[Git][security-tracker-team/security-tracker][master] Mark bullseye as unaffected by CVE-2021-{20180,20191}
Lee Garrett pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bce1a0d1 by Lee Garrett at 2024-06-02T20:03:54+02:00
Mark bullseye as unaffected by CVE-2021-{20180,20191}
bullseye was released with the patched code.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -261894,7 +261894,7 @@ CVE-2021-20192
CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are
being d ...)
{DLA-3695-1}
- ansible 5.4.0-1 (bug #985753)
- [bullseye] - ansible (Minor issue)
+ [bullseye] - ansible (vulnerable code not present)
[stretch] - ansible (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813
NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
@@ -261933,7 +261933,7 @@ CVE-2021-20181 (A race condition flaw was found in
the 9pfs server implementatio
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
CVE-2021-20180 (A flaw was found in ansible module where credentials are
disclosed in ...)
- ansible 5.4.0-1 (bug #985753)
- [bullseye] - ansible (Minor issue)
+ [bullseye] - ansible (vulnerable code not present)
[buster] - ansible (code introduced later)
[stretch] - ansible (code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915808
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce1a0d122eff9df95cdcad02d6a903e4fff6a7f
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce1a0d122eff9df95cdcad02d6a903e4fff6a7f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark bullseye as unaffected by CVE-2021-20178
Lee Garrett pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9080069a by Lee Garrett at 2024-06-02T19:44:58+02:00
Mark bullseye as unaffected by CVE-2021-20178
The patch was always present in the bullseye release, see
https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -261945,7 +261945,7 @@ CVE-2021-20179 (A flaw was found in pki-core. An
attacker who has successfully c
CVE-2021-20178 (A flaw was found in ansible module where credentials are
disclosed in ...)
{DLA-3695-1}
- ansible 5.4.0-1 (bug #985753)
- [bullseye] - ansible (Minor issue)
+ [bullseye] - ansible (Vulnerable code not present)
[stretch] - ansible (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774
NOTE: https://github.com/ansible-collections/community.general/pull/1621
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9080069ae6600fa963f8f1416c8306eff10ab55a
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9080069ae6600fa963f8f1416c8306eff10ab55a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add note about bookworm-proposed-update for ansible(-core)
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 59be7188 by Lee Garrett at 2024-05-01T17:51:12+02:00 add note about bookworm-proposed-update for ansible(-core) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,6 +29,7 @@ ansible (Lee Garrett) NOTE: 20231217: Begin to triage CVEs (rouca) NOTE: 20231217: Triaging done a few mail send upstream for claryfication purposes (rouca) NOTE: 20231228: Made a partial release DLA-3695-1 (rouca), waiting for lee + NOTE: 20240501: Update for bookworm-proposed-update: #1070193 (lee) -- apache2 (debian) NOTE: 20240418: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59be7188320e27ccfcfde9661413965d15f39077 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59be7188320e27ccfcfde9661413965d15f39077 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim apache2 in dla-needed.txt
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ec5d605 by Lee Garrett at 2024-04-29T21:10:44+02:00 LTS: claim apache2 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -30,7 +30,7 @@ ansible (Lee Garrett) NOTE: 20231217: Triaging done a few mail send upstream for claryfication purposes (rouca) NOTE: 20231228: Made a partial release DLA-3695-1 (rouca), waiting for lee -- -apache2 +apache2 (debian) NOTE: 20240418: Added by Front-Desk (apo) -- astropy (Chris Lamb) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ec5d6057e214fb4c997623ba2f6e4c480ceac9e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ec5d6057e214fb4c997623ba2f6e4c480ceac9e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim ansible in dla-needed.txt
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: ebd070b6 by Lee Garrett at 2024-04-17T16:35:03+02:00 LTS: claim ansible in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,7 +21,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -ansible +ansible (debian) NOTE: 20231202: Added by Front-Desk (Beuc) NOTE: 20231202: Supported package, but there's a CVE backlog, and no updates since 2021 NOTE: 20231202: (neither in LTS nor in stable/oldstable), so this is an opportunity to View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebd070b6143d1f01e7f11713ea2ada6a4d430021 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebd070b6143d1f01e7f11713ea2ada6a4d430021 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim samba
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: c57cad5e by Lee Garrett at 2023-10-31T16:44:45+01:00 Claim samba - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -213,7 +213,7 @@ salt NOTE: 20230928: will need python3-attr (>= 19.1) may from buster-backport ? or vendored ? NOTE: 20230928: see https://lists.debian.org/debian-lts/2023/09/msg00033.html -- -samba +samba (Lee Garrett) NOTE: 20230918: Added by Front-Desk (apo) -- suricata View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c57cad5e0644eb1172e8369dacdcfe8d6dae3eb4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c57cad5e0644eb1172e8369dacdcfe8d6dae3eb4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3563-1 for samba
Lee Garrett pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b6f16251 by Lee Garrett at 2023-09-12T17:58:04+02:00
Reserve DLA-3563-1 for samba
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -276110,7 +276110,6 @@ CVE-2019-19345 (A vulnerability was found in all
openshift/mediawiki-apb 4.x.x v
NOT-FOR-US: openshift
CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions
before 4.9 ...)
