55600f08036f95254
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 70e45293 by security tracker role at 2020-01-26T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2020-7982 + RESERVED CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - ruby-geocoder (bug #949870) NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Resort entries for linux down the list for the next commit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ddd50cdb by Salvatore Bonaccorso at 2020-01-26T21:03:29+01:00 Resort entries for linux down the list for the next commit - - - - - d253a5a6 by Salvatore Bonaccorso at 2020-01-26T21:05:38+01:00 Add pending CVE fixes for linux via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -113,6 +113,24 @@ CVE-2016-10894 [buster] - xtrlock 2.8+deb10u1 CVE-2019-20149 [buster] - node-kind-of 6.0.2+dfsg-1+deb10u1 +CVE-2019-5068 + [buster] - mesa 18.3.6-2+deb10u1 +CVE-2019-19791 + [buster] - lemonldap-ng 2.0.2+ds-7+deb10u3 +CVE-2019-19886 + [buster] - modsecurity 3.0.3-1+deb10u1 +CVE-2020-5202 + [buster] - apt-cacher-ng 3.2-3~deb10u1 +CVE-2019-15695 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-15694 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-15693 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-15692 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-15691 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 CVE-2019-14814 [buster] - linux 4.19.87-1 CVE-2019-14815 @@ -209,21 +227,71 @@ CVE-2019-19060 [buster] - linux 4.19.87-1 CVE-2019-19075 [buster] - linux 4.19.87-1 -CVE-2019-5068 - [buster] - mesa 18.3.6-2+deb10u1 -CVE-2019-19791 - [buster] - lemonldap-ng 2.0.2+ds-7+deb10u3 -CVE-2019-19886 - [buster] - modsecurity 3.0.3-1+deb10u1 -CVE-2020-5202 - [buster] - apt-cacher-ng 3.2-3~deb10u1 -CVE-2019-15695 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 -CVE-2019-15694 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 -CVE-2019-15693 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 -CVE-2019-15692 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 -CVE-2019-15691 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-10220 + [buster] - linux 4.19.98-1 +CVE-2019-14615 + [buster] - linux 4.19.98-1 +CVE-2019-14895 + [buster] - linux 4.19.98-1 +CVE-2019-14896 + [buster] - linux 4.19.98-1 +CVE-2019-14897 + [buster] - linux 4.19.98-1 +CVE-2019-14901 + [buster] - linux 4.19.98-1 +CVE-2019-15217 + [buster] - linux 4.19.98-1 +CVE-2019-18786 + [buster] - linux 4.19.98-1 +CVE-2019-18809 + [buster] - linux 4.19.98-1 +CVE-2019-19037 + [buster] - linux 4.19.98-1 +CVE-2019-19051 + [buster] - linux 4.19.98-1 +CVE-2019-19056 + [buster] - linux 4.19.98-1 +CVE-2019-19057 + [buster] - linux 4.19.98-1 +CVE-2019-19058 + [buster] - linux 4.19.98-1 +CVE-2019-19059 + [buster] - linux 4.19.98-1 +CVE-2019-19062 + [buster] - linux 4.19.98-1 +CVE-2019-19063 + [buster] - linux 4.19.98-1 +CVE-2019-19066 + [buster] - linux 4.19.98-1 +CVE-2019-19068 + [buster] - linux 4.19.98-1 +CVE-2019-19071 + [buster] - linux 4.19.98-1 +CVE-2019-19077 + [buster] - linux 4.19.98-1 +CVE-2019-19078 + [buster] - linux 4.19.98-1 +CVE-2019-19079 + [buster] - linux 4.19.98-1 +CVE-2019-19227 + [buster] - linux 4.19.98-1 +CVE-2019-19252 + [buster] - linux 4.19.98-1 +CVE-2019-19332 + [buster] - linux 4.19.98-1 +CVE-2019-19447 + [buster] - linux 4.19.98-1 +CVE-2019-19767 + [buster] - linux 4.19.98-1 +CVE-2019-19927 + [buster] - linux 4.19.98-1 +CVE-2019-19947 + [buster] - linux 4.19.98-1 +CVE-2019-19965 + [buster] - linux 4.19.98-1 +CVE-2019-20096 + [buster] - linux 4.19.98-1 +CVE-2019-9445 + [buster] - linux 4.19.98-1 +CVE-2019-12614 + [buster] - linux 4.19.98-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/edb54300045cc5149ccd9b465e4e42ebb5b41353...d253a5a6a375995735b74c055f237a3ee8803707 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/edb54300045cc5149ccd9b465e4e42ebb5b41353...d253a5a6a375995735b74c055f237a3ee8803707 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-7981/ruby-geocoder
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: edb54300 by Salvatore Bonaccorso at 2020-01-26T14:10:24+01:00 Add Debian bug reference for CVE-2020-7981/ruby-geocoder - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - - ruby-geocoder + - ruby-geocoder (bug #949870) NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/edb54300045cc5149ccd9b465e4e42ebb5b41353 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/edb54300045cc5149ccd9b465e4e42ebb5b41353 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-7981/ruby-geocoder
