[Git][security-tracker-team/security-tracker][master] CVE-2017-16909: fix commit id of patch
Helmut Grohne pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27b04511 by Helmut Grohne at 2022-11-28T08:32:04+01:00
CVE-2017-16909: fix commit id of patch
I've also re-checked buster to really be fixed. The code has been
significantly redone and includes the necessary checks. Later releases
will be fixed as well.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -336749,7 +336749,7 @@ CVE-2017-16909 (An error related to the
"LibRaw::panasonic_load_raw()" function
[jessie] - libraw (Minor issue)
[wheezy] - libraw (Minor issue)
NOTE:
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
- NOTE:
https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a
CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field
during crea ...)
{DLA-2350-1}
- php-horde-kronolith 4.2.24-1 (bug #909738)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b045113279caaaf2ddecfc97a35b1377137ee0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b045113279caaaf2ddecfc97a35b1377137ee0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2022-4145 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9fbb284 by Salvatore Bonaccorso at 2022-11-28T07:57:03+01:00 Mark CVE-2022-4145 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52,6 +52,7 @@ CVE-2022-45911 RESERVED CVE-2022-4145 RESERVED + NOT-FOR-US: OpenShift CVE-2022-45910 RESERVED CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a long Re ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9fbb28412bf7db315db899a9734cdd9a891f67e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9fbb28412bf7db315db899a9734cdd9a891f67e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-3650
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc659545 by Salvatore Bonaccorso at 2022-11-28T06:22:47+01:00 Add Debian bug reference for CVE-2022-3650 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9105,7 +9105,7 @@ CVE-2022-3651 RESERVED CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit] RESERVED - - ceph + - ceph (bug #1024932) NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1 NOTE: https://tracker.ceph.com/issues/57967 NOTE: https://github.com/ceph/ceph/pull/48713 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc659545a1c12455ad3b7fc6572ed064c10124c4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc659545a1c12455ad3b7fc6572ed064c10124c4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Claim jhead in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b579936 by Markus Koschany at 2022-11-28T00:07:05+01:00 Claim jhead in dla-needed.txt - - - - - dd79809b by Markus Koschany at 2022-11-28T00:07:26+01:00 Claim jhead in dsa-needed.txt - - - - - 2 changed files: - data/dla-needed.txt - data/dsa-needed.txt Changes: = data/dla-needed.txt = @@ -93,7 +93,7 @@ ini4j (Markus Koschany) NOTE: 20221012: Programming language: Java. NOTE: 20221012: Require investigation (lamby) -- -jhead +jhead (Markus Koschany) NOTE: 20221031: Programming language: C. NOTE: 20221031: Note that multiple options are vulnerable. The attacker have to trick someone to execute the command but arbitrary code exectuion is not good.. NOTE: 20221031: It should be stated in the DLA that multiple options are affected.. = data/dsa-needed.txt = @@ -18,7 +18,7 @@ frr -- gerbv -- -jhead +jhead (apo) -- lava -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59f40b51cd3d93ffb48e068d699ecf8c01f08008...dd79809b6bdcc9e456bc0989db484fb14c42087b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59f40b51cd3d93ffb48e068d699ecf8c01f08008...dd79809b6bdcc9e456bc0989db484fb14c42087b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim commons-configuration2 in dsa-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 59f40b51 by Markus Koschany at 2022-11-28T00:04:07+01:00 Claim commons-configuration2 in dsa-needed.txt - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -12,7 +12,7 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. -- -commons-configuration2 +commons-configuration2 (apo) -- frr -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59f40b51cd3d93ffb48e068d699ecf8c01f08008 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59f40b51cd3d93ffb48e068d699ecf8c01f08008 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Claim ini4j in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02490bd0 by Markus Koschany at 2022-11-27T23:27:51+01:00
Claim ini4j in dla-needed.txt
- - - - -
3f7f5edd by Markus Koschany at 2022-11-27T23:28:52+01:00
Reserve DLA-3208-1 for varnish
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -194003,7 +194003,6 @@ CVE-2020-11654
RESERVED
CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS,
6.1.x and 6 ...)
