[Git][security-tracker-team/security-tracker][master] Add CVE-2022-29{89,90}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4927ad96 by Salvatore Bonaccorso at 2022-08-26T07:48:16+02:00
Add CVE-2022-29{89,90}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -26,8 +26,16 @@ CVE-2022-2991 (A heap-based buffer overflow was found in the
Linux kernel's Ligh
NOTE: CONFIG_NVM not enabled in Debian
CVE-2022-2990
RESERVED
+ - golang-github-containers-buildah
+ NOTE:
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
+ NOTE: https://github.com/containers/buildah/pull/4200
+ NOTE:
https://github.com/containers/buildah/commit/9934b17365083ce966b44c5ce3c7e052f516e255
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121453
CVE-2022-2989
RESERVED
+ - libpod
+ NOTE:
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445
CVE-2022-2988
RESERVED
CVE-2022-2987
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4927ad964f206777be9016d9a0ebfa5960585a6f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4927ad964f206777be9016d9a0ebfa5960585a6f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-0759 was fixed in ruby-kubeclient 4.9.3-1
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab5d082e by Adrian Bunk at 2022-08-26T02:49:29+03:00 CVE-2022-0759 was fixed in ruby-kubeclient 4.9.3-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35162,7 +35162,7 @@ CVE-2022-0761 CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not includin ...) - - ruby-kubeclient (bug #1014780) + - ruby-kubeclient 4.9.3-1 (bug #1014780) [bullseye] - ruby-kubeclient (Minor issue) [buster] - ruby-kubeclient (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058404 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab5d082ec76df76614ea86a442f30c6f5c9b6a2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab5d082ec76df76614ea86a442f30c6f5c9b6a2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-22728/libapreq2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8576d098 by Salvatore Bonaccorso at 2022-08-26T00:06:45+02:00 Add CVE-2022-22728/libapreq2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46611,7 +46611,8 @@ CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension WikiBaseMediainfo CVE-2022-22728 (A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buf ...) - TODO: check + - libapreq2 + NOTE: https://www.openwall.com/lists/oss-security/2022/08/25/3 CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) NOT-FOR-US: Schneider Electric CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8576d098e5c4d7f02c32879960ed19b66916b7a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8576d098e5c4d7f02c32879960ed19b66916b7a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3800/glib2.0
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e68372e by Salvatore Bonaccorso at 2022-08-26T00:02:54+02:00
Add CVE-2021-3800/glib2.0
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -66700,7 +66700,10 @@ CVE-2021-40987 (A remote arbitrary command execution
vulnerability was discovere
CVE-2021-40986 (A remote arbitrary command execution vulnerability was
discovered in A ...)
NOT-FOR-US: Aruba
CVE-2021-3800 (A flaw was found in glib before version 2.63.6. Due to random
charset ...)
- TODO: check
+ - glib2.0 2.64.0-1
+ NOTE:
https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a519959a5d9cb787404296322618a1
(2.63.6)
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/8
+ TODO: check completeness
CVE-2021-40985 (A stack-based buffer under-read in htmldoc before 1.9.12,
allows attac ...)
