date:20201101

[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity

2020-11-01 Thread Holger Levsen



Holger Levsen pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0f2dc9f by Holger Levsen at 2020-11-02T08:01:22+01:00
semi-automatic unclaim after 2 weeks of inactivity

Signed-off-by: Holger Levsen 

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -125,7 +125,7 @@ pluxml
 --
 poppler (Markus Koschany)
 --
-python3.5 (Thorsten Alteholz)
+python3.5
   NOTE: 20201011: testing package
   NOTE: 20201018: recovering from a broken computer :-(
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f2dc9f0da6159e683ce069877f95b25d61dc51

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f2dc9f0da6159e683ce069877f95b25d61dc51
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Marked CVE-2018-19352 as not-affected. Vulnerable code introduced

2020-11-01 Thread Abhijith PA



Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3892e3d4 by Abhijith PA at 2020-11-02T12:27:47+05:30
Marked CVE-2018-19352 as not-affected. Vulnerable code introduced
after 4.2.3 (stretch version). See commit 
https://github.com/jupyter/notebook/commit/9ce534c020da37e6c8367884133eece5efc9ca82

Remove no-dsa tag for CVE-2018-8768

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -125418,6 +125418,7 @@ CVE-2018-19353 (The ansilove_ansi function in 
loaders/ansi.c in libansilove 1.0.
NOT-FOR-US: libansilove
 CVE-2018-19352 (Jupyter Notebook before 5.7.2 allows XSS via a crafted 
directory name  ...)
- jupyter-notebook 5.7.4-1 (bug #917408)
+   [stretch] - jupyter-notebook  (Vulnerable code not 
present)
NOTE: 
https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
 CVE-2018-19351 (Jupyter Notebook before 5.7.1 allows XSS via an untrusted 
notebook bec ...)
- jupyter-notebook 5.7.4-1 (bug #917409)
@@ -154186,7 +154187,6 @@ CVE-2017-18239 (A time-sensitive equality check on 
the JWT signature in the Json
NOT-FOR-US: authentikat-jwt
 CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook 
file c ...)
- jupyter-notebook 5.4.1-1 (bug #893436)
-   [stretch] - jupyter-notebook  (Minor issue)
- ipython 5.1.0-2
[jessie] - ipython  (Minor issue)
[wheezy] - ipython  (Too invasive to fix)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3892e3d41ad137d12c43eeaf1d23579702e4ca5e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3892e3d41ad137d12c43eeaf1d23579702e4ca5e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add wordpress to dsa-needed list

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c76a7782 by Salvatore Bonaccorso at 2020-11-02T07:50:42+01:00
Add wordpress to dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -29,6 +29,8 @@ netty
 --
 pdns-recursor
 --
+wordpress
+--
 xcftools
   Hugo proposed to work on this update
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c76a77829dcb73ff3e95b9e0012e5cfdcf49f114

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c76a77829dcb73ff3e95b9e0012e5cfdcf49f114
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for wordpress issues

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
31e47650 by Salvatore Bonaccorso at 2020-11-02T06:40:34+01:00
Add Debian bug reference for wordpress issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11,38 +11,38 @@ CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT 
signature verification
 CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 
1.0.9.64_10.2.64 ...)
NOT-FOR-US: Netgear
 CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a 
theme's backg ...)
-   - wordpress 
+   - wordpress  (bug #973562)
NOTE: 
https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
NOTE: 
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28039 (is_protected_meta in wp-includes/meta.php in WordPress before 
5.5.2 al ...)
-   - wordpress 
+   - wordpress  (bug #973562)
NOTE: 
https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad
NOTE: 
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10452
 CVE-2020-28038 (WordPress before 5.5.2 allows stored XSS via post slugs. ...)
-   - wordpress 
+   - wordpress  (bug #973562)
NOTE: 
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28037 (is_blog_installed in wp-includes/functions.php in WordPress 
before 5.5 ...)
-   - wordpress 
+   - wordpress  (bug #973562)
NOTE: 
https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
NOTE: 
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10450
 CVE-2020-28036 (wp-includes/class-wp-xmlrpc-server.php in WordPress before 
5.5.2 allow ...)
-   - wordpress 
+   - wordpress  (bug #973562)
NOTE: 
https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32
NOTE: 
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10449
 CVE-2020-28035 (WordPress before 5.5.2 allows attackers to gain privileges via 
XML-RPC ...)
-   - wordpress 
+   - wordpress  (bug #973562)
NOTE: 
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28034 (WordPress before 5.5.2 allows XSS associated with global 
variables. ...)
-   - wordpress 
+   - wordpress  (bug #973562)
NOTE: 
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28033 (WordPress before 5.5.2 mishandles embeds from disabled sites 
on a mult ...)
-   - wordpress 
+   - wordpress  (bug #973562)
NOTE: 
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in 
wp-inclu ...)
-   - wordpress 
+   - wordpress  (bug #973562)
NOTE: 
https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
NOTE: 
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10446



