[Git][security-tracker-team/security-tracker][master] Add tracking of CVE-2019-18277/haproxy update via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 928a0966 by Salvatore Bonaccorso at 2020-01-27T07:51:59+01:00 Add tracking of CVE-2019-18277/haproxy update via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -131,6 +131,8 @@ CVE-2019-15692 [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 CVE-2019-15691 [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-18277 + [buster] - haproxy 1.8.19-1+deb10u1 CVE-2019-14814 [buster] - linux 4.19.87-1 CVE-2019-14815 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/928a09667d3b0c9079b2a1d484b81794f3d5fe0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/928a09667d3b0c9079b2a1d484b81794f3d5fe0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2079-1 for otrs2
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 916b510d by Abhijith PA at 2020-01-27T10:12:54+05:30 Reserve DLA-2079-1 for otrs2 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[27 Jan 2020] DLA-2079-1 otrs2 - security update + {CVE-2020-1765 CVE-2020-1766 CVE-2020-1767} + [jessie] - otrs2 3.3.18-1+deb8u13 [27 Jan 2020] DLA-2078-1 libxmlrpc3-java - security update {CVE-2019-17570} [jessie] - libxmlrpc3-java 3.1.3-7+deb8u1 = data/dla-needed.txt = @@ -82,8 +82,6 @@ openjdk-7 (Emilio) -- openjpeg2 (Mike Gabriel) -- -otrs2 (Abhijith PA) --- python-pysaml2 (Abhijith PA) -- python-reportlab (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/916b510da3af818c78f0da34dd0034dadb7ed2c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/916b510da3af818c78f0da34dd0034dadb7ed2c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Update status of nss in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a1ce305 by Markus Koschany at 2020-01-27T00:13:42+01:00 Update status of nss in dla-needed.txt - - - - - f670723e by Markus Koschany at 2020-01-27T00:14:48+01:00 Reserve DLA-2078-1 for libxmlrpc3-java - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[27 Jan 2020] DLA-2078-1 libxmlrpc3-java - security update + {CVE-2019-17570} + [jessie] - libxmlrpc3-java 3.1.3-7+deb8u1 [27 Jan 2020] DLA-2077-1 tomcat7 - security update {CVE-2019-12418 CVE-2019-17563} [jessie] - tomcat7 7.0.56-3+really7.0.99-1 = data/dla-needed.txt = @@ -67,13 +67,13 @@ libmatio (Adrian Bunk) libsolv NOTE: 20200123: Mike is maintainer -- -libxmlrpc3-java (Markus Koschany) --- linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) -- nss (Markus Koschany) + NOTE: 20200127: Fix for CVE-2019-17023 requires more work and testing but + NOTE: release is planned for this week. -- opendmarc (Thorsten Alteholz) NOTE: 20200119: still testing package, original patch does not seem to be enough, still ongoing View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/35a00b7ab908ed8510dc604301faee7655480c07...f670723e4a92b7b99501a6bd86e05a4077f5f0a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/35a00b7ab908ed8510dc604301faee7655480c07...f670723e4a92b7b99501a6bd86e05a4077f5f0a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2077-1 for tomcat7
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 35a00b7a by Markus Koschany at 2020-01-27T00:11:59+01:00 Reserve DLA-2077-1 for tomcat7 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[27 Jan 2020] DLA-2077-1 tomcat7 - security update + {CVE-2019-12418 CVE-2019-17563} + [jessie] - tomcat7 7.0.56-3+really7.0.99-1 [26 Jan 2020] DLA-2076-1 slirp - security update {CVE-2020-7039} [jessie] - slirp 1:1.0.17-7+deb8u1 = data/dla-needed.txt = @@ -138,10 +138,6 @@ storebackup (Utkarsh Gupta) -- suricata (Mike Gabriel) -- -tomcat7 (Markus Koschany) - NOTE: 20200115: https://people.debian.org/~apo/tomcat7/ - NOTE: 20200115: waiting for sunweaver's review --- tomcat8 (Abhijith PA) NOTE: 20200106: Almost done. Working on failing testcase. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a00b7ab908ed8510dc604301faee7655480c07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a00b7ab908ed8510dc604301faee7655480c07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 55ef83fd by Adrian Bunk at 2020-01-27T00:10:26+02:00 dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -50,7 +50,7 @@ libexif (Hugo Lefeuvre) NOTE: 20200111: to get access to the reproducer. (hle) -- libjackson-json-java (Adrian Bunk) - NOTE: 20200112: work is ongoing + NOTE: 20200127: work is ongoing -- libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. @@ -62,7 +62,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20200112: work is ongoing + NOTE: 20200127: work is ongoing -- libsolv NOTE: 20200123: Mike is maintainer View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55ef83fdcdd6b23ba32040ff32950594c92a522e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55ef83fdcdd6b23ba32040ff32950594c92a522e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-4303 will be fixed
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: f47381fc by Thorsten Alteholz at 2020-01-26T22:48:10+01:00 CVE-2016-4303 will be fixed - - - - - e0251c23 by Thorsten Alteholz at 2020-01-26T22:48:10+01:00 add iperf3 - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -197541,7 +197541,6 @@ CVE-2016-4304 (A denial of service vulnerability exists in the syscall filtering NOT-FOR-US: Kaspersky Internet Security KLIF driver CVE-2016-4303 (The parse_string function in cjson.c in the cJSON library mishandles U ...) - iperf3 3.1.3-1 (bug #827116) - [jessie] - iperf3 (Minor issue) NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc NOTE: https://github.com/esnet/iperf/commit/f01a9ca8f7e878e438a53687dabe30b7f7222912 (3.1.x) NOTE: http://www.talosintel.com/reports/TALOS-2016-0164/ = data/dla-needed.txt = @@ -33,6 +33,9 @@ ibus NOTE: 20191210: See https://bugs.debian.org/941018 NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176 -- +iperf3 (Thorsten Alteholz) + NOTE: maintainer prepared update +-- jackson-databind NOTE: 20200105: Can be postponed again. (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/895c965340ffe535f215ea1426356581ab56c52b...e0251c234381f988317baf3b91a59c4af10c317a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/895c965340ffe535f215ea1426356581ab56c52b...e0251c234381f988317baf3b91a59c4af10c317a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2019-19344 does not affect samba in jessie
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: aba89204 by Roberto C. Sánchez at 2020-01-26T16:44:00-05:00 CVE-2019-19344 does not affect samba in jessie - - - - - 1f2a3d7e by Roberto C. Sánchez at 2020-01-26T16:44:04-05:00 Mark CVE-2019-14902, CVE-2019-14907 as minor for samba in jessie - - - - - 895c9653 by Roberto C. Sánchez at 2020-01-26T16:45:03-05:00 LTS/remove samba from dla-needed.txt, no open issues remain - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -15627,6 +15627,7 @@ CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions befo - samba [buster] - samba (Minor issue) [stretch] - samba (Only affects Samba 4.9 onwards) + [jessie] - samba (Only affects Samba 4.9 onwards) NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html CVE-2019-19343 RESERVED @@ -31172,6 +31173,7 @@ CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 an - samba [buster] - samba (Minor issue) [stretch] - samba (Minor issue) + [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...) NOT-FOR-US: Specific CVE assignment for incorrect/incomplete fix of CVE-2019-13616 in RHEL 7 @@ -31195,6 +31197,7 @@ CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, al - samba [buster] - samba (Minor issue) [stretch] - samba (Minor issue) + [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all versions 3.x.x ...) {DLA-2068-1} = data/dla-needed.txt = @@ -109,8 +109,6 @@ salt NOTE: 20200118: very similar code passage in salt/jessie's salt/client/api.py file. NOTE: 20200118: Needs to be checked, if that code is vulnerable or not. -- -samba (Roberto C. Sánchez) --- slurm-llnl NOTE: 20191125: up for testing https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc NOTE: Regression found. (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6...895c965340ffe535f215ea1426356581ab56c52b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6...895c965340ffe535f215ea1426356581ab56c52b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2076-1 for slirp
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: fd50b28f by Thorsten Alteholz at 2020-01-26T22:38:40+01:00 Reserve DLA-2076-1 for slirp - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[26 Jan 2020] DLA-2076-1 slirp - security update + {CVE-2020-7039} + [jessie] - slirp 1:1.0.17-7+deb8u1 [26 Jan 2020] DLA-2075-1 jsoup - security update {CVE-2015-6748} [jessie] - jsoup 1.8.1-1+deb8u1 = data/dla-needed.txt = @@ -111,8 +111,6 @@ salt -- samba (Roberto C. Sánchez) -- -slirp (Thorsten Alteholz) --- slurm-llnl NOTE: 20191125: up for testing https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc NOTE: Regression found. (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd50b28f529fa932eabf5b6c0eb2d200ab919ff6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e07338e by Thorsten Alteholz at 2020-01-26T22:34:50+01:00 update note - - - - - c35565ac by Thorsten Alteholz at 2020-01-26T22:34:51+01:00 CVE-2015-6748 will be fixed - - - - - acb9120d by Thorsten Alteholz at 2020-01-26T22:35:39+01:00 Reserve DLA-2075-1 for jsoup - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -216745,7 +216745,6 @@ CVE-2015-6738 RESERVED CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. ...) - jsoup 1.8.3-1 (bug #797275) - [jessie] - jsoup (Minor issue) [wheezy] - jsoup (Minor issue) NOTE: https://github.com/jhy/jsoup/pull/582 NOTE: https://hibernate.atlassian.net/browse/HV-1012 = data/DLA/list = @@ -1,3 +1,6 @@ +[26 Jan 2020] DLA-2075-1 jsoup - security update + {CVE-2015-6748} + [jessie] - jsoup 1.8.1-1+deb8u1 [23 Jan 2020] DLA-2074-1 python-apt - security update {CVE-2019-15795 CVE-2019-15796} [jessie] - python-apt 0.9.3.13 = data/dla-needed.txt = @@ -119,7 +119,7 @@ slurm-llnl -- sqlite3 (Thorsten Alteholz) NOTE: 20191212: look at no-dsa as well - NOTE: 20200112: WIP + NOTE: 20200126: WIP -- squid3 NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02...acb9120d35c27d0f919ddbd55600f08036f95254 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02...acb9120d35c27d0f919ddbd55600f08036f95254 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 70e45293 by security tracker role at 2020-01-26T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2020-7982 + RESERVED CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - ruby-geocoder (bug #949870) NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Resort entries for linux down the list for the next commit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ddd50cdb by Salvatore Bonaccorso at 2020-01-26T21:03:29+01:00 Resort entries for linux down the list for the next commit - - - - - d253a5a6 by Salvatore Bonaccorso at 2020-01-26T21:05:38+01:00 Add pending CVE fixes for linux via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -113,6 +113,24 @@ CVE-2016-10894 [buster] - xtrlock 2.8+deb10u1 CVE-2019-20149 [buster] - node-kind-of 6.0.2+dfsg-1+deb10u1 +CVE-2019-5068 + [buster] - mesa 18.3.6-2+deb10u1 +CVE-2019-19791 + [buster] - lemonldap-ng 2.0.2+ds-7+deb10u3 +CVE-2019-19886 + [buster] - modsecurity 3.0.3-1+deb10u1 +CVE-2020-5202 + [buster] - apt-cacher-ng 3.2-3~deb10u1 +CVE-2019-15695 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-15694 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-15693 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-15692 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-15691 + [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 CVE-2019-14814 [buster] - linux 4.19.87-1 CVE-2019-14815 @@ -209,21 +227,71 @@ CVE-2019-19060 [buster] - linux 4.19.87-1 CVE-2019-19075 [buster] - linux 4.19.87-1 -CVE-2019-5068 - [buster] - mesa 18.3.6-2+deb10u1 -CVE-2019-19791 - [buster] - lemonldap-ng 2.0.2+ds-7+deb10u3 -CVE-2019-19886 - [buster] - modsecurity 3.0.3-1+deb10u1 -CVE-2020-5202 - [buster] - apt-cacher-ng 3.2-3~deb10u1 -CVE-2019-15695 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 -CVE-2019-15694 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 -CVE-2019-15693 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 -CVE-2019-15692 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 -CVE-2019-15691 - [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 +CVE-2019-10220 + [buster] - linux 4.19.98-1 +CVE-2019-14615 + [buster] - linux 4.19.98-1 +CVE-2019-14895 + [buster] - linux 4.19.98-1 +CVE-2019-14896 + [buster] - linux 4.19.98-1 +CVE-2019-14897 + [buster] - linux 4.19.98-1 +CVE-2019-14901 + [buster] - linux 4.19.98-1 +CVE-2019-15217 + [buster] - linux 4.19.98-1 +CVE-2019-18786 + [buster] - linux 4.19.98-1 +CVE-2019-18809 + [buster] - linux 4.19.98-1 +CVE-2019-19037 + [buster] - linux 4.19.98-1 +CVE-2019-19051 + [buster] - linux 4.19.98-1 +CVE-2019-19056 + [buster] - linux 4.19.98-1 +CVE-2019-19057 + [buster] - linux 4.19.98-1 +CVE-2019-19058 + [buster] - linux 4.19.98-1 +CVE-2019-19059 + [buster] - linux 4.19.98-1 +CVE-2019-19062 + [buster] - linux 4.19.98-1 +CVE-2019-19063 + [buster] - linux 4.19.98-1 +CVE-2019-19066 + [buster] - linux 4.19.98-1 +CVE-2019-19068 + [buster] - linux 4.19.98-1 +CVE-2019-19071 + [buster] - linux 4.19.98-1 +CVE-2019-19077 + [buster] - linux 4.19.98-1 +CVE-2019-19078 + [buster] - linux 4.19.98-1 +CVE-2019-19079 + [buster] - linux 4.19.98-1 +CVE-2019-19227 + [buster] - linux 4.19.98-1 +CVE-2019-19252 + [buster] - linux 4.19.98-1 +CVE-2019-19332 + [buster] - linux 4.19.98-1 +CVE-2019-19447 + [buster] - linux 4.19.98-1 +CVE-2019-19767 + [buster] - linux 4.19.98-1 +CVE-2019-19927 + [buster] - linux 4.19.98-1 +CVE-2019-19947 + [buster] - linux 4.19.98-1 +CVE-2019-19965 + [buster] - linux 4.19.98-1 +CVE-2019-20096 + [buster] - linux 4.19.98-1 +CVE-2019-9445 + [buster] - linux 4.19.98-1 +CVE-2019-12614 + [buster] - linux 4.19.98-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/edb54300045cc5149ccd9b465e4e42ebb5b41353...d253a5a6a375995735b74c055f237a3ee8803707 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/edb54300045cc5149ccd9b465e4e42ebb5b41353...d253a5a6a375995735b74c055f237a3ee8803707 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-7981/ruby-geocoder
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: edb54300 by Salvatore Bonaccorso at 2020-01-26T14:10:24+01:00 Add Debian bug reference for CVE-2020-7981/ruby-geocoder - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - - ruby-geocoder + - ruby-geocoder (bug #949870) NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/edb54300045cc5149ccd9b465e4e42ebb5b41353 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/edb54300045cc5149ccd9b465e4e42ebb5b41353 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-7981/ruby-geocoder
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1790fe7d by Salvatore Bonaccorso at 2020-01-26T13:57:52+01:00 Add CVE-2020-7981/ruby-geocoder - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - TODO: check + - ruby-geocoder + NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7979 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1790fe7d0f6a35108a064b5bd6948694e2f001e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1790fe7d0f6a35108a064b5bd6948694e2f001e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 319e9b3b by Salvatore Bonaccorso at 2020-01-26T13:57:17+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11544,33 +11544,33 @@ CVE-2020-3144 CVE-2020-3143 RESERVED CVE-2020-3142 ([CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3141 RESERVED CVE-2020-3140 RESERVED CVE-2020-3139 ([CVE-2020-3139_su] A vulnerability in the out of band (OOB) management ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3138 RESERVED CVE-2020-3137 RESERVED CVE-2020-3136 ([CVE-2020-3136_su] A vulnerability in the web-based management interfa ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3135 RESERVED CVE-2020-3134 ([CVE-2020-3134_su] A vulnerability in the zip decompression engine of ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3133 RESERVED CVE-2020-3132 RESERVED CVE-2020-3131 ([CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3130 RESERVED CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3128 RESERVED CVE-2020-3127 @@ -11586,7 +11586,7 @@ CVE-2020-3123 CVE-2020-3122 RESERVED CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3120 