[Git][security-tracker-team/security-tracker][master] dla: take 3
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 4658c06b by Adrian Bunk at 2020-08-18T08:56:27+03:00 dla: take 3 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -119,7 +119,7 @@ nss (Adrian Bunk) opendmarc NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten) -- -openexr +openexr (Adrian Bunk) -- postgresql-9.6 (Emilio) NOTE: 20200814: coordinating announcement with maintainer (pochu) @@ -132,11 +132,11 @@ python2.7 (Thorsten Alteholz) -- qemu (Abhijith PA) -- -qt4-x11 +qt4-x11 (Adrian Bunk) NOTE: 20200815: Minor issue, but easy to fix (CVE-2020-17507). Low prio. NOTE: 20200815: One could possibly look at the other issues and decide whether they are worth fixing along. (sunweaver) -- -qtbase-opensource-src +qtbase-opensource-src (Adrian Bunk) NOTE: 20200815: Minor issue, but easy to fix (CVE-2020-17507). Low prio. NOTE: 20200815: One could possibly look at the other issues and decide whether they are worth fixing along. (sunweaver) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4658c06b8d26090ef02f75f0a8010941856bb4da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4658c06b8d26090ef02f75f0a8010941856bb4da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Update status of CVE-2020-13631/sqlite3 for stretch
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ecfee3e by Roberto C. Sánchez at 2020-08-17T19:19:09-04:00 LTS: Update status of CVE-2020-13631/sqlite3 for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23026,6 +23026,7 @@ CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL point NOTE: https://sqlite.org/src/info/a4dd148928ea65bd CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...) - sqlite3 3.32.0-1 + [stretch] - sqlite3 (Vulnerable code not present) [jessie] - sqlite3 (Too intrusive to backport) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ecfee3e2d4af7c573da77eb069411e73a97193c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ecfee3e2d4af7c573da77eb069411e73a97193c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Update status of CVE-2020-9327/sqlite3 for stretch
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: b4b4808e by Roberto C. Sánchez at 2020-08-17T18:58:43-04:00 LTS: Update status of CVE-2020-9327/sqlite3 for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35307,7 +35307,7 @@ CVE-2020-9328 CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...) - sqlite3 3.31.1-3 (bug #951835) [buster] - sqlite3 (Minor issue) - [stretch] - sqlite3 (Minor issue) + [stretch] - sqlite3 (vulnerable code not present) [jessie] - sqlite3 (vulnerable code not present) NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380 NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4b4808e170fea19627faf4e75114ecb056971c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4b4808e170fea19627faf4e75114ecb056971c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa entries for upcoming imagemagick release.
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b6aaba24 by Markus Koschany at 2020-08-18T00:35:56+02:00
Remove no-dsa entries for upcoming imagemagick release.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -48972,7 +48972,6 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403
Q8, there is a use-after
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer
over-read in ...)
{DSA-4712-1 DLA-2049-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947309)
- [stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617
(7.x)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce
(6.x)
@@ -71402,7 +71401,6 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an
integer overflow vulnerabil
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41,
there is ...)
{DSA-4712-1 DLA-1968-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #955025)
- [stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42,
there is ...)
@@ -77547,7 +77545,6 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based
buffer overflow vulnerabi
CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in
RemoveDuplicateLay ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740)
- [stretch] - imagemagick (Minor issue)
[jessie] - imagemagick (low impact issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
@@ -77981,7 +77978,6 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a
heap-based buffer overflow at Mag
CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at
MagickCo ...)
{DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931455)
- [stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
NOTE: Some older version before the fixing commit did as well not check
for
@@ -77993,7 +77989,6 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct
memory leaks in AcquireMagic
CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at
MagickCo ...)
{DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931457)
- [stretch] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability.
import_stud ...)
@@ -78892,21 +78887,18 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is
an integer overflow (cause
CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value"
vulnerability ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #931189)
- [stretch] - imagemagick (Minor issue)
[jessie] - imagemagick (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value"
vulnerability ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931190)
- [stretch] - imagemagick (Minor issue)
[jessie] - imagemagick (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value"
vulnerability ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931191)
- [stretch] - imagemagick (Minor issue)
[jessie] - imagemagick (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
@@ -78924,7 +78916,6 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak
vulnerability in the Writ
CVE-2019-12974 (A NULL pointer dereference in the function Read
[Git][security-tracker-team/security-tracker][master] Fix DLA/list entry for imagemagick. Whitespace was missing.
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fc929a70 by Markus Koschany at 2020-08-18T00:23:30+02:00
Fix DLA/list entry for imagemagick. Whitespace was missing.