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31e4765002100164c64dc4d7e996cd40cff355ee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31e4765002100164c64dc4d7e996cd40cff355ee
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2020-15250,junit4: fixed in unstable

2020-11-01 Thread Markus Koschany



Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3e63f8e2 by Markus Koschany at 2020-11-01T22:35:17+01:00
CVE-2020-15250,junit4: fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -27623,7 +27623,7 @@ CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a 
Python IRC bot) before v
NOT-FOR-US: Channelmgnt plug-in for Sopel
 CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule 
TemporaryF ...)
{DLA-2426-1}
-   - junit4  (bug #972231)
+   - junit4 4.13.1-1 (bug #972231)
NOTE: 
https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
NOTE: 
https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
 CVE-2020-15249



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e63f8e26c9a428e09bdc7e8c31c7da9b5cca415

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e63f8e26c9a428e09bdc7e8c31c7da9b5cca415
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e40e2f6a by Salvatore Bonaccorso at 2020-11-01T21:28:08+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,11 +1,11 @@
 CVE-2020-28046 (An issue was discovered in ProlinOS through 2.4.161.8859R. An 
attacker ...)
-   TODO: check
+   NOT-FOR-US: ProlinOS
 CVE-2020-28045 (An unsigned-library issue was discovered in ProlinOS through 
2.4.161.8 ...)
-   TODO: check
+   NOT-FOR-US: ProlinOS
 CVE-2020-28044 (An attacker with physical access to a PAX Point Of Sale device 
with Pr ...)
-   TODO: check
+   NOT-FOR-US: ProlinOS
 CVE-2020-28043 (MISP through 2.4.133 allows SSRF in the REST client via the 
use_full_p ...)
-   TODO: check
+   NOT-FOR-US: MISP
 CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature 
verification unless ...)
TODO: check
 CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 
1.0.9.64_10.2.64 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e40e2f6a42deb71aace87cc12f195aa8f881db17

