[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3802/udisks2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d9662542 by Salvatore Bonaccorso at 2021-10-26T08:22:38+02:00 Add CVE-2021-3802/udisks2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5591,6 +5591,9 @@ CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complex NOT-FOR-US: nth-check CVE-2021-3802 RESERVED + - udisks2 2.9.4-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649 + NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt CVE-2021-41078 RESERVED CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d966254286064b4d48bce7c20c9f640e1d1be40b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d966254286064b4d48bce7c20c9f640e1d1be40b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-32286/hcxtools
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60e0f47b by Salvatore Bonaccorso at 2021-10-26T06:57:51+02:00 Track fixed version for CVE-2021-32286/hcxtools - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26575,7 +26575,7 @@ CVE-2021-32288 (An issue was discovered in heif through v3.6.2. A global-buffer- CVE-2021-32287 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...) NOT-FOR-US: Nokia HEIF implementation (different from libheif) CVE-2021-32286 (An issue was discovered in hcxtools through 6.1.6. A global-buffer-ove ...) - - hcxtools (bug #994790) + - hcxtools 6.2.4-1 (bug #994790) [bullseye] - hcxtools (Minor issue) NOTE: https://github.com/ZerBea/hcxtools/issues/155 NOTE: https://github.com/ZerBea/hcxtools/commit/e6505ddc262bc3254b39844895ebac70861001d2 (6.1.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60e0f47b205cfce3c9e033aac9fecf3f466f1791 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60e0f47b205cfce3c9e033aac9fecf3f466f1791 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take python3.5
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e0e410a by Utkarsh Gupta at 2021-10-26T04:42:47+05:30 Take python3.5 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -70,7 +70,7 @@ openssh (Utkarsh) NOTE: 20211018: the regression doesn't happen for stretch; looking at NOTE: 20211018: the other bit. (utkarsh) -- -python3.5 +python3.5 (Utkarsh) NOTE: 20211003: whilst looks like a no-dsa/postponed candidate on a NOTE: 20211003: quick look, Canonical issued an update via the ESM NOTE: 20211003: pocket. Needs another look. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e0e410a944fafb95e5764624ada934df9dabf8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e0e410a944fafb95e5764624ada934df9dabf8e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6cb3e2bd by Salvatore Bonaccorso at 2021-10-25T22:37:02+02:00 Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4028,7 +4028,7 @@ CVE-2021-41773 (A flaw was found in a change made to path normalization in Apach CVE-2021-3839 RESERVED CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) - TODO: check + NOT-FOR-US: Ingeteam INGEPAC DA AU CVE-2021-41772 RESERVED CVE-2021-41771 @@ -5350,7 +5350,7 @@ CVE-2021-41178 CVE-2021-41177 RESERVED CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...) - TODO: check + NOT-FOR-US: Pterodactyl CVE-2021-41175 RESERVED CVE-2021-41174 @@ -6869,9 +6869,9 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on NOTE: a query). CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...) - TODO: check + NOT-FOR-US: "com.onepeloton.erlich" mobile application CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...) - TODO: check + NOT-FOR-US: Peleton CVE-2021-40525 RESERVED CVE-2021-3776 @@ -7250,7 +7250,7 @@ CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering CVE-2021-40372 RESERVED CVE-2021-40371 (Gridpro Request Management for Windows Azure Pack before 2.0.7912 allo ...) - TODO: check + NOT-FOR-US: Gridpro Request Management for Windows Azure Pack CVE-2021-40370 RESERVED CVE-2021-40369 @@ -19507,7 +19507,7 @@ CVE-2021-35233 CVE-2021-35232 RESERVED CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...) - TODO: check + NOT-FOR-US: Kiwi Syslog Server Installation Wizard CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...) NOT-FOR-US: Kiwi CatTools Installation Wizard CVE-2021-35229 @@ -20306,27 +20306,27 @@ CVE-2021-34866 CVE-2021-34865 RESERVED CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2021-34858 RESERVED CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -42638,7 +42638,7 @@ CVE-2021-25979 CVE-2021-25978 RESERVED CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...) - TODO: check + NOT-FOR-US: PiranhaCMS CVE-2021-25976 RESERVED CVE-2021-25975 @@ -45423,9 +45423,9 @@ CVE-2021-24887 CVE-2021-24886 RESERVED CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24883 RESERVED CVE-2021-24882 @@ -45623,7 +45623,7 @@ CVE-2021-24787 CVE-2021-24786 RESERVED CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for php7.3 update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a337f39d by Salvatore Bonaccorso at 2021-10-25T22:22:03+02:00 Reserve DSA number for php7.3 update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[25 Oct 2021] DSA-4993-1 php7.3 - security update + {CVE-2021-21703} + [buster] - php7.3 7.3.31-1~deb10u1 [25 Oct 2021] DSA-4992-1 php7.4 - security update {CVE-2021-21703} [bullseye] - php7.4 7.4.25-1+deb11u1 = data/dsa-needed.txt = @@ -39,9 +39,6 @@ nodejs (jmm) -- openjdk-11 (jmm) -- -php7.3/oldstable - Maintainer prepared updates, needs review/ack --- puppetdb (jmm) -- python-pysaml2 (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a337f39d8911da5fcac2b43ac12c25bb49393424 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a337f39d8911da5fcac2b43ac12c25bb49393424 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for php7.4 update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60a43a55 by Salvatore Bonaccorso at 2021-10-25T22:14:51+02:00 Reserve DSA number for php7.4 update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[25 Oct 2021] DSA-4992-1 php7.4 - security update + {CVE-2021-21703} + [bullseye] - php7.4 7.4.25-1+deb11u1 [22 Oct 2021] DSA-4991-1 mailman - security update {CVE-2020-12108 CVE-2020-15011 CVE-2021-42096 CVE-2021-42097} [buster] - mailman 1:2.1.29-1+deb10u2 = data/dsa-needed.txt = @@ -42,9 +42,6 @@ openjdk-11 (jmm) php7.3/oldstable Maintainer prepared updates, needs review/ack -- -php7.4/stable - Maintainer prepared updates, needs review/ack --- puppetdb (jmm) -- python-pysaml2 (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60a43a554c4eaf3c3562e5f73a7ea1546165a94e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60a43a554c4eaf3c3562e5f73a7ea1546165a94e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from withdrawn and rejected CVE-2021-23441
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a7afa52 by Salvatore Bonaccorso at 2021-10-25T22:13:02+02:00 Remove notes from withdrawn and rejected CVE-2021-23441 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48606,7 +48606,6 @@ CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global p NOT-FOR-US: Node @cookiex/deep CVE-2021-23441 REJECTED - NOT-FOR-US: com.jsoniter:jsoniter CVE-2021-23440 (This affects the package set-value before <2.0.1, >=3.0.0 <4. ...) - node-set-value 3.0.1-3 (bug #994448) [bullseye] - node-set-value 3.0.1-2+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a7afa52a20bf9f66aadc45a261451dd0073f8c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a7afa52a20bf9f66aadc45a261451dd0073f8c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bff60510 by security tracker role at 2021-10-25T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2021-3904 + RESERVED +CVE-2021-3903 + RESERVED +CVE-2020-36503 + RESERVED CVE-2021-43010 RESERVED CVE-2021-43009 @@ -4021,8 +4027,8 @@ CVE-2021-41773 (A flaw was found in a change made to path normalization in Apach NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 CVE-2021-3839 RESERVED -CVE-2017-20007 - RESERVED +CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) + TODO: check CVE-2021-41772 RESERVED CVE-2021-41771 @@ -5343,8 +5349,8 @@ CVE-2021-41178 RESERVED CVE-2021-41177 RESERVED -CVE-2021-41176 - RESERVED +CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...) + TODO: check CVE-2021-41175 RESERVED CVE-2021-41174 @@ -5689,8 +5695,8 @@ CVE-2021-41037 RESERVED CVE-2021-41036 RESERVED -CVE-2021-41035 - RESERVED +CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...) + TODO: check CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...) NOT-FOR-US: Eclipse Che CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...) @@ -6061,8 +6067,7 @@ CVE-2021-3798 [Soft token does not check if an EC key is valid] NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780 NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0) NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0 -CVE-2021-40865 - RESERVED +CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker services ...) NOT-FOR-US: Apache Storm CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...) NOT-FOR-US: Hestia Control Panel @@ -6863,10 +6868,10 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on NOTE: a query). -CVE-2021-40527 - RESERVED -CVE-2021-40526 - RESERVED +CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...) + TODO: check +CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...) + TODO: check CVE-2021-40525 RESERVED CVE-2021-3776 @@ -10001,10 +10006,10 @@ CVE-2021-39223 RESERVED CVE-2021-39222 RESERVED -CVE-2021-39221 - RESERVED -CVE-2021-39220 - RESERVED +CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + TODO: check +CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...) + TODO: check CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtim ...) NOT-FOR-US: wasmtime CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...) @@ -12182,8 +12187,7 @@ CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) - yii (bug #597899) -CVE-2021-38294 - RESERVED +CVE-2021-38294 (A Command Injection vulnerability exists in the getTopologyHistory ser ...) NOT-FOR-US: Apache Storm CVE-2021-38293 RESERVED @@ -13889,8 +13893,7 @@ CVE-2021-37626 (Contao is an open source CMS that allows you to create websites NOT-FOR-US: Contao CMS CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...) NOT-FOR-US: Skytable -CVE-2021-37624 - RESERVED +CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) @@ -19503,8 +19506,8 @@ CVE-2021-35233 RESERVED CVE-2021-35232 RESERVED -CVE-2021-35231 - RESERVED +CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...) + TODO: check CVE-2021-35230 (As a result of an u
[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2021-21703
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 660fffe2 by Salvatore Bonaccorso at 2021-10-25T22:07:26+02:00 Add reference for CVE-2021-21703 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52770,6 +52770,7 @@ CVE-2021-21703 (In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7. NOTE: Fixed in 8.0.12, 7.4.25 NOTE: PHP Bug: http://bugs.php.net/81026 NOTE: https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b + NOTE: https://www.ambionics.io/blog/php-fpm-local-root CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...) {DSA-4856-1 DLA-2708-1} - php8.0 8.0.2-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/660fffe29cc3aaf0bdbe13df42214cdd80eef0e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/660fffe29cc3aaf0bdbe13df42214cdd80eef0e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2021-21703/php*
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ca8db18e by Salvatore Bonaccorso at 2021-10-25T21:42:30+02:00 Reference upstream commit for CVE-2021-21703/php* - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52769,6 +52769,7 @@ CVE-2021-21703 (In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7. - php7.0 NOTE: Fixed in 8.0.12, 7.4.25 NOTE: PHP Bug: http://bugs.php.net/81026 + NOTE: https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...) {DSA-4856-1 DLA-2708-1} - php8.0 8.0.2-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca8db18e036812af0a98340c3e6b414b7a8ff074 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca8db18e036812af0a98340c3e6b414b7a8ff074 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "semi-automatic unclaim after 2 weeks of inactivity"
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 92c9f24d by Jeremiah C. Foster at 2021-10-25T15:06:28-04:00 Revert "semi-automatic unclaim after 2 weeks of inactivity" This was an old commit that is now irrlevant. This reverts commit 827654f8d1b960cad8ef31edafe83bbdaeb00ce1. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -12,11 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. --- -amd64-microcode - NOTE: 20210831: no binary package was built, possibly due to non-free-specific rules - NOTE: 20210831: https://lists.debian.org/debian-lts/2021/08/msg00033.html - NOTE: 20210912: https://lists.debian.org/debian-lts/2021/09/msg00018.html (utkarsh) -- ansible NOTE: 20210411: As discussed with the maintainer I will update Buster first and @@ -50,8 +45,6 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- -libreoffice (Sylvain Beucler) --- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c9f24d3d39c0bbd343977109fe85f53d541247 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c9f24d3d39c0bbd343977109fe85f53d541247 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 827654f8 by Jeremiah C. Foster at 2021-10-25T14:50:38-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster- - - - - f8e29b6a