{DLA-2928-1}
- htmldoc 1.9.13-1 (unimportant)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e68372eba678dacb4ce49899368abe6545faf71
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e68372eba678dacb4ce49899368abe6545faf71
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-42523/colord
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 76ed2457 by Salvatore Bonaccorso at 2022-08-25T23:57:22+02:00 Add CVE-2021-42523/colord - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62554,7 +62554,9 @@ CVE-2022-20113 (In mPreference of DefaultUsbConfigurationPreferenceController.ja CVE-2022-20112 (In getAvailabilityStatus of PrivateDnsPreferenceController.java, there ...) NOT-FOR-US: Android CVE-2021-42523 (There are two Information Disclosure vulnerabilities in colord, and th ...) - TODO: check + - colord 1.4.6-1 + NOTE: https://github.com/hughsie/colord/issues/110 + NOTE: https://github.com/hughsie/colord/commit/adf41f36cf7214d7d6fa8d528b74eba47c377405 (1.4.6) CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugins/docu ...) - anjuta NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ed245796f0c4d1dcc7319de62acfed152deed7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ed245796f0c4d1dcc7319de62acfed152deed7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-42522/anjuta
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c5b80a4 by Salvatore Bonaccorso at 2022-08-25T23:55:16+02:00 Add CVE-2021-42522/anjuta - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62556,7 +62556,8 @@ CVE-2022-20112 (In getAvailabilityStatus of PrivateDnsPreferenceController.java, CVE-2021-42523 (There are two Information Disclosure vulnerabilities in colord, and th ...) TODO: check CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugins/docu ...) - TODO: check + - anjuta + NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12 CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and it lies ...) - vtk9 - vtk7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c5b80a413bf82f0b29c35231ba2285405026ac7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c5b80a413bf82f0b29c35231ba2285405026ac7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-42521/vtk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e79d2a76 by Salvatore Bonaccorso at 2022-08-25T23:53:05+02:00 Add CVE-2021-42521/vtk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62558,7 +62558,11 @@ CVE-2021-42523 (There are two Information Disclosure vulnerabilities in colord, CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugins/docu ...) TODO: check CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and it lies ...) - TODO: check + - vtk9 + - vtk7 + - vtk6 + NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/17818 + TODO: check, potentially as well src:paraview, but needs to check impact CVE-2021-42520 RESERVED CVE-2021-42519 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79d2a766848fcc89a962d065d4c2c2127451025 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e79d2a766848fcc89a962d065d4c2c2127451025 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-32793/webkit2gtk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a36d2fe8 by Salvatore Bonaccorso at 2022-08-25T23:43:57+02:00 Add CVE-2022-32793/webkit2gtk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15435,6 +15435,7 @@ CVE-2022-32795 CVE-2022-32794 RESERVED CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...) + - webkit2gtk 2.36.7-1 - wpewebkit 2.36.7-1 NOTE: https://wpewebkit.org/security/WSA-2022-0008.html CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input validation] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a36d2fe84660953322e3a5ce6c8a9d9f0a5282d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a36d2fe84660953322e3a5ce6c8a9d9f0a5282d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-32793/wpewebkit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6dd4f3f2 by Salvatore Bonaccorso at 2022-08-25T23:40:26+02:00
Add CVE-2022-32793/wpewebkit
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -15435,7 +15435,8 @@ CVE-2022-32795
CVE-2022-32794
RESERVED
CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with
improved bound ...)
- TODO: check
+ - wpewebkit 2.36.7-1
+ NOTE: https://wpewebkit.org/security/WSA-2022-0008.html
CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input
validation]
RESERVED