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e40e2f6a42deb71aace87cc12f195aa8f881db17
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4b436b08 by security tracker role at 2020-11-01T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,11 @@
+CVE-2020-28046 (An issue was discovered in ProlinOS through 2.4.161.8859R. An 
attacker ...)
+   TODO: check
+CVE-2020-28045 (An unsigned-library issue was discovered in ProlinOS through 
2.4.161.8 ...)
+   TODO: check
+CVE-2020-28044 (An attacker with physical access to a PAX Point Of Sale device 
with Pr ...)
+   TODO: check
+CVE-2020-28043 (MISP through 2.4.133 allows SSRF in the REST client via the 
use_full_p ...)
+   TODO: check
 CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature 
verification unless ...)
TODO: check
 CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 
1.0.9.64_10.2.64 ...)
@@ -5235,8 +5243,8 @@ CVE-2020-25851
RESERVED
 CVE-2020-25850
RESERVED
-CVE-2020-25849
-   RESERVED
+CVE-2020-25849 (MailGates and MailAudit products contain Command Injection 
flaw, which ...)
+   TODO: check
 CVE-2020-25848
RESERVED
 CVE-2020-25847
@@ -27614,6 +27622,7 @@ CVE-2020-15252 (In XWiki before version 12.5 and 
11.10.6, any user with SCRIPT r
 CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before 
version ...)
NOT-FOR-US: Channelmgnt plug-in for Sopel
 CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule 
TemporaryF ...)
+   {DLA-2426-1}
- junit4  (bug #972231)
NOTE: 
https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
NOTE: 
https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
@@ -30084,7 +30093,7 @@ CVE-2020-14356 (A flaw null pointer dereference in the 
Linux kernel cgroupv2 sub
[buster] - linux 4.19.146-1
NOTE: Fixed by: 
https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
 CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the 
QUIC image  ...)
-   {DSA-4771-1}
+   {DSA-4771-1 DLA-2428-1 DLA-2427-1}
- spice 0.14.3-2 (bug #971750)
- spice-gtk  (bug #971751)
[buster] - spice-gtk  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b436b08d0b7eb04a5a6f7cda14b42bb4099d14f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b436b08d0b7eb04a5a6f7cda14b42bb4099d14f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-202-2567{0,1,2,3}/linux

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3b407c16 by Salvatore Bonaccorso at 2020-11-01T18:01:45+01:00
Add CVE-202-2567{0,1,2,3}/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5650,12 +5650,20 @@ CVE-2020-25674
RESERVED
 CVE-2020-25673
RESERVED
+   - linux 
+   NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
 CVE-2020-25672
RESERVED
+   - linux 
+   NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
 CVE-2020-25671
RESERVED
+   - linux 
+   NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
 CVE-2020-25670
RESERVED
+   - linux 
+   NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
 CVE-2020-25669
RESERVED
 CVE-2020-25668 [concurrency use-after-free in vt]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b407c1660675d9d6137e34e3bff1916bb48297a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b407c1660675d9d6137e34e3bff1916bb48297a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2428-1 for spice-gtk

2020-11-01 Thread Utkarsh Gupta



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e7eeb0b8 by Utkarsh Gupta at 2020-11-01T22:19:18+05:30
Reserve DLA-2428-1 for spice-gtk

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[01 Nov 2020] DLA-2428-1 spice-gtk - security update
+   {CVE-2020-14355}
+   [stretch] - spice-gtk 0.33-3.3+deb9u2
 [01 Nov 2020] DLA-2427-1 spice - security update
{CVE-2020-14355}
[stretch] - spice 0.12.8-2.1+deb9u4


=
data/dla-needed.txt
=
@@ -177,10 +177,6 @@ slirp
   NOTE: CVE-2020-7039 to be applied patched first, as they both patch
   NOTE: the same lines of code in tcp_subr.c (bam).
 --
-spice-gtk (Utkarsh)
-  NOTE: 20201027: already uploaded to jessie, was waiting to hear back if 
there's regression.
-  NOTE: 20201027: will upload soon to stretch as well. (utkarsh)
---
 sympa
   NOTE: 20201007: I issued DLA-2401-1 to address overdue critical 
vulnerability.
   NOTE: 20201007: Lesser issues should pop up soon following work with 
upstream:



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7eeb0b8107a47d2ecbbcb5d0f1fe6db521d780b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7eeb0b8107a47d2ecbbcb5d0f1fe6db521d780b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2427-1 for spice

2020-11-01 Thread Utkarsh Gupta



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
73a2c546 by Utkarsh Gupta at 2020-11-01T22:18:51+05:30
Reserve DLA-2427-1 for spice

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[01 Nov 2020] DLA-2427-1 spice - security update
+   {CVE-2020-14355}
+   [stretch] - spice 0.12.8-2.1+deb9u4
 [01 Nov 2020] DLA-2426-1 junit4 - security update
{CVE-2020-15250}
[stretch] - junit4 4.12-4+deb9u1