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,5 +1,5 @@
[18 Aug 2020] DLA-2333-1 imagemagick - security update
- {CVE-2017-12805 CVE-2017-17681 CVE-2017-18252 CVE-2018-7443
CVE-2018-8804 CVE-2018-8960 CVE-2018-9133 CVE-2018-10177 CVE-2018-14551
CVE-2018-18024 CVE-2018-20467 CVE-2019-10131 CVE-2019-11472 CVE-2019-11597
CVE-2019-12974 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13295
CVE-2019-13297CVE-2019-11470 CVE-2019-13454 CVE-2019-14981 CVE-2019-19949}
+ {CVE-2017-12805 CVE-2017-17681 CVE-2017-18252 CVE-2018-7443
CVE-2018-8804 CVE-2018-8960 CVE-2018-9133 CVE-2018-10177 CVE-2018-14551
CVE-2018-18024 CVE-2018-20467 CVE-2019-10131 CVE-2019-11472 CVE-2019-11597
CVE-2019-12974 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13295
CVE-2019-13297 CVE-2019-11470 CVE-2019-13454 CVE-2019-14981 CVE-2019-19949}
[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u9
[17 Aug 2020] DLA-2332-1 sane-backends - security update
{CVE-2020-12862 CVE-2020-12863 CVE-2020-12865 CVE-2020-12867}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc929a701f3250f4498a0bf50f4554fc8e7635b7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc929a701f3250f4498a0bf50f4554fc8e7635b7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 66a90d93e3c781b25d725f9f4c3f56e80a05f5c1 failed
The error message was: data/DLA/list:2: invalid cross reference 'CVE-2019-13297CVE-2019-11470' make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-13305,imagemagick: Fixed in 8:6.9.7.4+dfsg-11+deb9u8
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
66a90d93 by Markus Koschany at 2020-08-18T00:19:45+02:00
CVE-2019-13305,imagemagick: Fixed in 8:6.9.7.4+dfsg-11+deb9u8
This issue was fixed by DSA-4715-1 but apparently it was missing from the
announcement.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -77943,6 +77943,7 @@ CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a
stack-based buffer overflow at co
CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at
coders/p ...)
{DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #931452)
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u8
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13304 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at
coders/p ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66a90d93e3c781b25d725f9f4c3f56e80a05f5c1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66a90d93e3c781b25d725f9f4c3f56e80a05f5c1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 150174dbc2efc09a92a505d5b51880d9e66bf310 failed
The error message was: data/DLA/list:2: invalid cross reference 'CVE-2019-13297CVE-2019-11470' make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2333-1 for imagemagick
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
150174db by Markus Koschany at 2020-08-18T00:15:49+02:00
Reserve DLA-2333-1 for imagemagick
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[18 Aug 2020] DLA-2333-1 imagemagick - security update
+ {CVE-2017-12805 CVE-2017-17681 CVE-2017-18252 CVE-2018-7443
CVE-2018-8804 CVE-2018-8960 CVE-2018-9133 CVE-2018-10177 CVE-2018-14551
CVE-2018-18024 CVE-2018-20467 CVE-2019-10131 CVE-2019-11472 CVE-2019-11597
CVE-2019-12974 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13295
CVE-2019-13297CVE-2019-11470 CVE-2019-13454 CVE-2019-14981 CVE-2019-19949}
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u9
[17 Aug 2020] DLA-2332-1 sane-backends - security update
{CVE-2020-12862 CVE-2020-12863 CVE-2020-12865 CVE-2020-12867}
[stretch] - sane-backends 1.0.25-4.1+deb9u1
=
data/dla-needed.txt
=
@@ -84,10 +84,6 @@ guacamole-client (Mike Gabriel)
NOTE: 20200815: The bad maintenance is not because of the maintainer, but
because of upstream's delay to port the software
NOTE: 20200815: over to the freerdp2 API. (sunweaver)
--
-imagemagick (Markus Koschany)
- NOTE: 20200813: Intend to split the work into two updates because of the
numerous
- NOTE: patches. Will upload part 1 tomorrow und part 2 next week.