{DSA-5211-1 DSA-5210-1 DLA-3073-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd4f3f215b53102f3eed57802c184e611b0e06c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd4f3f215b53102f3eed57802c184e611b0e06c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bbaa6690 by Salvatore Bonaccorso at 2022-08-25T22:57:40+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2076,7 +2076,7 @@ CVE-2022-36373 CVE-2022-36365 RESERVED CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-36355 RESERVED CVE-2022-36352 @@ -2342,7 +2342,7 @@ CVE-2022-37954 CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gateway Chal ...) TODO: check CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...) - TODO: check + NOT-FOR-US: iHistorian Data Display of WorkstationST CVE-2022-37951 RESERVED CVE-2022-37950 @@ -4150,21 +4150,21 @@ CVE-2022-37247 CVE-2022-37246 RESERVED CVE-2022-37245 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37244 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37243 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37242 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulne ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37241 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37240 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37239 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37238 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2022-37237 RESERVED CVE-2022-37236 @@ -4316,15 +4316,15 @@ CVE-2022-37164 CVE-2022-37163 RESERVED CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...) - TODO: check + NOT-FOR-US: Claroline CVE-2022-37161 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...) - TODO: check + NOT-FOR-US: Claroline CVE-2022-37160 (Claroline 13.5.7 and prior allows an authenticated attacker to elevate ...) - TODO: check + NOT-FOR-US: Claroline CVE-2022-37159 (Claroline 13.5.7 and prior is vulnerable to Remote code execution via ...) - TODO: check + NOT-FOR-US: Claroline CVE-2022-37158 (RuoYi v3.8.3 has a Weak password vulnerability in the management syste ...) - TODO: check + NOT-FOR-US: RuoYi CVE-2022-37157 RESERVED CVE-2022-37156 @@ -4440,75 +4440,75 @@ CVE-2022-37102 CVE-2022-37101 RESERVED CVE-2022-37100 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37099 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37098 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37097 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37096 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37095 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37094 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37093 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37092 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37091 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37090 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37089 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37088 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: H3C CVE-2022-37087 (H3C H200 H200V100R004 was discovered to
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-2991/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6853f9d by Salvatore Bonaccorso at 2022-08-25T22:33:11+02:00 Add CVE-2022-2991/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,11 @@ CVE-2022-2993 CVE-2022-2992 RESERVED CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's LightNVM ...) - TODO: check + - linux 5.15.3-1 (unimportant) + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-960/ + NOTE: CONFIG_NVM not enabled in Debian CVE-2022-2990 RESERVED CVE-2022-2989 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6853f9db796506a46ca4fd0d2c6477ddc687f06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6853f9db796506a46ca4fd0d2c6477ddc687f06 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f810a9fb by Salvatore Bonaccorso at 2022-08-25T22:25:30+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -196,7 +196,7 @@ CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due CVE-2022-2958 RESERVED CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...) - TODO: check + NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...) NOT-FOR-US: Noxen CVE-2022-2955 @@ -2636,59 +2636,59 @@ CVE-2022-37826 CVE-2022-37825 RESERVED CVE-2022-37824 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37823 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37822 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37821 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37820 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37819 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37818 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37817 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37816 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37815 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37814 (Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack ove ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37813 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37812 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37811 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37810 (Tenda AC1206 V15.03.06.23 was discovered to contain