=
data/dla-needed.txt
=
@@ -177,10 +177,6 @@ slirp
   NOTE: CVE-2020-7039 to be applied patched first, as they both patch
   NOTE: the same lines of code in tcp_subr.c (bam).
 --
-spice (Utkarsh)
-  NOTE: 20201027: already uploaded to jessie, was waiting to hear back if 
there's regression.
-  NOTE: 20201027: will upload soon to stretch as well. (utkarsh)
---
 spice-gtk (Utkarsh)
   NOTE: 20201027: already uploaded to jessie, was waiting to hear back if 
there's regression.
   NOTE: 20201027: will upload soon to stretch as well. (utkarsh)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73a2c54612a5c3797ab28f1e5cde2dddf3b0d986

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73a2c54612a5c3797ab28f1e5cde2dddf3b0d986
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim jupyter-notebook

2020-11-01 Thread Abhijith PA



Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9b9bb599 by Abhijith PA at 2020-11-01T22:08:48+05:30
data/dla-needed.txt: Claim jupyter-notebook

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -81,7 +81,7 @@ guacamole-server (Markus Koschany)
   NOTE: guacamole-client. Backporting the upstream patch seems viable.
   NOTE: release will be this week
 --
-jupyter-notebook
+jupyter-notebook (Abhijith PA)
   NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
 --
 lemonldap-ng



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b9bb59907df8d9e94e2f73ca8a3ab430c745fb1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b9bb59907df8d9e94e2f73ca8a3ab430c745fb1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2426-1 for junit4

2020-11-01 Thread Abhijith PA



Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d853e4ab by Abhijith PA at 2020-11-01T21:45:35+05:30
Reserve DLA-2426-1 for junit4

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[01 Nov 2020] DLA-2426-1 junit4 - security update
+   {CVE-2020-15250}
+   [stretch] - junit4 4.12-4+deb9u1
 [01 Nov 2020] DLA-2425-1 openldap - security update
[stretch] - openldap 2.4.44+dfsg-5+deb9u5
 [31 Oct 2020] DLA-2424-1 tzdata - new upstream version


=
data/dla-needed.txt
=
@@ -81,8 +81,6 @@ guacamole-server (Markus Koschany)
   NOTE: guacamole-client. Backporting the upstream patch seems viable.
   NOTE: release will be this week
 --
-junit4 (Abhijith PA)
---
 jupyter-notebook
   NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d853e4ab1545a8d561a034bcca674b1a9c819493

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d853e4ab1545a8d561a034bcca674b1a9c819493
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-5991/nvidia-cuda-toolkit

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cfe76abc by Salvatore Bonaccorso at 2020-11-01T15:54:46+01:00
Add Debian bug reference for CVE-2020-5991/nvidia-cuda-toolkit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -53013,7 +53013,7 @@ CVE-2020-5993
 CVE-2020-5992
RESERVED
 CVE-2020-5991 (NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a 
vulnerab ...)
-   - nvidia-cuda-toolkit 
+   - nvidia-cuda-toolkit  (bug #973543)
[buster] - nvidia-cuda-toolkit  (Non-free not supported)
[stretch] - nvidia-cuda-toolkit  (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5094



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfe76abcc8819b5eb2b372d17c5be654918dd958

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfe76abcc8819b5eb2b372d17c5be654918dd958
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-25659/python-cryptography

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
61bbafa7 by Salvatore Bonaccorso at 2020-11-01T15:52:54+01:00
Track fixed version for CVE-2020-25659/python-cryptography

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5680,7 +5680,7 @@ CVE-2020-25660
RESERVED
 CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption]
RESERVED
-   - python-cryptography  (bug #973247)
+   - python-cryptography 3.2.1-1 (bug #973247)
[stretch] - python-cryptography  (Minor issue; risk of 
regression & marginal benefit)
NOTE: 
https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61bbafa71378264e4e585573cc2169fdf889e465

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61bbafa71378264e4e585573cc2169fdf889e465
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2020-25739/ruby-gon

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b08823be by Salvatore Bonaccorso at 2020-11-01T14:30:46+01:00
Add fixed version via unstable for CVE-2020-25739/ruby-gon