---
inetutils (Adrian Bunk)
--
jetty9
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/150174dbc2efc09a92a505d5b51880d9e66bf310
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/150174dbc2efc09a92a505d5b51880d9e66bf310
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Update status of CVE-2019-19645/sqlite3 for stretch
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: a3a58056 by Roberto C. Sánchez at 2020-08-17T18:13:48-04:00 LTS: Update status of CVE-2019-19645/sqlite3 for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53040,7 +53040,7 @@ CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an inte CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger infinite ...) - sqlite3 3.30.1+fossil191229-1 (bug #946612) [buster] - sqlite3 (Minor issue) - [stretch] - sqlite3 (Minor issue) + [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Minor issue) NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06 CVE-2019-19644 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3a580566166dac1ab4433a571fcccb29ef0bde8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3a580566166dac1ab4433a571fcccb29ef0bde8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2332-1 for sane-backends
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ae181ea3 by Sylvain Beucler at 2020-08-17T22:44:37+02:00
Reserve DLA-2332-1 for sane-backends
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[17 Aug 2020] DLA-2332-1 sane-backends - security update
+ {CVE-2020-12862 CVE-2020-12863 CVE-2020-12865 CVE-2020-12867}
+ [stretch] - sane-backends 1.0.25-4.1+deb9u1
[17 Aug 2020] DLA-2331-1 posgresql-9.6 - security update
{CVE-2020-14350}
[stretch] - posgresql-9.6 9.6.19-0+deb9u1
=
data/dla-needed.txt
=
@@ -159,10 +159,6 @@ samba
NOTE: 20200801: Patches for CVE-2020-14303, CVE-2020-10760, CVE-2020-10745,
and CVE-2020-10740, are ready. (roberto)
NOTE: 20200801: Best to wait for additional CVEs before uploading; check
with Roberto for patches. (roberto)
--
-sane-backends (Sylvain Beucler)
- NOTE: 20200814: Checking dep-8 fix with package maintainer
- NOTE: 20200814: https://bugs.debian.org/968369
---
slirp
NOTE: 20200724: Version in stretch also requires backport of patch from
CVE-2020-7039 (lamby)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae181ea3e17a93379461a7a0381f0a501d6d027d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae181ea3e17a93379461a7a0381f0a501d6d027d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bf2cf7d by security tracker role at 2020-08-17T20:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,31 @@ +CVE-2020-24381 + RESERVED +CVE-2020-24380 + RESERVED +CVE-2020-24379 + RESERVED +CVE-2020-24378 + RESERVED +CVE-2020-24377 + RESERVED +CVE-2020-24376 + RESERVED +CVE-2020-24375 + RESERVED +CVE-2020-24374 + RESERVED +CVE-2020-24373 + RESERVED +CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...) + TODO: check +CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ...) + TODO: check +CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...) + TODO: check +CVE-2020-24369 (ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ...) + TODO: check +CVE-2020-24368 + RESERVED CVE-2020-24367 RESERVED CVE-2020-24366 @@ -306,8 +334,8 @@ CVE-2020-24222 RESERVED CVE-2020-24221 RESERVED -CVE-2020-24220 - RESERVED +CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...) + TODO: check CVE-2020-24219 RESERVED CVE-2020-24218 @@ -330,8 +358,8 @@ CVE-2020-24210 RESERVED CVE-2020-24209 RESERVED -CVE-2020-24208 - RESERVED +CVE-2020-24208 (A SQL injection vulnerability in SourceCodester Online Shopping Alphaw ...) + TODO: check CVE-2020-24207 RESERVED CVE-2020-24206 @@ -3306,7 +3334,8 @@ CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local priv NOT-FOR-US: Rapid Software LLC Rapid SCADA CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...) NOT-FOR-US: PNotes - Andrey Gruber PNotes.NET -CVE-2020-22720 (A local privilege escalation vulnerability in SPSSLVpnService.exe in S ...) +CVE-2020-22720 + REJECTED NOT-FOR-US: Securepoint SSL VPN Client CVE-2020-22719 RESERVED @@ -13871,7 +13900,8 @@ CVE-2020-17449 (PHP-Fusion 9.03 allows XSS via the error_log file. ...) CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to bypass t ...) - telegram-desktop 2.2.0+ds-1 [buster] - telegram-desktop (Minor issue) -CVE-2020-17447 (MyBB before 1.8.24 allows XSS because the visual editor mishandles [al ...) +CVE-2020-17447 + REJECTED NOT-FOR-US: MyBB CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...) - asyncpg 0.21.0-1 @@ -22118,8 +22148,8 @@ CVE-2020-13943 RESERVED CVE-2020-13942 RESERVED -CVE-2020-13941 - RESERVED +CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...) + TODO: check CVE-2020-13940 RESERVED CVE-2020-13939 @@ -24190,8 +24220,8 @@ CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerabil NOT-FOR-US: SABnzbd CVE-2020-13123 RESERVED -CVE-2020-13122 - RESERVED +CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...) + TODO: check CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...) NOT-FOR-US: Submitty CVE-2020-13120 @@ -25495,8 +25525,8 @@ CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management NOT-FOR-US: SolarWinds CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...) NOT-FOR-US: fastecdsa -CVE-2020-12606 - RESERVED +CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...) + TODO: check CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...) @@ -35505,26 +35535,26 @@ CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R NOT-FOR-US: Huawei CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: Huawei -CVE-2020-9242 - RESERVED -CVE-2020-9241 - RESERVED +CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...) + TODO: check +CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...) + TODO: check CVE-2020-9240 RESERVED CVE-2020-9239 RESERVED CVE-2020-9238 RESERVED -CVE-2020-9237 - RESERVED +CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...) + TODO: chec