a command injectio ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37809 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37808 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37807 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37806 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37805 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37804 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37803 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37802 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37801 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37800 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37799 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37798 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37797 RESERVED CVE-2022-37796 @@ -4052,7 +4052,7 @@ CVE-2022-37294 CVE-2022-37293 RESERVED CVE-2022-37292 (Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This over ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-37291 RESERVED CVE-2022-37290 View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd10aa3b by security tracker role at 2022-08-25T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,39 @@ +CVE-2022-38752 + RESERVED +CVE-2022-38751 + RESERVED +CVE-2022-38750 + RESERVED +CVE-2022-38749 + RESERVED +CVE-2022-38748 + RESERVED +CVE-2022-38747 + RESERVED +CVE-2022-38746 + RESERVED +CVE-2022-38745 + RESERVED +CVE-2022-2993 + RESERVED +CVE-2022-2992 + RESERVED +CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's LightNVM ...) + TODO: check +CVE-2022-2990 + RESERVED +CVE-2022-2989 + RESERVED +CVE-2022-2988 + RESERVED +CVE-2022-2987 + RESERVED +CVE-2022-2986 + RESERVED +CVE-2021-46835 + RESERVED +CVE-2020-36602 + RESERVED CVE-2022-38744 RESERVED CVE-2022-38743 @@ -151,8 +187,7 @@ CVE-2022-2961 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120595 CVE-2022-2960 RESERVED -CVE-2022-2959 - RESERVED +CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due to a ...) - linux 5.18.2-1 [bullseye] - linux 5.10.120-1 [buster] - linux (Vulnerable code introduced later) @@ -160,8 +195,8 @@ CVE-2022-2959 NOTE: https://git.kernel.org/linus/189b0ddc245139af81198d1a3637cac74f96e13a (5.19-rc1) CVE-2022-2958 RESERVED -CVE-2022-2957 - RESERVED +CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...) + TODO: check CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...) NOT-FOR-US: Noxen CVE-2022-2955 @@ -2036,8 +2071,8 @@ CVE-2022-36373 RESERVED CVE-2022-36365 RESERVED -CVE-2022-36358 - RESERVED +CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin ...) + TODO: check CVE-2022-36355 RESERVED CVE-2022-36352 @@ -2300,10 +2335,10 @@ CVE-2022-37955 RESERVED CVE-2022-37954 RESERVED -CVE-2022-37953 - RESERVED -CVE-2022-37952 - RESERVED +CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gateway Chal ...) + TODO: check +CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...) + TODO: check CVE-2022-37951 RESERVED CVE-2022-37950 @@ -2600,60 +2635,60 @@ CVE-2022-37826 RESERVED CVE-2022-37825 RESERVED -CVE-2022-37824 - RESERVED -CVE-2022-37823 - RESERVED -CVE-2022-37822 - RESERVED -CVE-2022-37821 - RESERVED -CVE-2022-37820 - RESERVED -CVE-2022-37819 - RESERVED -CVE-2022-37818 - RESERVED -CVE-2022-37817 - RESERVED -CVE-2022-37816 - RESERVED -CVE-2022-37815 - RESERVED -CVE-2022-37814 - RESERVED -CVE-2022-37813 - RESERVED -CVE-2022-37812 - RESERVED -CVE-2022-37811 - RESERVED -CVE-2022-37810 - RESERVED -CVE-2022-37809 - RESERVED -CVE-2022-37808 - RESERVED -CVE-2022-37807 - RESERVED -CVE-2022-37806 - RESERVED -CVE-2022-37805 - RESERVED -CVE-2022-37804 - RESERVED -CVE-2022-37803 - RESERVED -CVE-2022-37802 - RESERVED -CVE-2022-37801 - RESERVED -CVE-2022-37800 - RESERVED -CVE-2022-37799 - RESERVED -CVE-2022-37798 - RESERVED +CVE-2022-37824 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37823 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37822 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37821 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37820 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37819 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37818 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37817 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2022-37816 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + TODO: check +CVE-2022-37815 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + TODO: check +CVE-2022-37814 (Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack ove ...) + TODO: check +CVE-2022-37813 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + TODO: check +CVE-2022-37812 (Tenda AC1206 V15.03.06.23 was
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for zlib update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aba91adf by Salvatore Bonaccorso at 2022-08-25T21:47:35+02:00