RESERVED CVE-2020-3119 @@ -11598,7 +11598,7 @@ CVE-2020-3117 CVE-2020-3116 RESERVED CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3114 RESERVED CVE-2020-3113 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/319e9b3bdb351110a32acf948f9bbd3f57ca46c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/319e9b3bdb351110a32acf948f9bbd3f57ca46c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 310128b7 by security tracker role at 2020-01-26T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) + TODO: check CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7979 @@ -11541,34 +11543,34 @@ CVE-2020-3144 RESERVED CVE-2020-3143 RESERVED -CVE-2020-3142 - RESERVED +CVE-2020-3142 ([CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites ...) + TODO: check CVE-2020-3141 RESERVED CVE-2020-3140 RESERVED -CVE-2020-3139 - RESERVED +CVE-2020-3139 ([CVE-2020-3139_su] A vulnerability in the out of band (OOB) management ...) + TODO: check CVE-2020-3138 RESERVED CVE-2020-3137 RESERVED -CVE-2020-3136 - RESERVED +CVE-2020-3136 ([CVE-2020-3136_su] A vulnerability in the web-based management interfa ...) + TODO: check CVE-2020-3135 RESERVED -CVE-2020-3134 - RESERVED +CVE-2020-3134 ([CVE-2020-3134_su] A vulnerability in the zip decompression engine of ...) + TODO: check CVE-2020-3133 RESERVED CVE-2020-3132 RESERVED -CVE-2020-3131 - RESERVED +CVE-2020-3131 ([CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for ...) + TODO: check CVE-2020-3130 RESERVED -CVE-2020-3129 - RESERVED +CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...) + TODO: check CVE-2020-3128 RESERVED CVE-2020-3127 @@ -11583,8 +11585,8 @@ CVE-2020-3123 RESERVED CVE-2020-3122 RESERVED -CVE-2020-3121 - RESERVED +CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) + TODO: check CVE-2020-3120 RESERVED CVE-2020-3119 @@ -11595,8 +11597,8 @@ CVE-2020-3117 RESERVED CVE-2020-3116 RESERVED -CVE-2020-3115 - RESERVED +CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...) + TODO: check CVE-2020-3114 RESERVED CVE-2020-3113 @@ -27630,36 +27632,36 @@ CVE-2019-16031 RESERVED CVE-2019-16030 RESERVED -CVE-2019-16029 - RESERVED +CVE-2019-16029 (A vulnerability in the application programming interface (API) of Cisc ...) + TODO: check CVE-2019-16028 RESERVED -CVE-2019-16027 - RESERVED -CVE-2019-16026 - RESERVED +CVE-2019-16027 (A vulnerability in the implementation of the Intermediate Systemn ...) + TODO: check +CVE-2019-16026 (A vulnerability in the implementation of the Stream Control Transmissi ...) + TODO: check CVE-2019-16025 RESERVED -CVE-2019-16024 - RESERVED +CVE-2019-16024 (A vulnerability in the web-based management interface of Cisco Crosswo ...) + TODO: check CVE-2019-16023 RESERVED -CVE-2019-16022 - RESERVED +CVE-2019-16022 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) + TODO: check CVE-2019-16021 RESERVED -CVE-2019-16020 - RESERVED +CVE-2019-16020 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) + TODO: check CVE-2019-16019 RESERVED -CVE-2019-16018 - RESERVED +CVE-2019-16018 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...) + TODO: check CVE-2019-16017 RESERVED CVE-2019-16016 RESERVED -CVE-2019-16015 - RESERVED +CVE-2019-16015 (A vulnerability in the web-based management interface of the Cisco Dat ...) + TODO: check CVE-2019-16014 RESERVED CVE-2019-16013 @@ -27672,18 +27674,18 @@ CVE-2019-16010 RESERVED CVE-2019-16009 RESERVED -CVE-2019-16008 - RESERVED +CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...) + TODO: check CVE-2019-16007 RESERVED CVE-2019-16006 RESERVED -CVE-2019-16005 - RESERVED +CVE-2019-16005 (A vulnerability in the web-based management interface of Cisco Webex V ...) + TODO: check CVE-2019-16004 RESERVED -CVE-2019-16003 - RESERVED +CVE-2019-16003 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) + TODO: check CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-W ...) NOT-FOR-US: Cisco CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic link libr ...) @@ -27710,8 +27712,8 @@ CVE-2019-15991 RESERVED CVE-2019-15990 (A vulnerability in the web-based management interface of certain Cisco ...) NOT-FOR-US: Cisco