- varnish 6.4.0-1 (bug #956307)
- [buster] - varnish (Can be fixed along in next DSA)
[stretch] - varnish (Only affects 6.x)
[jessie] - varnish (Only affects 6.x)
NOTE: https://varnish-cache.org/security/VSV5.html#vsv5
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[27 Nov 2022] DLA-3208-1 varnish - security update
+ {CVE-2020-11653 CVE-2022-45060}
+ [buster] - varnish 6.1.1-1+deb10u4
[27 Nov 2022] DLA-3207-1 jackson-databind - security update
{CVE-2020-36518 CVE-2022-42003 CVE-2022-42004}
[buster] - jackson-databind 2.9.8-3+deb10u4
=
data/dla-needed.txt
=
@@ -89,7 +89,7 @@ imagemagick (Roberto C. Sánchez)
NOTE: 20220904: VCS:
https://salsa.debian.org/lts-team/packages/imagemagick.git
NOTE: 20220904: Should be synced with Stretch. (apo)
--
-ini4j
+ini4j (Markus Koschany)
NOTE: 20221012: Programming language: Java.
NOTE: 20221012: Require investigation (lamby)
--
@@ -331,10 +331,6 @@ trafficserver
twisted (Dominik George)
NOTE: 20221030: Programming language: Python.
--
-varnish (Markus Koschany)
- NOTE: 20221109: Programming language: C.
- NOTE: 20221109: First DLA, 3 minor CVEs to fix (Beuc/front-desk)
---
virglrenderer (Thorsten Alteholz)
NOTE: 20221009: Programming language: C.
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1af13e3376f0932c4781fd9a7241373b91e149e8...3f7f5edd18002d34426498de0b7eb14a7e3506da
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1af13e3376f0932c4781fd9a7241373b91e149e8...3f7f5edd18002d34426498de0b7eb14a7e3506da
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1af13e33 by Moritz Muehlenhoff at 2022-11-27T22:45:21+01:00 bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -94,6 +94,7 @@ CVE-2022-4142 RESERVED CVE-2022-4141 (The target's backtrace indicates that libc has detected a heap error o ...) - vim + [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947) CVE-2022-4140 @@ -9596,6 +9597,7 @@ CVE-2022-3607 (Failure to Sanitize Special Elements into a Different Plane (Spec - octoprint (bug #718591) CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been classified as p ...) - libbpf (bug #1023717) + [bullseye] - libbpf (Minor issue) NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/a3abae5122f30b83baebd4e4dd8ba4578a87cd4b (v0.2) NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671 CVE-2022-3605 @@ -10803,6 +10805,7 @@ CVE-2022-3535 (A vulnerability classified as problematic was found in Linux Kern NOTE: https://git.kernel.org/linus/0152dfee235e87660f52a117fc9f70dc55956bb4 (6.1-rc1) CVE-2022-3534 (A vulnerability classified as critical has been found in Linux Kernel. ...) - libbpf (bug #1023717) + [bullseye] - libbpf (Minor issue) NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/7ac1547f32f060d84b06c74edbb2c6896cc07949 (v0.2) NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/54caf920db0e489de90f341e2a51ddbcd084 CVE-2022-3533 (A vulnerability was found in Linux Kernel. It has been rated as proble ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af13e3376f0932c4781fd9a7241373b91e149e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af13e3376f0932c4781fd9a7241373b91e149e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
558c7707 by Moritz Mühlenhoff at 2022-11-27T22:25:26+01:00
chromium DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[27 Nov 2022] DSA-5289-1 chromium - security update
+ {CVE-2022-4135}
+ [bullseye] - chromium 107.0.5304.121-1~deb11u1
[25 Nov 2022] DSA-5288-1 graphicsmagick - security update
{CVE-2022-1270}
[bullseye] - graphicsmagick 1.4+really1.3.36+hg16481-2+deb11u1
=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-chromium
--
commons-configuration2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/558c77079fff4f06f05d0075cb8fd5be28032c4e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/558c77079fff4f06f05d0075cb8fd5be28032c4e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-45907/pytorch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9176c81e by Salvatore Bonaccorso at 2022-11-27T21:11:39+01:00 Add Debian bug reference for CVE-2022-45907/pytorch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59,7 +59,7 @@ CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a l CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vuln ...) TODO: check CVE-2022-45907 (In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line c ...) - - pytorch + - pytorch (bug #1024903) [bullseye] - pytorch (Minor issue) NOTE: https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3 NOTE: https://github.com/pytorch/pytorch/issues/88868 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9176c81e2cc08e53dd60f3787a0e7a8c6698e16a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9176c81e2cc08e53dd60f3787a0e7a8c6698e16a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e0708ff by security tracker role at 2022-11-27T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2022-45935
+ RESERVED
CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10.
l2cap_conf ...)