- samba 2:4.11.5+dfsg-1 (bug #950499)
- [buster] - samba (Minor issue)
[stretch] - samba (Only affects Samba 4.9 onwards)
[jessie] - samba (Only affects Samba 4.9 onwards)
NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
@@ -292162,7 +292161,6 @@ CVE-2019-14908
CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12
and 4.11 ...)
{DLA-2668-1}
- samba 2:4.11.5+dfsg-1
- [buster] - samba (Minor issue)
[jessie] - samba (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did
not fix ...)
@@ -292187,7 +292185,6 @@ CVE-2019-14903
CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5,
all samb ...)
{DLA-2668-1}
- samba 2:4.11.5+dfsg-1
- [buster] - samba (Minor issue)
[jessie] - samba (difficult and risky backport to 4.2 in
jessie)
NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html
NOTE: Workaround: Use of 'samba-tool drs replicate $DC1 $DC2 $NC
--full-sync' will
@@ -292502,7 +292499,6 @@ CVE-2019-14848
CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba
4.10.x b ...)
{DLA-2668-1}
- samba 2:4.11.0+dfsg-6
- [buster] - samba (Minor issue)
[jessie] - samba (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine
2.8.5, an ...)
@@ -292547,7 +292543,6 @@ CVE-2019-14834 (A vulnerability was found in dnsmasq
before version 2.81, where
CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0
before sa ...)
{DLA-2668-1}
- samba 2:4.11.1+dfsg-2
- [buster] - samba (Minor issue)
[jessie] - samba (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14833.html
CVE-2019-14832 (A flaw was found in the Keycloak REST API before version 8.0.0
where i ...)
@@ -307015,7 +307010,6 @@ CVE-2019-10219 (A vulnerability was found in
Hibernate-Validator. The SafeHtml v
CVE-2019-10218 (A flaw was found in the samba client, all samba versions
before samba ...)
{DLA-2668-1}
- samba 2:4.11.1+dfsg-2
- [buster] - samba (Minor issue)
[jessie] - samba (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-10218.html
CVE-2019-10217 (A flaw was found in ansible 2.8.0 before 2.8.4. Fields
managing sensit ...)
@@ -465836,7 +465830,6 @@ CVE-2016-2125 (It was found that Samba before
versions 4.5.3, 4.4.8, 4.3.13 alwa
CVE-2016-2124 (A flaw was found in the way samba implemented SMB1
authentication. An ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
- [buster] - samba (Minor issue)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444
NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html
CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba
routine n ...)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[12 Sep 2023] DLA-3563-1 samba - security update
+ {CVE-2016-2124 CVE-2019-10218 CVE-2019-14833 CVE-2019-14847
CVE-2019-14902 CVE-2019-14907 CVE-2019-19344}
+ [buster] - samba 2:4.9.5+dfsg-5+deb10u4
[12 Sep 2023] DLA-3562-1 orthanc - security update
{CVE-2023-33466}
[buster] - orthanc 1.5.6+dfsg-1+deb10u1
=
data/dla-needed.txt
=
@@ -227,16 +227,6 @@ salt
NOTE: 20230720:
https://docs.saltproject.io/en/master/topics/releases/3002.html#execution-module-changes
NOTE: 20230720: Last but not least salt is not present in stable/testing
(rouca)
--
-samba
- NOTE: 20220904: Added by Front-Desk (apo)
- NOTE: 20220904: Many postponed or open CVE in general. (apo)
- NOTE: 20230323: Still working on the long list of CVEs, will likely release
an intermittent package first (lee)
- NOTE: 20230807: WIP package is available at
g...@salsa.debian.org:lts-team/packages/samba.git
- NOTE: 20230807: in the branch "lgarrett/2023-02-23-debian/buster-proposed"
- NOTE: 20230807: functional test framework is however needed (WIP) as most
- NOTE: 20230807:
[Git][security-tracker-team/security-tracker][master] Reclaim samba and add status update
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: c74cec47 by Lee Garrett at 2023-08-07T19:32:44+02:00 Reclaim samba and add status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -182,10 +182,14 @@ salt NOTE: 20230720: https://docs.saltproject.io/en/master/topics/releases/3002.html#execution-module-changes NOTE: 20230720: Last but not least salt is not present in stable/testing (rouca) -- -samba +samba (Lee Garrett) NOTE: 20220904: Added by Front-Desk (apo) NOTE: 20220904: Many postponed or open CVE in general. (apo) NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee) + NOTE: 20230807: WIP package is available at g...@salsa.debian.org:lts-team/packages/samba.git + NOTE: 20230807: in the branch "lgarrett/2023-02-23-debian/buster-proposed" + NOTE: 20230807: functional test framework is however needed (WIP) as most + NOTE: 20230807: CVEs/bugfixes don't have test coverage. -- sox NOTE: 20230731: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c74cec47db7b35e640acbdc5adf33784ed37d82c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c74cec47db7b35e640acbdc5adf33784ed37d82c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim samba