Reserve DSA number for zlib update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[25 Aug 2022] DSA-5218-1 zlib - security update
+ {CVE-2022-37434}
+ [bullseye] - zlib 1:1.2.11.dfsg-2+deb11u2
[24 Aug 2022] DSA-5217-1 firefox-esr - security update
{CVE-2022-38472 CVE-2022-38473 CVE-2022-38478}
[bullseye] - firefox-esr 91.13.0esr-1~deb11u1
=
data/dsa-needed.txt
=
@@ -51,5 +51,3 @@ sox
--
thunderbird (jmm)
--
-zlib (carnil)
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba91adf1aff96ecc1bcb1b29510b47046421a1b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba91adf1aff96ecc1bcb1b29510b47046421a1b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-27511/prototypejs via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81a318a0 by Salvatore Bonaccorso at 2022-08-25T21:32:44+02:00 Track fixed version for CVE-2020-27511/prototypejs via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -132817,7 +132817,7 @@ CVE-2020-27513 CVE-2020-27512 RESERVED CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...) - - prototypejs (bug #991898) + - prototypejs 1.7.3-1 (bug #991898) [bullseye] - prototypejs (Minor issue) [buster] - prototypejs (Minor issue) [stretch] - prototypejs (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81a318a09aff9503b13dd00c6acc5a6f9ebabd24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81a318a09aff9503b13dd00c6acc5a6f9ebabd24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 181a9d4e by Salvatore Bonaccorso at 2022-08-25T12:29:56+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9431,7 +9431,7 @@ CVE-2022-35117 (Clinic's Patient Management System v1.0 was discovered to contai CVE-2022-35116 RESERVED CVE-2022-35115 (IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to ...) - TODO: check + NOT-FOR-US: IceWarp WebClient DC2 CVE-2022-35114 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/185 @@ -9753,7 +9753,7 @@ CVE-2022-34962 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was disc CVE-2022-34961 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) NOT-FOR-US: OpenTeknik CVE-2022-34960 (The container package in MikroTik RouterOS 7.4beta4 allows an attacker ...) - TODO: check + NOT-FOR-US: MikroTik RouterOS CVE-2022-34959 RESERVED CVE-2022-34958 @@ -16357,7 +16357,7 @@ CVE-2022-32429 (An authentication-bypass issue in the component http://MYDEVICEI CVE-2022-32428 RESERVED CVE-2022-32427 (PrinterLogic Windows Client through 25.0.0.676 allows attackers to exe ...) - TODO: check + NOT-FOR-US: PrinterLogic Windows Client CVE-2022-32426 RESERVED CVE-2022-32425 (The login function of Mealie v1.0.0beta-2 allows attackers to enumerat ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/181a9d4ee9734efbcdb57eb132a462271f048ceb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/181a9d4ee9734efbcdb57eb132a462271f048ceb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc0a2b42 by Salvatore Bonaccorso at 2022-08-25T11:39:26+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5203,7 +5203,7 @@ CVE-2022-36806 CVE-2022-36805 RESERVED CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7 ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2022-36803 RESERVED CVE-2022-36802 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0a2b42e2a6f3c7fc0799c3b643543b85d00bb0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0a2b42e2a6f3c7fc0799c3b643543b85d00bb0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80fe4f5c by security tracker role at 2022-08-25T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,43 @@
+CVE-2022-38744
+ RESERVED
+CVE-2022-38743
+ RESERVED
+CVE-2022-38742
+ RESERVED
+CVE-2022-38741
+ RESERVED
+CVE-2022-38740
+ RESERVED
+CVE-2022-38739
+ RESERVED
+CVE-2022-38738
+ RESERVED
+CVE-2022-38737
+ RESERVED
+CVE-2022-38736
+ RESERVED
+CVE-2022-38735
+ RESERVED
+CVE-2022-38734
+ RESERVED
+CVE-2022-38733
+ RESERVED
+CVE-2022-38732
+ RESERVED
+CVE-2022-38731
+ RESERVED
+CVE-2022-2985
+ RESERVED
+CVE-2022-2984
+ RESERVED
+CVE-2022-2983
+ RESERVED
+CVE-2022-2982
+ RESERVED
+CVE-2022-2981
+ RESERVED
+CVE-2022-2980
+ RESERVED
CVE-2022-2979
RESERVED
CVE-2022-2978 (A flaw use after free in the Linux kernel NILFS file system was
found ...)
@@ -5162,8 +5202,8 @@ CVE-2022-36806
RESERVED
CVE-2022-36805
RESERVED
-CVE-2022-36804
- RESERVED
+CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data
Center 7 ...)
+ TODO: check
CVE-2022-36803
RESERVED
CVE-2022-36802
@@ -9712,8 +9752,8 @@ CVE-2022-34962 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL
NETWORK v6.3 LTS was disc
NOT-FOR-US: OpenTeknik
CVE-2022-34961 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was
discovered ...)
NOT-FOR-US: OpenTeknik
-CVE-2022-34960
- RESERVED
+CVE-2022-34960 (The container package in MikroTik RouterOS 7.4beta4 allows an
attacker ...)