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5510,7 +5510,7 @@ CVE-2020-25740
RESERVED
 CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for 
Ruby. Mult ...)
{DLA-2380-1}
-   - ruby-gon  (bug #970938)
+   - ruby-gon 6.4.0-1 (bug #970938)
[buster] - ruby-gon  (Minor issue)
NOTE: 
https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7
 CVE-2020-25738



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b08823be5519de4b651f21462d300b820a40c8be

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b08823be5519de4b651f21462d300b820a40c8be
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-5991/nvidia-cude-toolkit as ignored for stretch

2020-11-01 Thread Utkarsh Gupta



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c0724959 by Utkarsh Gupta at 2020-11-01T17:13:56+05:30
Mark CVE-2020-5991/nvidia-cude-toolkit as ignored for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -53015,6 +53015,7 @@ CVE-2020-5992
 CVE-2020-5991 (NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a 
vulnerab ...)
- nvidia-cuda-toolkit 
[buster] - nvidia-cuda-toolkit  (Non-free not supported)
+   [stretch] - nvidia-cuda-toolkit  (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5094
 CVE-2020-5990 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, 
contains a ...)
NOT-FOR-US: NVIDIA GeForce Experience



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c07249597efd31056df5252f109b817a42b4723b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c07249597efd31056df5252f109b817a42b4723b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-26566/motion as not-affected for stretch

2020-11-01 Thread Utkarsh Gupta



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
309279be by Utkarsh Gupta at 2020-11-01T17:09:41+05:30
Mark CVE-2020-26566/motion as not-affected for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3706,6 +3706,7 @@ CVE-2020-26567 (An issue was discovered on D-Link 
DSR-250N before 3.17B devices.
 CVE-2020-26566 (A Denial of Service condition in Motion-Project Motion 3.2 
through 4.3 ...)
- motion  (bug #972986)
[buster] - motion  (Vulnerable code introduced in 4.2)
+   [stretch] - motion  (Vulnerable code introduced in 4.2)
NOTE: 
https://github.com/Motion-Project/motion/security/advisories/GHSA-6f7x-grw7-fw24
NOTE: 
https://github.com/Motion-Project/motion/issues/1227#issuecomment-715927776
NOTE: https://github.com/Motion-Project/motion/pull/1232



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/309279bef7a0bf305da2af6f48e92b46dfdaf350

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/309279bef7a0bf305da2af6f48e92b46dfdaf350
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage python-cryptography, blueman, and wordpress

2020-11-01 Thread Utkarsh Gupta



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e9d04c2d by Utkarsh Gupta at 2020-11-01T17:07:36+05:30
Triage python-cryptography, blueman, and wordpress

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -5680,6 +5680,7 @@ CVE-2020-25660
 CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption]
RESERVED
- python-cryptography  (bug #973247)
+   [stretch] - python-cryptography  (Minor issue; risk of 
regression & marginal benefit)
NOTE: 
https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988
NOTE: 
https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
 (3.2)


=
data/dla-needed.txt
=
@@ -28,6 +28,8 @@ ark
   NOTE: 20200907: patch 
https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes 
(abhijith)
   NOTE: 20200921: CLI works but GUI not, It seems the fix is not compatible 
with the old architecture (abhijith)
 --
+blueman
+--
 brotli (Roberto C. Sánchez)
   NOTE: 20201025: Requested patch review on debian-lts@l.d.o (roberto)
 --
@@ -200,6 +202,8 @@ wireshark (Adrian Bunk)
   NOTE: 20201026: will backport 2.6.8-1.1 first, and then try to update in the
   NOTE: 20201026: next buster point release followed by another backport (bunk)
 --
+wordpress (Utkarsh)
+--
 xcftools
   NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for 
upstream review (hle)
   NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting 
original patch



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d04c2dd6b55122522b265ac53cd4b24ee57e24

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9d04c2dd6b55122522b265ac53cd4b24ee57e24
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e0099239 by Salvatore Bonaccorso at 2020-11-01T09:37:59+01:00
Process NFUs