- linux
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
@@ -13313,13 +13315,13 @@ CVE-2022-42006
CVE-2022-42005
RESERVED
CVE-2022-42004 (In FasterXML jackson-databind before 2.13.4, resource
exhaustion can o ...)
- {DSA-5283-1}
+ {DSA-5283-1 DLA-3207-1}
- jackson-databind 2.14.0-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/3582
NOTE:
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
(jackson-databind-2.13.4)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource
exhaustion c ...)
- {DSA-5283-1}
+ {DSA-5283-1 DLA-3207-1}
- jackson-databind 2.14.0-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/3590
NOTE:
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
(jackson-databind-2.14.0-rc1)
@@ -55198,7 +55200,7 @@ CVE-2021-46708 (The swagger-ui-dist package before
4.1.3 for Node.js could allow
- node-swagger-ui (bug #871461)
- swagger-ui (bug #895422)
CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow
exception a ...)
- {DSA-5283-1 DLA-2990-1}
+ {DSA-5283-1 DLA-3207-1 DLA-2990-1}
- jackson-databind 2.13.2.2-1 (bug #1007109)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2816
CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to
conduct spoof ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e0708ff57808933be3fa327163fe84de7e186b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e0708ff57808933be3fa327163fe84de7e186b9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2022-45907 as no-dsa for bullseye
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb1466f5 by Salvatore Bonaccorso at 2022-11-27T20:35:38+01:00 Mark CVE-2022-45907 as no-dsa for bullseye - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -58,6 +58,7 @@ CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window i TODO: check CVE-2022-45907 (In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line c ...) - pytorch + [bullseye] - pytorch (Minor issue) NOTE: https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3 NOTE: https://github.com/pytorch/pytorch/issues/88868 CVE-2022-45906 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb1466f5e774f57da4c72e05b1db8ea3a1161b66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb1466f5e774f57da4c72e05b1db8ea3a1161b66 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for various heimdal issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dfe99cca by Salvatore Bonaccorso at 2022-11-27T20:22:27+01:00
Track fixed version for various heimdal issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -4702,7 +4702,7 @@ CVE-2022-44641 (In Linaro Automated Validation
Architecture (LAVA) before 2022.1
CVE-2022-44640 [Invalid free in ASN.1 codec]
RESERVED
{DSA-5287-1 DLA-3206-1}
- - heimdal (bug #1024187)
+ - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
NOTE:
https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e
(heimdal-7.7.1)
CVE-2022-44639
@@ -11168,7 +11168,7 @@ CVE-2022-42899 (Bentley MicroStation and
MicroStation-based applications may be
CVE-2022-42898 [krb5_pac_parse() buffer parsing vulnerability]
RESERVED
{DSA-5287-1 DSA-5286-1 DLA-3206-1}
- - heimdal (bug #1024187)
+ - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- krb5 1.20.1-1 (bug #1024267)
- samba 2:4.17.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2022-42898.html
@@ -11717,7 +11717,7 @@ CVE-2022-3437 [Buffer overflow in Heimdal unwrap_des3()]
RESERVED
{DSA-5287-1 DLA-3206-1}
- samba 2:4.16.6+dfsg-1
- - heimdal (bug #1024187)
+ - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
NOTE: https://www.samba.org/samba/security/CVE-2022-3437.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15134
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j
@@ -13508,7 +13508,7 @@ CVE-2022-41917 (OpenSearch is a community-driven, open
source fork of Elasticsea
NOT-FOR-US: OpenSearch
CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos.
Version ...)