+ TODO: check
CVE-2022-34959
RESERVED
CVE-2022-34958
@@ -15149,10 +15189,10 @@ CVE-2022-32896
RESERVED
CVE-2022-32895
RESERVED
-CVE-2022-32894
- RESERVED
-CVE-2022-32893
- RESERVED
+CVE-2022-32894 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
+ TODO: check
+CVE-2022-32893 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
+ TODO: check
CVE-2022-32892
RESERVED
CVE-2022-32891
@@ -15223,8 +15263,8 @@ CVE-2022-32859
RESERVED
CVE-2022-32858
RESERVED
-CVE-2022-32857
- RESERVED
+CVE-2022-32857 (This issue was addressed by using HTTPS when sending
information over ...)
+ TODO: check
CVE-2022-32856
RESERVED
CVE-2022-32855
@@ -15257,20 +15297,20 @@ CVE-2022-32842
RESERVED
CVE-2022-32841
RESERVED
-CVE-2022-32840
- RESERVED
-CVE-2022-32839
- RESERVED
-CVE-2022-32838
- RESERVED
-CVE-2022-32837
- RESERVED
+CVE-2022-32840 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2022-32839 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2022-32838 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2022-32837 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2022-32836
RESERVED
CVE-2022-32835
RESERVED
-CVE-2022-32834
- RESERVED
+CVE-2022-32834 (An access issue was addressed with improvements to the
sandbox. This i ...)
+ TODO: check
CVE-2022-32833
RESERVED
CVE-2022-32832
@@ -15315,14 +15355,14 @@ CVE-2022-32815
RESERVED
CVE-2022-32814
RESERVED
-CVE-2022-32813
- RESERVED
-CVE-2022-32812
- RESERVED
-CVE-2022-32811
- RESERVED
-CVE-2022-32810
- RESERVED
+CVE-2022-32813 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2022-32812 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2022-32811 (A memory corruption vulnerability was addressed with improved
locking. ...)
+ TODO: check
+CVE-2022-32810 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
CVE-2022-32809
RESERVED
CVE-2022-32808
@@ -15355,8 +15395,8 @@ CVE-2022-32795
RESERVED
CVE-2022-32794
RESERVED
-CVE-2022-32793
- RESERVED
+CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with
improved bound ...)
+ TODO: check
CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input
validation]
RESERVED
{DSA-5211-1 DSA-5210-1 DLA-3073-1}
@@ -16316,8 +16356,8 @@ CVE-2022-32429 (An authentication-bypass issue in the
component http://MYDEVICEI
NOT-FOR-US: Mega System Technologies Inc MSNSwitch
CVE-2022-32428
RESERVED
-CVE-2022-32427
- RESERVED
+CVE-2022-32427 (PrinterLogic Windows Client through 25.0.0.676 allows
attackers to exe ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3081-1 for open-vm-tools
Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65156c78 by Abhijith PA at 2022-08-25T12:47:43+05:30
Reserve DLA-3081-1 for open-vm-tools
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[25 Aug 2022] DLA-3081-1 open-vm-tools - security update
+ {CVE-2022-31676}
+ [buster] - open-vm-tools 2:10.3.10-1+deb10u3
[24 Aug 2022] DLA-3080-1 firefox-esr - security update
{CVE-2022-38472 CVE-2022-38473 CVE-2022-38478}
[buster] - firefox-esr 91.13.0esr-1~deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65156c78415bace7957c7ffe0991599f29bd10b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65156c78415bace7957c7ffe0991599f29bd10b6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process CVE-2021-4022 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a0587d5 by Salvatore Bonaccorso at 2022-08-25T08:27:15+02:00 Process CVE-2021-4022 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54532,6 +54532,7 @@ CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the Linux NOTE: https://git.kernel.org/linus/713b9825a4c47897f66ad69409581e7734a8728e (5.15-rc1) CVE-2021-4022 RESERVED + NOT-FOR-US: Rizin CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...) - keepalived 1:2.2.4-0.2 [bullseye] - keepalived 1:2.1.5-0.2+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0587d54dda5c69f9e8e17b0b3d92d2775dee58 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0587d54dda5c69f9e8e17b0b3d92d2775dee58 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