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1790fe7d by Salvatore Bonaccorso at 2020-01-26T13:57:52+01:00 Add CVE-2020-7981/ruby-geocoder - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - TODO: check + - ruby-geocoder + NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7979 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1790fe7d0f6a35108a064b5bd6948694e2f001e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1790fe7d0f6a35108a064b5bd6948694e2f001e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 319e9b3b by Salvatore Bonaccorso at 2020-01-26T13:57:17+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11544,33 +11544,33 @@ CVE-2020-3144 CVE-2020-3143 RESERVED CVE-2020-3142 ([CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3141 RESERVED CVE-2020-3140 RESERVED CVE-2020-3139 ([CVE-2020-3139_su] A vulnerability in the out of band (OOB) management ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3138 RESERVED CVE-2020-3137 RESERVED CVE-2020-3136 ([CVE-2020-3136_su] A vulnerability in the web-based management interfa ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3135 RESERVED CVE-2020-3134 ([CVE-2020-3134_su] A vulnerability in the zip decompression engine of ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3133 RESERVED CVE-2020-3132 RESERVED CVE-2020-3131 ([CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3130 RESERVED CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3128 RESERVED CVE-2020-3127 @@ -11586,7 +11586,7 @@ CVE-2020-3123 CVE-2020-3122 RESERVED CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3120 RESERVED CVE-2020-3119 @@ -11598,7 +11598,7 @@ CVE-2020-3117 CVE-2020-3116 RESERVED CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3114 RESERVED CVE-2020-3113 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/319e9b3bdb351110a32acf948f9bbd3f57ca46c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/319e9b3bdb351110a32acf948f9bbd3f57ca46c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 310128b7 by security tracker role at 2020-01-26T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) + TODO: check CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7979 @@ -11541,34 +11543,34 @@ CVE-2020-3144 RESERVED CVE-2020-3143 RESERVED -CVE-2020-3142 - RESERVED +CVE-2020-3142 ([CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites ...) + TODO: check CVE-2020-3141 RESERVED CVE-2020-3140 RESERVED -CVE-2020-3139 - RESERVED +CVE-2020-3139 ([CVE-2020-3139_su] A vulnerability in the out of band (OOB) management ...) + TODO: check CVE-2020-3138 RESERVED CVE-2020-3137 RESERVED -CVE-2020-3136 - RESERVED +CVE-2020-3136 ([CVE-2020-3136_su] A vulnerability in the web-based management interfa ...) + TODO: check CVE-2020-3135 RESERVED -CVE-2020-3134 - RESERVED +CVE-2020-3134 ([CVE-2020-3134_su] A vulnerability in the zip decompression engine of ...) + TODO: check CVE-2020-3133 RESERVED CVE-2020-3132 RESERVED -CVE-2020-3131 - RESERVED +CVE-2020-3131 ([CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for ...) + TODO: check CVE-2020-3130 RESERVED -CVE-2020-3129 - RESERVED +CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...) + TODO: check CVE-2020-3128 RESERVED CVE-2020-3127 @@ -11583,8 +11585,8 @@ CVE-2020-3123 RESERVED CVE-2020-3122 RESERVED -CVE-2020-3121 - RESERVED +CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) + TODO: check CVE-2020-3120 RESERVED CVE-2020-3119 @@ -11595,8 +11597,8 @@ CVE-2020-3117 RESERVED CVE-2020-3116 RESERVED -CVE-2020-3115 - RESERVED +CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...) + TODO: check CVE-2020-3114 RESERVED CVE-2020-3113 @@ -27630,36 +27632,36 @@ CVE-2019-16031 RESERVED CVE-2019-16030 RESERVED -CVE-2019-16029 - RESERVED +CVE-2019-16029 (A vulnerability in the application programming interface (API) of Cisc ...) + TODO: check CVE-2019-16028 RESERVED -CVE-2019-16027 - RESERVED -CVE-2019-16026 - RESERVED +CVE-2019-16027 (A vulnerability in the implementation of the Intermediate Systemn ...) + TODO: check +CVE-2019-16026 (A vulnerability in the implementation of the Stream Control Transmissi ...) + TODO: check CVE-2019-16025 RESERVED -CVE-2019-16024 - RESERVED +CVE-2019-16024 (A vulnerability in the web-based management interface of Cisco Crosswo ...) + TODO: check CVE-2019-16023 RESERVED -CVE-2019-16022 - RESERVED +CVE-2019-16022 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) + TODO: check CVE-2019-16021 RESERVED -CVE-2019-16020 - RESERVED +CVE-2019-16020 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) + TODO: check CVE-2019-16019 RESERVED -CVE-2019-16018 - RESERVED +CVE-2019-16018 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...) + TODO: check CVE-2019-16017 RESERVED CVE-2019-16016 RESERVED -CVE-2019-16015 - RESERVED +CVE-2019-16015 (A vulnerability in the web-based management interface of the Cisco Dat ...) + TODO: check CVE-2019-16014 RESERVED CVE-2019-16013 @@ -27672,18 +27674,18 @@ CVE-2019-16010 RESERVED CVE-2019-16009 RESERVED -CVE-2019-16008 - RESERVED +CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...) + TODO: check CVE-2019-16007 RESERVED CVE-2019-16006 RESERVED -CVE-2019-16005 - RESERVED +CVE-2019-16005 (A vulnerability in the web-based management interface of Cisco Webex V ...) + TODO: check CVE-2019-16004 RESERVED -CVE-2019-16003 - RESERVED +CVE-2019-16003 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) + TODO: check CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-W ...) NOT-FOR-US: Cisco CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic link libr ...) @@ -27710,8 +27712,8 @@ CVE-2019-15991 RESERVED CVE-2019-15990 (A vulnerability in the web-based management interface of certain Cisco ...) NOT-FOR-US: Cisco