{DSA-5287-1 DLA-3206-1}
- - heimdal (bug #1024187)
+ - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
NOTE:
https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c
(heimdal-7.7.1)
CVE-2022-41915
@@ -75254,7 +75254,7 @@ CVE-2021-4081 (pimcore is vulnerable to Improper
Neutralization of Input During
CVE-2021-44758 [spnego: send_reject when no mech selected]
RESERVED
{DSA-5287-1 DLA-3206-1}
- - heimdal (bug #1024187)
+ - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
NOTE:
https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580
(heimdal-7.7.1)
CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and
Desktop Centr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfe99ccabc00a38667788bfa7a77d8b6b204cf5c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfe99ccabc00a38667788bfa7a77d8b6b204cf5c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-39237/golang-github-sylabs-sif
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d5f2dc2a by Salvatore Bonaccorso at 2022-11-27T20:18:48+01:00 Track fixed version for CVE-2022-39237/golang-github-sylabs-sif - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20087,7 +20087,7 @@ CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify using CVE-2022-39238 (Arvados is an open source platform for managing and analyzing biomedic ...) NOT-FOR-US: Arvados CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference implementa ...) - - golang-github-sylabs-sif (bug #1023570) + - golang-github-sylabs-sif 2.8.3-1 (bug #1023570) [bullseye] - golang-github-sylabs-sif (Minor issue) - singularity-container 3.10.3+ds1-1 NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5f2dc2a527b064c8081e7431d0f02b401f59ea4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5f2dc2a527b064c8081e7431d0f02b401f59ea4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3207-1 for jackson-databind
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce7864de by Markus Koschany at 2022-11-27T19:50:08+01:00
Reserve DLA-3207-1 for jackson-databind
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -55199,7 +55199,6 @@ CVE-2021-46708 (The swagger-ui-dist package before
4.1.3 for Node.js could allow
CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow
exception a ...)
{DSA-5283-1 DLA-2990-1}
- jackson-databind 2.13.2.2-1 (bug #1007109)
- [buster] - jackson-databind (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2816
CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to
conduct spoof ...)
- node-swagger-ui (bug #871461)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[27 Nov 2022] DLA-3207-1 jackson-databind - security update
+ {CVE-2020-36518 CVE-2022-42003 CVE-2022-42004}
+ [buster] - jackson-databind 2.9.8-3+deb10u4
[26 Nov 2022] DLA-3206-1 heimdal - security update
{CVE-2019-14870 CVE-2021-3671 CVE-2021-44758 CVE-2022-3437
CVE-2022-41916 CVE-2022-42898 CVE-2022-44640}
[buster] - heimdal 7.5.0+dfsg-3+deb10u1
=
data/dla-needed.txt
=
@@ -93,9 +93,6 @@ ini4j
NOTE: 20221012: Programming language: Java.
NOTE: 20221012: Require investigation (lamby)
--
-jackson-databind (Markus Koschany)
- NOTE: 20221030: Programming language: Java.
---
jhead
NOTE: 20221031: Programming language: C.
NOTE: 20221031: Note that multiple options are vulnerable. The attacker have
to trick someone to execute the command but arbitrary code exectuion is not
good..
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7864debc3bf998f83a9cf99927a672c729d72a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7864debc3bf998f83a9cf99927a672c729d72a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim netatalk in dla-needed.txt
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e41abfa by Anton Gladky at 2022-11-27T09:43:32+01:00 LTS: claim netatalk in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -162,7 +162,7 @@ multipath-tools net-snmp NOTE: 20221120: Programming language: C. -- -netatalk +netatalk (gladk) NOTE: 20220816: Programming language: C. NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e41abfade4a23199d26118243f0f81251a49df4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e41abfade4a23199d26118243f0f81251a49df4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: Mark CVE-2009-1143/open-vm-tools as postponed for buster
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
918a2392 by Utkarsh Gupta at 2022-11-27T14:10:46+05:30
Mark CVE-2009-1143/open-vm-tools as postponed for buster
- - - - -
1fba0734 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Mark CVE-2022-396{4,5}/ffmpeg as postponed for buster
- - - - -
d34e07f6 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Add lava to dla-needed
- - - - -
e8fe3b20 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Add pngcheck to dla-needed
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -2234,10 +2234,12 @@ CVE-2022-3966 (A vulnerability, which was classified as
critical, has been found
CVE-2022-3965 (A vulnerability classified as problematic was found in ffmpeg.
This vu ...)
- ffmpeg
[bullseye] - ffmpeg (Wait until it lands in 4.1.x)
+ [buster] - ffmpeg (Wait until it lands in 4.1.x)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd
CVE-2022-3964 (A vulnerability classified as problematic has been found in
ffmpeg. Th ...)