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: c0ecdceb by Lee Garrett at 2023-06-27T16:02:58+02:00 Reclaim samba - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -226,7 +226,7 @@ salt NOTE: 20220814: I am not sure, whether it is possible to fix issues NOTE: 20220814: without backporting a newer verion. (Anton) -- -samba +samba (Lee Garrett) NOTE: 20220904: Added by Front-Desk (apo) NOTE: 20220904: Many postponed or open CVE in general. (apo) NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ecdceb44acc4640beb32419822c8576e7f34af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ecdceb44acc4640beb32419822c8576e7f34af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim samba again (lee)
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 7fda9d6a by Lee Garrett at 2023-05-29T16:17:18+02:00 Reclaim samba again (lee) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -204,7 +204,7 @@ salt NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/salt.html NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/salt.git -- -samba +samba (Lee Garrett) NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/samba.git NOTE: 20220904: Special attention: High popcon! Used in many servers. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fda9d6a2be2bd3ad410808f339e44837d149823 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fda9d6a2be2bd3ad410808f339e44837d149823 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim samba again (lee)
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 43126be0 by Lee Garrett at 2023-03-23T17:47:51+01:00 Reclaim samba again (lee) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -294,11 +294,12 @@ salt NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/salt.html NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/salt.git -- -samba +samba (Lee Garrett) NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/samba.git NOTE: 20220904: Special attention: High popcon! Used in many servers. NOTE: 20220904: Many postponed or open CVE in general. (apo) + NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee) -- sssd NOTE: 20230131: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43126be062e2f483bd21533b8ca1fc1aed6f8785 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43126be062e2f483bd21533b8ca1fc1aed6f8785 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3351-1 for apache2
Lee Garrett pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f2f77ff7 by Lee Garrett at 2023-03-03T15:45:45+01:00
Reserve DLA-3351-1 for apache2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -132879,7 +132879,6 @@ CVE-2021-33194 (golang.org/x/net before
v0.0.0-20210520170846-37e1c6afe023 allow
CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation
and be for ...)
- apache2 2.4.48-4
[bullseye] - apache2 2.4.48-3.1+deb11u1
- [buster] - apache2 (Fix along with next DLA)
[stretch] - apache2 (Revisit when a suitable backport is
available for 2.4.25)
NOTE: https://portswigger.net/research/http2
NOTE:
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
(2.4.49)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[03 Mar 2023] DLA-3351-1 apache2 - security update
+ {CVE-2006-20001 CVE-2019-0215 CVE-2020-1927 CVE-2021-33193
CVE-2022-36760 CVE-2022-37436}
+ [buster] - apache2 2.4.38-3+deb10u9
[03 Mar 2023] DLA-3350-1 node-css-what - security update
{CVE-2021-33587 CVE-2022-21222}
[buster] - node-css-what 2.1.0-1+deb10u1
=
data/dla-needed.txt
=
@@ -18,12 +18,6 @@ rather than remove/replace existing ones.
NOTE: 20221231: Few users. Low prio. (opal).
NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/389-ds-base.git
--
-apache2 (Lee Garrett)
- NOTE: 20221227: Programming language: C.
- NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
- NOTE: 20221227: Special attention: Double check an update! Package is used
by many customers and users!.
- NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee)
---
ceph
NOTE: 20221031: Programming language: C++.