[Git][security-tracker-team/security-tracker][master] ghostscript: add upstream version, distinguish CVEs in common patch
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: f6eb9ee9 by Sylvain Beucler at 2020-08-17T16:50:59+02:00 ghostscript: add upstream version, distinguish CVEs in common patch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13673,7 +13673,8 @@ CVE-2020-17539 CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...) - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792 - NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51) + NOTE: chunk #1, see also CVE-2020-16296 CVE-2020-17537 RESERVED CVE-2020-17536 @@ -16164,99 +16165,100 @@ CVE-2020-16311 CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in devices/gdev ...) - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828 - NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e (9.51) CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...) - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827 - NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 (9.51) CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...) - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829 - NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 (9.51) CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevtxtw.c ...) - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51) CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...) - ghostscript 9.51~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821 CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...) - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819 - NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 (9.51) CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...) - ghostscript 9.51~dfsg-1 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816 CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...) - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818 - NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a (9.51) CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815 - NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 (9.51) CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...) - ghostscript 9.51~dfsg-1 NOTE:
[Git][security-tracker-team/security-tracker][master] LTS: update status of sqlite3
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: cdd9b810 by Roberto C. Sánchez at 2020-08-17T07:59:27-04:00 LTS: update status of sqlite3 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -170,6 +170,7 @@ software-properties -- sqlite3 (Roberto C. Sánchez) NOTE: 20200712: Vulnerable to at least CVE-2020-13630. (lamby) + NOTE: 20200817: New CVEs have appeared. Working on those now. (roberto) -- squid3 (Markus Koschany) NOTE: 20200813: CVE-2020-15049 requires more testing but backport works in View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdd9b810e2898d5ba39d4c9486b6cb84cab230cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdd9b810e2898d5ba39d4c9486b6cb84cab230cc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Unclaim apache2 for the moment & add notes
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ae4621e by Utkarsh Gupta at 2020-08-17T17:16:50+05:30 Unclaim apache2 for the moment & add notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,8 +21,9 @@ ansible NOTE: 20200508: bam: Upstream fix was reverted - https://github.com/ansible/ansible/pull/68983 NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794 -- -apache2 (Utkarsh Gupta) - NOTE: 20200808: Seems affected by CVE-2020-9490, CVE-2020-11993 +apache2 + NOTE: 20200808: Seems affected by CVE-2020-9490, CVE-2020-11993 (abhijith) + NOTE: 20200817: Too intrusive. Re-visit back later -> experimenting fixes for ELTS. (utkarsh) -- ark (Abhijith PA) NOTE: 20200731: given PoC not working as intended. (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ae4621e8beaa13cb03fbd756d350d3e67f37508 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ae4621e8beaa13cb03fbd756d350d3e67f37508 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take ruby-*
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: c79bd796 by Utkarsh Gupta at 2020-08-17T17:03:30+05:30 Take ruby-* - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -145,11 +145,11 @@ qtbase-opensource-src -- ruby-doorkeeper -- -ruby-json-jwt +ruby-json-jwt (Utkarsh Gupta) -- ruby-kaminari (Chris Lamb) -- -ruby-rack-cors +ruby-rack-cors (Utkarsh Gupta) NOTE: 20200817: Was fixed in DLA-2096-1 for jessie LTS but is now re-vulnerable again in stretch LTS AFAICT. (lamby) -- samba View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c79bd7965d4dac5aa0c30d4c74e6afe28642ea27 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c79bd7965d4dac5aa0c30d4c74e6afe28642ea27 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage ruby-rack-cors for stretch LTS (CVE-2019-18978)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: da6877aa by Chris Lamb at 2020-08-17T12:01:06+01:00 data/dla-needed.txt: Triage ruby-rack-cors for stretch LTS (CVE-2019-18978) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -149,6 +149,9 @@ ruby-json-jwt -- ruby-kaminari (Chris Lamb) -- +ruby-rack-cors + NOTE: 20200817: Was fixed in DLA-2096-1 for jessie LTS but is now re-vulnerable again in stretch LTS AFAICT. (lamby) +-- samba NOTE: 20200703: Check with security team so that there's no clash for Stretch update. (utkarsh) NOTE: 20200801: Stretch update already released, so no conflict. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6877aaaedbd5f9f82d860324b2c3722fe92a32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6877aaaedbd5f9f82d860324b2c3722fe92a32 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage ruby-doorkeeper for stretch LTS (CVE-2020-10187)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: a5be2722 by Chris Lamb at 2020-08-17T11:55:29+01:00 data/dla-needed.txt: Triage ruby-doorkeeper for stretch LTS (CVE-2020-10187) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -143,6 +143,8 @@ qtbase-opensource-src NOTE: 20200815: Minor issue, but easy to fix (CVE-2020-17507). Low prio. NOTE: 20200815: One could possibly look at the other issues and decide whether they are worth fixing along. (sunweaver) -- +ruby-doorkeeper +-- ruby-json-jwt -- ruby-kaminari (Chris Lamb) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5be2722c624e46e48801718f7c7e8adf189106a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5be2722c624e46e48801718f7c7e8adf189106a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim ruby-kaminari.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: e21cee13 by Chris Lamb at 2020-08-17T11:54:58+01:00 data/dla-needed.txt: Claim ruby-kaminari. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -145,7 +145,7 @@ qtbase-opensource-src -- ruby-json-jwt -- -ruby-kaminari +ruby-kaminari (Chris Lamb) -- samba NOTE: 20200703: Check with security team so that there's no clash for Stretch update. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21cee139f784e715a1750331036dfb5a5bd6fc2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21cee139f784e715a1750331036dfb5a5bd6fc2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage ruby-json-jwt for stretch LTS (CVE-2019-18848)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 281097ff by Chris Lamb at 2020-08-17T11:54:22+01:00 data/dla-needed.txt: Triage ruby-json-jwt for stretch LTS (CVE-2019-18848) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -143,6 +143,8 @@ qtbase-opensource-src NOTE: 20200815: Minor issue, but easy to fix (CVE-2020-17507). Low prio. NOTE: 20200815: One could possibly look at the other issues and decide whether they are worth fixing along. (sunweaver) -- +ruby-json-jwt +-- ruby-kaminari -- samba View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/281097ff73813e77296f6fea8f6e53ec271fae16 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/281097ff73813e77296f6fea8f6e53ec271fae16 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage ruby-kaminari for stretch LTS (CVE-2020-11082)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 31cec9fa by Chris Lamb at 2020-08-17T11:53:48+01:00 data/dla-needed.txt: Triage ruby-kaminari for stretch LTS (CVE-2020-11082) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -143,6 +143,8 @@ qtbase-opensource-src NOTE: 20200815: Minor issue, but easy to fix (CVE-2020-17507). Low prio. NOTE: 20200815: One could possibly look at the other issues and decide whether they are worth fixing along. (sunweaver) -- +ruby-kaminari +-- samba NOTE: 20200703: Check with security team so that there's no clash for Stretch update. (utkarsh) NOTE: 20200801: Stretch update already released, so no conflict. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31cec9fac6b71daacce31d3b81e4714dba087809 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31cec9fac6b71daacce31d3b81e4714dba087809 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b63bbb8 by security tracker role at 2020-08-17T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,11 @@
+CVE-2020-24367
+ RESERVED
+CVE-2020-24366
+ RESERVED
+CVE-2020-24365
+ RESERVED
+CVE-2020-24364
+ RESERVED
CVE-2020-24363
RESERVED
CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next
plugin befor ...)
@@ -21002,6 +21010,7 @@ CVE-2020-14351
RESERVED
CVE-2020-14350
RESERVED
+ {DLA-2331-1}
- postgresql-12 12.4-1
- postgresql-11
[buster] - postgresql-11 (Minor issue; will be fixed via point
release)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b63bbb85852aeead03e50b3ea083d1d560b2d80
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b63bbb85852aeead03e50b3ea083d1d560b2d80
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2331-1 for posgresql-9.6
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0fc35c50 by Emilio Pozuelo Monfort at 2020-08-17T10:03:42+02:00
Reserve DLA-2331-1 for posgresql-9.6
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[17 Aug 2020] DLA-2331-1 posgresql-9.6 - security update
+ {CVE-2020-14350}
+ [stretch] - posgresql-9.6 9.6.19-0+deb9u1
[16 Aug 2020] DLA-2330-1 jruby - security update
{CVE-2017-17742 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323
CVE-2019-8324 CVE-2019-8325 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255}
[stretch] - jruby 1.7.26-1+deb9u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fc35c509e446658d80d81bd14fe02636cb860cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fc35c509e446658d80d81bd14fe02636cb860cd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