- - - - -
309e46a2 by Salvatore Bonaccorso at 2020-11-01T09:38:15+01:00
Add new issues for nextcloud-server (itp'ed)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,7 @@
 CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature 
verification unless ...)
TODO: check
 CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 
1.0.9.64_10.2.64 ...)
-   TODO: check
+   NOT-FOR-US: Netgear
 CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a 
theme's backg ...)
- wordpress 
NOTE: 
https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
@@ -25842,7 +25842,7 @@ CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda 
AC15 AC1900 15.03.05.19 dev
 CVE-2020-15915
RESERVED
 CVE-2020-15914 (A cross-site scripting (XSS) vulnerability exists in the 
Origin Client ...)
-   TODO: check
+   NOT-FOR-US: EA Origin Client
 CVE-2020-15913
RESERVED
 CVE-2020-15912 (** DISPUTED ** Tesla Model 3 vehicles allow attackers to open 
a door b ...)
@@ -27540,15 +27540,15 @@ CVE-2020-15279
 CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized 
privilege esc ...)
NOT-FOR-US: Red Discord Bot
 CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code 
Execution (RC ...)
-   TODO: check
+   NOT-FOR-US: baserCMS
 CVE-2020-15276 (baserCMS before version 4.4.1 is vulnerable to Cross-Site 
Scripting. A ...)
-   TODO: check
+   NOT-FOR-US: baserCMS
 CVE-2020-15275
RESERVED
 CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be 
injected in a ...)
NOT-FOR-US: Wiki.js
 CVE-2020-15273 (baserCMS before version 4.4.1 is vulnerable to Cross-Site 
Scripting. T ...)
-   TODO: check
+   NOT-FOR-US: baserCMS
 CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) 
before ve ...)
NOT-FOR-US: git-tag-annotation-action
 CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the 
package ...)
@@ -47200,7 +47200,7 @@ CVE-2020-8238 (A vulnerability in the authenticated 
user web interface of Pulse
 CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may 
lead to  ...)
NOT-FOR-US: Node json-bigint
 CVE-2020-8236 (A wrong configuration in Nextcloud Server 19.0.1 incorrectly 
made the  ...)
-   TODO: check
+   - nextcloud-server  (bug #941708)
 CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an 
insecure dire ...)
NOT-FOR-US: Nextcloud Deck
 CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware

[Git][security-tracker-team/security-tracker][master] Add version for openldap until we can drop it with the CVE assignment

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4360691c by Salvatore Bonaccorso at 2020-11-01T09:17:18+01:00
Add version for openldap until we can drop it with the CVE assignment

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -94,6 +94,7 @@ CVE-2020-28007
 CVE-2020- [vulnerability with slapd normalization handling with modrdn]
- openldap 2.4.55+dfsg-1
[buster] - openldap 2.4.47+dfsg-3+deb10u3
+   [stretch] - openldap 2.4.44+dfsg-5+deb9u5
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9370
NOTE: 
https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d
 CVE-2020-28006



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4360691cb759d1f19f5e0f3525a777fbea5514c4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4360691cb759d1f19f5e0f3525a777fbea5514c4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2020-11-01 Thread Salvatore Bonaccorso