NOTE: 20221031: To be checked further. Not clear whether the vulnerability
can be exploited in a Debian system.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim samba in dla-needed.txt
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: c31a1ca4 by Lee Garrett at 2023-02-22T16:04:54+01:00 Claim samba in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -310,7 +310,7 @@ salt NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/salt.html NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/salt.git -- -samba +samba (Lee Garrett) NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/samba.git NOTE: 20220904: Special attention: High popcon! Used in many servers. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c31a1ca46f59649e2b6a589a7c87cdb0eb82196d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c31a1ca46f59649e2b6a589a7c87cdb0eb82196d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add comment on CVE-2019-17567 (apache2)
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 6669cad2 by Lee Garrett at 2023-02-22T15:16:30+01:00 Add comment on CVE-2019-17567 (apache2) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,6 +22,7 @@ apache2 (Lee Garrett) NOTE: 20221227: Programming language: C. NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!. + NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee) -- asterisk (Markus Koschany) NOTE: 20221211: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6669cad2cc6aad63d7522626f7e45f52aacab648 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6669cad2cc6aad63d7522626f7e45f52aacab648 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim apache2
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dba7257 by Lee Garrett at 2023-02-20T11:08:45+01:00 Reclaim apache2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,7 +23,7 @@ amanda NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/amanda.git NOTE: 20230219: Special attention: Privilege escalation. -- -apache2 +apache2 (Lee Garrett) NOTE: 20221227: Programming language: C. NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dba7257fb74b39eafa8ac44f6b9e0fd6ffd6b00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dba7257fb74b39eafa8ac44f6b9e0fd6ffd6b00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Claim apache2 and asterisk
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f4b39a3 by Lee Garrett at 2023-01-29T16:53:03+01:00 LTS: Claim apache2 and asterisk - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -17,12 +17,12 @@ rather than remove/replace existing ones. NOTE: 20221231: Programming language: C. NOTE: 20221231: Few users. Low prio. (opal). -- -apache2 +apache2 (Lee Garrett) NOTE: 20221227: Programming language: C. NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!. -- -asterisk +asterisk (Lee Garrett) NOTE: 20221211: Programming language: C. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/asterisk.git -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4b39a34213dea3ed60b3d8c0f046869a5b167a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4b39a34213dea3ed60b3d8c0f046869a5b167a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] jessie/stretch are affected by CVE-2020-10684
Lee Garrett pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d13dafbb by Lee Garrett at 2021-12-30T10:36:31+01:00
jessie/stretch are affected by CVE-2020-10684
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -123335,8 +123335,6 @@ CVE-2020-10685 (A flaw was found in Ansible Engine
affecting Ansible Engine vers
CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x
and 2.9. ...)
{DSA-4950-1}
- ansible 2.9.7+dfsg-1
- [stretch] - ansible (Vulnerable code introduced later,
'ansible_facts' variable not exposed)
- [jessie] - ansible (Vulnerable code introduced later,
'ansible_facts' variable not exposed)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
NOTE: https://github.com/ansible/ansible/pull/68431
NOTE:
https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d13dafbb914e81b33ae171206626be42b250b546
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d13dafbb914e81b33ae171206626be42b250b546
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim ansible again
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 03bf60a2 by Lee Garrett at 2021-12-29T20:54:06+01:00 Claim ansible again - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -17,7 +17,7 @@ advancecomp (Adrian Bunk) -- agg (Adrian Bunk) -- -ansible +ansible (Lee Garrett) NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03bf60a2967e5ed2be79b0c7789318a4f1a45f84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03bf60a2967e5ed2be79b0c7789318a4f1a45f84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim ansible
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: d49cf6d1 by Lee Garrett at 2021-11-28T20:35:02+01:00 Claim ansible - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,7 +13,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -ansible +ansible (Lee Garrett) NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d49cf6d193bf51658b92c6afa907caf5593060e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d49cf6d193bf51658b92c6afa907caf5593060e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Claim ansible
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d9c3eb6 by Lee Garrett at 2021-09-06T17:01:41+02:00 LTS: Claim ansible - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,7 +20,7 @@ amd64-microcode NOTE: 20210831: https://lists.debian.org/debian-lts/2021/08/msg00033.html NOTE: 20210831: needs to be fixed (Beuc) -- -ansible +ansible (Lee Garrett) NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d9c3eb642858e1356f5e785030eab54a784db7a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d9c3eb642858e1356f5e785030eab54a784db7a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim ansible
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 4711a8e1 by Lee Garrett at 2021-06-24T22:43:02+02:00 data/dla-needed.txt: Claim ansible - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,7 +13,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -ansible +ansible (Lee Garrett) NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4711a8e1d12fd43d8b26c04b2af916da26ddd5c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4711a8e1d12fd43d8b26c04b2af916da26ddd5c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