- ffmpeg
[bullseye] - ffmpeg (Wait until it lands in 4.1.x)
+ [buster] - ffmpeg (Wait until it lands in 4.1.x)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984
CVE-2022-45197
RESERVED
@@ -544432,6 +544434,7 @@ CVE-2009-1144 (Untrusted search path vulnerability in
the Gentoo package of Xpdf
CVE-2009-1143 (An issue was discovered in open-vm-tools 2009.03.18-154848.
Local user ...)
- open-vm-tools 2:12.0.0-1
[bullseye] - open-vm-tools (Minor issue; mount.vmhgfs not suid
root in Debian)
+ [buster] - open-vm-tools (Minor issue; mount.vmhgfs not
suid root in Debian)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=372070
NOTE: Removing hgfsmounter/mount.vmhgfs:
https://github.com/vmware/open-vm-tools/commit/61331a189a0eeb76f014db28288b06c0323bc0b9
(stable-12.0.0)
CVE-2009-1142 (An issue was discovered in open-vm-tools 2009.03.18-154848.
Local user ...)
=
data/dla-needed.txt
=
@@ -112,6 +112,9 @@ kopanocore
krb5 (Chris Lamb)
NOTE: 20221117: Programming language: C.
--
+lava
+ NOTE: 20221127: Programming language: Python.
+--
libapreq2
NOTE: 20221031: Programming language: C.
--
@@ -249,6 +252,9 @@ pluxml
NOTE: 20220913: Programming language: PHP.
NOTE: 20220913: Special attention: orphaned package.
--
+pngcheck
+ NOTE: 20221127: Programming language: C.
+--
protobuf
NOTE: 20221031: Programming language: Several.
NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated
code and must therefore get special attention from the application developer
using protobuf.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1efc6d893859bc3052b4d8017cc2caf411f3e63d...e8fe3b20dd7c213bff3b4f969acab04d97d66eff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1efc6d893859bc3052b4d8017cc2caf411f3e63d...e8fe3b20dd7c213bff3b4f969acab04d97d66eff
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-45907/pytorch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1efc6d89 by Salvatore Bonaccorso at 2022-11-27T09:37:17+01:00 Add CVE-2022-45907/pytorch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -57,7 +57,9 @@ CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a l CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vuln ...) TODO: check CVE-2022-45907 (In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line c ...) - TODO: check + - pytorch + NOTE: https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3 + NOTE: https://github.com/pytorch/pytorch/issues/88868 CVE-2022-45906 RESERVED CVE-2022-45905 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1efc6d893859bc3052b4d8017cc2caf411f3e63d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1efc6d893859bc3052b4d8017cc2caf411f3e63d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove todo item for CVE-2022-45919
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb1e1c6d by Salvatore Bonaccorso at 2022-11-27T09:36:30+01:00 Remove todo item for CVE-2022-45919 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32,7 +32,6 @@ CVE-2022-45920 CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...) - linux NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u - TODO: check CVE-2022-45918 RESERVED CVE-2022-45917 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb1e1c6ddec5ed6b7191f11da4a588194c16fa06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb1e1c6ddec5ed6b7191f11da4a588194c16fa06 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa4f396c by Salvatore Bonaccorso at 2022-11-27T09:35:56+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,13 +2,13 @@ CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2ca - linux NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d CVE-2022-45933 (KubeView through 0.1.31 allows attackers to obtain control of a Kubern ...) - TODO: check + NOT-FOR-US: KubeView CVE-2022-45932 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) - TODO: check + NOT-FOR-US: OpenDaylight CVE-2022-45931 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) - TODO: check + NOT-FOR-US: OpenDaylight CVE-2022-45930 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) - TODO: check + NOT-FOR-US: OpenDaylight CVE-2022-45929 RESERVED CVE-2022-45928 @@ -2099,7 +2099,7 @@ CVE-2022-45227 CVE-2022-45226 RESERVED CVE-2022-45225 (Book Store Management System v1.0 was discovered to contain a cross-si ...) - TODO: check + NOT-FOR-US: Book Store Management System CVE-2022-45224 RESERVED CVE-2022-45223 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa4f396c1b8cb50b4ad5863b0c6aebe6c58ac2b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa4f396c1b8cb50b4ad5863b0c6aebe6c58ac2b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-45934/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b558620 by Salvatore Bonaccorso at 2022-11-27T09:31:12+01:00 Add CVE-2022-45934/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...) - TODO: check + - linux + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d CVE-2022-45933 (KubeView through 0.1.31 allows attackers to obtain control of a Kubern ...) TODO: check CVE-2022-45932 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b558620a5cf1018f190109c828d772f59ee2b4a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b558620a5cf1018f190109c828d772f59ee2b4a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-45919/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2df6f3de by Salvatore Bonaccorso at 2022-11-27T09:26:50+01:00 Add CVE-2022-45919/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,6 +29,8 @@ CVE-2022-45921 CVE-2022-45920 RESERVED CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...) + - linux + NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u TODO: check CVE-2022-45918 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2df6f3debcabd7a32151ca02f338024dbf8e70fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2df6f3debcabd7a32151ca02f338024dbf8e70fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed vrersion for chromium issue (CVE-2022-4135) via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9196af4d by Salvatore Bonaccorso at 2022-11-27T09:24:22+01:00 Track fixed vrersion for chromium issue (CVE-2022-4135) via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -174,7 +174,7 @@ CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and before version 11.3, CVE-2022-4136 (Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4 ...) NOT-FOR-US: leadshop CVE-2022-4135 (Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 a ...) - - chromium + - chromium 107.0.5304.121-1 [buster] - chromium (see DSA 5046) CVE-2022-4134 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9196af4dbcdf6613f026923d1453ee03064130cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9196af4dbcdf6613f026923d1453ee03064130cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57088072 by security tracker role at 2022-11-27T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...) + TODO: check +CVE-2022-45933 (KubeView through 0.1.31 allows attackers to obtain control of a Kubern ...) + TODO: check +CVE-2022-45932 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) + TODO: check +CVE-2022-45931 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) + TODO: check +CVE-2022-45930 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) + TODO: check +CVE-2022-45929 + RESERVED +CVE-2022-45928 + RESERVED +CVE-2022-45927 + RESERVED +CVE-2022-45926 + RESERVED +CVE-2022-45925 + RESERVED +CVE-2022-45924 + RESERVED +CVE-2022-45923 + RESERVED +CVE-2022-45922 + RESERVED +CVE-2022-45921 + RESERVED +CVE-2022-45920 + RESERVED +CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...) + TODO: check +CVE-2022-45918 + RESERVED +CVE-2022-45917 + RESERVED +CVE-2022-45916 + RESERVED +CVE-2022-45915 + RESERVED +CVE-2022-45914 (The ESL (Electronic Shelf Label) protocol, as implemented by (for exam ...) + TODO: check +CVE-2022-45913 + RESERVED +CVE-2022-45912 + RESERVED +CVE-2022-45911 + RESERVED +CVE-2022-4145 + RESERVED CVE-2022-45910 RESERVED CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a long Re ...) @@ -8732,8 +8782,7 @@ CVE-2022-43707 (MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in th NOT-FOR-US: MyBB CVE-2022-43706 RESERVED -CVE-2022-43705 [malicious OCSP responder could forge OCSP responses] - RESERVED +CVE-2022-43705 (In Botan before 2.19.3, it is possible to forge OCSP responses due to ...) - botan 2.19.3+dfsg-1 [bullseye] - botan (Minor issue) [buster] - botan (Minor issue) @@ -23439,7 +23488,7 @@ CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia Pat NOT-FOR-US: Avaya Scopia Pathfinder CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. ...) NOT-FOR-US: Nintex Workflow plugin for SharePoint -CVE-2022-38166 (In F‑Secure Endpoint Protection for Windows and macOS before cha ...) +CVE-2022-38166 (In F-Secure Endpoint Protection for Windows and macOS before channel w ...) NOT-FOR-US: F-Secure CVE-2022-38165 (Arbitrary file write in F-Secure Policy Manager through 2022-08-10 all ...) NOT-FOR-US: WithSecure @@ -60381,8 +60430,8 @@ CVE-2022-25001 RESERVED CVE-2022-25000 RESERVED -CVE-2022-24999 - RESERVED +CVE-2022-24999 (qs before 6.10.3, as used in Express before 4.17.3 and other products, ...) + TODO: check CVE-2022-24998 RESERVED CVE-2022-24997 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/570880726c9ef97ab796c8b5360b17a436f0d3ba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/570880726c9ef97ab796c8b5360b17a436f0d3ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