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4a4bd8dd by security tracker role at 2020-11-01T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature 
verification unless ...)
+   TODO: check
+CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 
1.0.9.64_10.2.64 ...)
+   TODO: check
 CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a 
theme's backg ...)
- wordpress 
NOTE: 
https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
@@ -54231,8 +54235,8 @@ CVE-2020-5427
RESERVED
 CVE-2020-5426
RESERVED
-CVE-2020-5425
-   RESERVED
+CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 
,1.12.x v ...)
+   TODO: check
 CVE-2020-5424
RESERVED
 CVE-2020-5423
@@ -90297,6 +90301,7 @@ CVE-2019-12297 (An issue was discovered in scopd on 
Motorola routers CX2 1.01 an
 CVE-2019-12296
RESERVED
 CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 
2.4.14, the  ...)
+   {DLA-2423-1}
- wireshark 2.6.8-1.1 (low; bug #929446)
[jessie] - wireshark  (Minor, can be fixed along in a future 
update)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
@@ -94295,7 +94300,7 @@ CVE-2019-10904 (Roundup 1.6 allows XSS via the URI 
because frontends/roundup.cgi
NOTE: https://issues.roundup-tracker.org/issue2551035
NOTE: 
https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f
 CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the 
DCERPC SP ...)
-   {DLA-1802-1}
+   {DLA-2423-1 DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eafdcfa4b6d5187a5326442a82608ab03d9dddcb
@@ -94308,7 +94313,7 @@ CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector 
could crash. This was ad
NOTE: bug was never in Debian apart experimental released versions:
NOTE: Dissector introduced in 3.0.0 and CVE fixed in 3.0.1
 CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the 
LDSS diss ...)
-   {DLA-1802-1}
+   {DLA-2423-1 DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd
@@ -94319,7 +94324,7 @@ CVE-2019-10900 (In Wireshark 3.0.0, the Rbm dissector 
could go into an infinite
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=26eee01f57f0a86fb375892c7937eac24ede4610
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-13.html
 CVE-2019-10899 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the 
SRVLOC di ...)
-   {DLA-1802-1}
+   {DLA-2423-1 DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b16fea2f175a3297edac118c8844c7987d31c1cb
@@ -94335,13 +94340,14 @@ CVE-2019-10897 (In Wireshark 3.0.0, the IEEE 802.11 
dissector could go into an i
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=00d5e9e9fb377f52ab7696f25c1dbc011ef0244d
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-11.html
 CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the 
DOF disse ...)
+   {DLA-2423-1}
- wireshark 2.6.8-1 (low; bug #926718)
[jessie] - wireshark  (vulnerable code is not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=441b6d9071d6341e58dfe10719375489c5b8e3f0
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-15.html
 CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the 
NetScaler ...)
-   {DLA-1802-1}
+   {DLA-2423-1 DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2fbbde780e5d5d82e31dca656217daf278cf62bb
@@ -94350,7 +94356,7 @@ CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 
2.6.7, and 3.0.0, the Net
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-09.html
 CVE-2019-108

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2425-1 for openldap

2020-11-01 Thread Utkarsh Gupta



Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4bc621fb by Utkarsh Gupta at 2020-11-01T12:43:50+05:30
Reserve DLA-2425-1 for openldap

- - - - -


1 changed file:

- data/DLA/list


Changes:

=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[01 Nov 2020] DLA-2425-1 openldap - security update
+   [stretch] - openldap 2.4.44+dfsg-5+deb9u5
 [31 Oct 2020] DLA-2424-1 tzdata - new upstream version
[stretch] - tzdata 2020d-0+deb9u1
 [31 Oct 2020] DLA-2423-1 wireshark - security update



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc621fb7b1d0bf3bcd65edaaec7fa295ee32b27

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc621fb7b1d0bf3bcd65edaaec7fa295ee32b27
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity

[Git][security-tracker-team/security-tracker][master] Marked CVE-2018-19352 as not-affected. Vulnerable code introduced

[Git][security-tracker-team/security-tracker][master] Add wordpress to dsa-needed list

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for wordpress issues

[Git][security-tracker-team/security-tracker][master] CVE-2020-15250,junit4: fixed in unstable

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Add CVE-202-2567{0,1,2,3}/linux

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2428-1 for spice-gtk

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2427-1 for spice

[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim jupyter-notebook

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2426-1 for junit4

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-5991/nvidia-cuda-toolkit

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-25659/python-cryptography

[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2020-25739/ruby-gon

[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-5991/nvidia-cude-toolkit as ignored for stretch

[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-26566/motion as not-affected for stretch

[Git][security-tracker-team/security-tracker][master] Triage python-cryptography, blueman, and wordpress

[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

[Git][security-tracker-team/security-tracker][master] Add version for openldap until we can drop it with the CVE assignment

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2425-1 for openldap

22 matches

Site Navigation

Mail list logo

Footer information