by Jeremiah C. Foster at 2021-10-25T14:50:39-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -12,6 +12,11 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. +-- +amd64-microcode + NOTE: 20210831: no binary package was built, possibly due to non-free-specific rules + NOTE: 20210831: https://lists.debian.org/debian-lts/2021/08/msg00033.html + NOTE: 20210912: https://lists.debian.org/debian-lts/2021/09/msg00018.html (utkarsh) -- ansible NOTE: 20210411: As discussed with the maintainer I will update Buster first and @@ -37,7 +42,7 @@ ffmpeg (Anton Gladky) NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg NOTE: ffmpeg 3.2.16 has been released -- -firefox-esr (Emilio) +firefox-esr -- firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree @@ -45,6 +50,8 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- +libreoffice (Sylvain Beucler) +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) @@ -70,12 +77,12 @@ openssh (Utkarsh) NOTE: 20211018: the regression doesn't happen for stretch; looking at NOTE: 20211018: the other bit. (utkarsh) -- -python3.5 (Utkarsh) +python3.5 NOTE: 20211003: whilst looks like a no-dsa/postponed candidate on a NOTE: 20211003: quick look, Canonical issued an update via the ESM NOTE: 20211003: pocket. Needs another look. (utkarsh) -- -redis (Chris Lamb) +redis NOTE: 20211004: Fixed in sid and experimental. (lamby) NOTE: 20211006: buster-pu filed in #995825. (lamby) -- @@ -91,5 +98,5 @@ salt (Markus Koschany) NOTE: 20210607: new CVE patch proposed by damien; donfede to provide a debdiff. (utkarsh) NOTE: 20210816: will test the provided debdiff; needs testing as regression spotted. (utkarsh) -- -thunderbird (Emilio) +thunderbird -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cb8fc1694a9fa413783b1bfdf9dd33375be09bdd...f8e29b6acbadc30246076fa40005ab89d13f1bdf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cb8fc1694a9fa413783b1bfdf9dd33375be09bdd...f8e29b6acbadc30246076fa40005ab89d13f1bdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new freeswitch issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb8fc169 by Salvatore Bonaccorso at 2021-10-25T20:42:49+02:00 Add new freeswitch issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5391,8 +5391,12 @@ CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq CVE-2021-41158 RESERVED + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 CVE-2021-41157 RESERVED + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...) NOT-FOR-US: anuko/timetracker CVE-2021-41155 (Tuleap is a Free & Open Source Suite to improve management of soft ...) @@ -5421,6 +5425,8 @@ CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a mi NOTE: are not fixing a security vulnerability. CVE-2021-41145 RESERVED + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m CVE-2021-41144 RESERVED CVE-2021-41143 @@ -5504,6 +5510,8 @@ CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web Signat NOT-FOR-US: PHP lcobucci/jwt CVE-2021-41105 RESERVED + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36 CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...) NOT-FOR-US: ESPHome CVE-2021-41103 (containerd is an open source container runtime with an emphasis on sim ...) @@ -13883,6 +13891,8 @@ CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to NOT-FOR-US: Skytable CVE-2021-37624 RESERVED + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 [stretch] - exiv2 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb8fc1694a9fa413783b1bfdf9dd33375be09bdd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb8fc1694a9fa413783b1bfdf9dd33375be09bdd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 02fdf014 by security tracker role at 2021-10-25T08:10:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,321 @@ +CVE-2021-43010 + RESERVED +CVE-2021-43009 + RESERVED +CVE-2021-43008 + RESERVED +CVE-2021-43007 + RESERVED +CVE-2021-43006 + RESERVED +CVE-2021-43005 + RESERVED +CVE-2021-43004 + RESERVED +CVE-2021-43003 + RESERVED +CVE-2021-43002 + RESERVED +CVE-2021-43001 + RESERVED +CVE-2021-43000 + RESERVED +CVE-2021-42999 + RESERVED +CVE-2021-42998 + RESERVED +CVE-2021-42997 + RESERVED +CVE-2021-42996 + RESERVED +CVE-2021-42995 + RESERVED +CVE-2021-42994 + RESERVED +CVE-2021-42993 + RESERVED +CVE-2021-42992 + RESERVED +CVE-2021-42991 + RESERVED +CVE-2021-42990 + RESERVED +CVE-2021-42989 + RESERVED +CVE-2021-42988 + RESERVED +CVE-2021-42987 + RESERVED +CVE-2021-42986 + RESERVED +CVE-2021-42985 + RESERVED +CVE-2021-42984 + RESERVED +CVE-2021-42983 + RESERVED +CVE-2021-42982 + RESERVED +CVE-2021-42981 + RESERVED +CVE-2021-42980 + RESERVED +CVE-2021-42979 + RESERVED +CVE-2021-42978 + RESERVED +CVE-2021-42977 + RESERVED +CVE-2021-42976 + RESERVED +CVE-2021-42975 + RESERVED +CVE-2021-42974 + RESERVED +CVE-2021-42973 + RESERVED +CVE-2021-42972 + RESERVED +CVE-2021-42971 + RESERVED +CVE-2021-42970 + RESERVED +CVE-2021-42969 + RESERVED +CVE-2021-42968 + RESERVED +CVE-2021-42967 + RESERVED +CVE-2021-42966 + RESERVED +CVE-2021-42965 + RESERVED +CVE-2021-42964 + RESERVED +CVE-2021-42963 + RESERVED +CVE-2021-42962 + RESERVED +CVE-2021-42961 + RESERVED +CVE-2021-42960 + RESERVED +CVE-2021-42959 + RESERVED +CVE-2021-42958 + RESERVED +CVE-2021-42957 + RESERVED +CVE-2021-42956 + RESERVED +CVE-2021-42955 + RESERVED +CVE-2021-42954 + RESERVED +CVE-2021-42953 + RESERVED +CVE-2021-42952 + RESERVED +CVE-2021-42951 + RESERVED +CVE-2021-42950 + RESERVED +CVE-2021-42949 + RESERVED +CVE-2021-42948 + RESERVED +CVE-2021-42947 + RESERVED +CVE-2021-42946 + RESERVED +CVE-2021-42945 + RESERVED +CVE-2021-42944 + RESERVED +CVE-2021-42943 + RESERVED +CVE-2021-42942 + RESERVED +CVE-2021-42941 + RESERVED +CVE-2021-42940 + RESERVED +CVE-2021-42939 + RESERVED +CVE-2021-42938 + RESERVED +CVE-2021-42937 + RESERVED +CVE-2021-42936 + RESERVED +CVE-2021-42935 + RESERVED +CVE-2021-42934 + RESERVED +CVE-2021-42933 + RESERVED +CVE-2021-42932 + RESERVED +CVE-2021-42931 + RESERVED +CVE-2021-42930 + RESERVED +CVE-2021-42929 + RESERVED +CVE-2021-42928 + RESERVED +CVE-2021-42927 + RESERVED +CVE-2021-42926 + RESERVED +CVE-2021-42925 + RESERVED +CVE-2021-42924 + RESERVED +CVE-2021-42923 + RESERVED +CVE-2021-42922 + RESERVED +CVE-2021-42921 + RESERVED +CVE-2021-42920 + RESERVED +CVE-2021-42919 + RESERVED +CVE-2021-42918 + RESERVED +CVE-2021-42917 + RESERVED +CVE-2021-42916 + RESERVED +CVE-2021-42915 + RESERVED +CVE-2021-42914 + RESERVED +CVE-2021-42913 + RESERVED +CVE-2021-42912 + RESERVED +CVE-2021-42911 + RESERVED +CVE-2021-42910 + RESERVED +CVE-2021-42909 + RESERVED +CVE-2021-42908 + RESERVED +CVE-2021-42907 + RESERVED +CVE-2021-42906 + RESERVED +CVE-2021-42905 + RESERVED +CVE-2021-42904 + RESERVED +CVE-2021-42903 + RESERVED +CVE-2021-42902 + RESERVED +CVE-2021-42901 + RESERVED +CVE-2021-42900 + RESERVED +CVE-2021-42899 + RESERVED +CVE-2021-42898 + RESERVED +CVE-2021-42897 + RESERVED +CVE-2021-42896 + RESERVED +CVE-2021-42895 + RESERVED +CVE-2021-42894 + RESERVED +CVE-2021-42893 + RESERVED +CVE-2021-42892 + RESERVED +CVE-2021-42891 + RESERVED +CVE-2021-42890 + RESERVED +CVE-2021-42889 + RESERVED +CVE-2021-42888 + RESERVED +CVE-2021-42887 + RESERVED +CVE-2021-42886 + RESERVED +CVE-2021-42885 + RESERVED +CVE-2021-42884 + RESERVED +CVE-2021-42883 + RESERVED +CVE-2021-42882 + RESERVED +CVE-2021-42881 + RESERVED +CVE-2021-42880 + RESERVED +CVE-2021-42879 + RESERVED +CVE-2021-42878 + RESERVED +CVE-2021-42877 + RESERVED +CVE-2021-42876 + RESERVED +CVE-2021-42875 + RESERVED +CVE-2021-42874 + RESERVED +CVE-2021-42873 + RESERVED +CVE-2021-42872 + RESERVED +CVE-2021-42871 + RESERVED +CVE-2021-42870 + RESE
[Git][security-tracker-team/security-tracker][master] Add php to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2073dd96 by Salvatore Bonaccorso at 2021-10-25T09:13:58+02:00 Add php to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -39,6 +39,12 @@ nodejs (jmm) -- openjdk-11 (jmm) -- +php7.3/oldstable + Maintainer prepared updates, needs review/ack +-- +php7.4/stable + Maintainer prepared updates, needs review/ack +-- puppetdb (jmm) -- python-pysaml2 (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2073dd9605c1bb538cfdbfa1aa67414caed4edbf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2073dd9605c1bb538cfdbfa1aa67414caed4edbf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-411{59,60}/freerdp2 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ff6288c by Salvatore Bonaccorso at 2021-10-25T09:12:47+02:00 Mark CVE-2021-411{59,60}/freerdp2 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5059,11 +5059,15 @@ CVE-2021-41161 RESERVED CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 + [bullseye] - freerdp2 (Minor issue) + [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 + [bullseye] - freerdp2 (Minor issue) + [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ff6288c2d3da7c9bd8b5ad150ab4af8dcbedc35 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ff6288c2d3da7c9bd8b5ad150ab4af8dcbedc35 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits