[Git][security-tracker-team/security-tracker][master] Mark bullseye as unaffected by CVE-2021-{20180,20191}
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: bce1a0d1 by Lee Garrett at 2024-06-02T20:03:54+02:00 Mark bullseye as unaffected by CVE-2021-{20180,20191} bullseye was released with the patched code. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -261894,7 +261894,7 @@ CVE-2021-20192 CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...) {DLA-3695-1} - ansible 5.4.0-1 (bug #985753) - [bullseye] - ansible (Minor issue) + [bullseye] - ansible (vulnerable code not present) [stretch] - ansible (EOL'd for stretch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813 NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227 @@ -261933,7 +261933,7 @@ CVE-2021-20181 (A race condition flaw was found in the 9pfs server implementatio NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305 CVE-2021-20180 (A flaw was found in ansible module where credentials are disclosed in ...) - ansible 5.4.0-1 (bug #985753) - [bullseye] - ansible (Minor issue) + [bullseye] - ansible (vulnerable code not present) [buster] - ansible (code introduced later) [stretch] - ansible (code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915808 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce1a0d122eff9df95cdcad02d6a903e4fff6a7f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce1a0d122eff9df95cdcad02d6a903e4fff6a7f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark bullseye as unaffected by CVE-2021-20178
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 9080069a by Lee Garrett at 2024-06-02T19:44:58+02:00 Mark bullseye as unaffected by CVE-2021-20178 The patch was always present in the bullseye release, see https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -261945,7 +261945,7 @@ CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully c CVE-2021-20178 (A flaw was found in ansible module where credentials are disclosed in ...) {DLA-3695-1} - ansible 5.4.0-1 (bug #985753) - [bullseye] - ansible (Minor issue) + [bullseye] - ansible (Vulnerable code not present) [stretch] - ansible (EOL'd for stretch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774 NOTE: https://github.com/ansible-collections/community.general/pull/1621 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9080069ae6600fa963f8f1416c8306eff10ab55a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9080069ae6600fa963f8f1416c8306eff10ab55a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add note about bookworm-proposed-update for ansible(-core)
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 59be7188 by Lee Garrett at 2024-05-01T17:51:12+02:00 add note about bookworm-proposed-update for ansible(-core) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,6 +29,7 @@ ansible (Lee Garrett) NOTE: 20231217: Begin to triage CVEs (rouca) NOTE: 20231217: Triaging done a few mail send upstream for claryfication purposes (rouca) NOTE: 20231228: Made a partial release DLA-3695-1 (rouca), waiting for lee + NOTE: 20240501: Update for bookworm-proposed-update: #1070193 (lee) -- apache2 (debian) NOTE: 20240418: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59be7188320e27ccfcfde9661413965d15f39077 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59be7188320e27ccfcfde9661413965d15f39077 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim apache2 in dla-needed.txt
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ec5d605 by Lee Garrett at 2024-04-29T21:10:44+02:00 LTS: claim apache2 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -30,7 +30,7 @@ ansible (Lee Garrett) NOTE: 20231217: Triaging done a few mail send upstream for claryfication purposes (rouca) NOTE: 20231228: Made a partial release DLA-3695-1 (rouca), waiting for lee -- -apache2 +apache2 (debian) NOTE: 20240418: Added by Front-Desk (apo) -- astropy (Chris Lamb) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ec5d6057e214fb4c997623ba2f6e4c480ceac9e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ec5d6057e214fb4c997623ba2f6e4c480ceac9e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim ansible in dla-needed.txt
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: ebd070b6 by Lee Garrett at 2024-04-17T16:35:03+02:00 LTS: claim ansible in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,7 +21,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -ansible +ansible (debian) NOTE: 20231202: Added by Front-Desk (Beuc) NOTE: 20231202: Supported package, but there's a CVE backlog, and no updates since 2021 NOTE: 20231202: (neither in LTS nor in stable/oldstable), so this is an opportunity to View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebd070b6143d1f01e7f11713ea2ada6a4d430021 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebd070b6143d1f01e7f11713ea2ada6a4d430021 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim samba
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: c57cad5e by Lee Garrett at 2023-10-31T16:44:45+01:00 Claim samba - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -213,7 +213,7 @@ salt NOTE: 20230928: will need python3-attr (>= 19.1) may from buster-backport ? or vendored ? NOTE: 20230928: see https://lists.debian.org/debian-lts/2023/09/msg00033.html -- -samba +samba (Lee Garrett) NOTE: 20230918: Added by Front-Desk (apo) -- suricata View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c57cad5e0644eb1172e8369dacdcfe8d6dae3eb4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c57cad5e0644eb1172e8369dacdcfe8d6dae3eb4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3563-1 for samba
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: b6f16251 by Lee Garrett at 2023-09-12T17:58:04+02:00 Reserve DLA-3563-1 for samba - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -276110,7 +276110,6 @@ CVE-2019-19345 (A vulnerability was found in all openshift/mediawiki-apb 4.x.x v NOT-FOR-US: openshift CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...) - samba 2:4.11.5+dfsg-1 (bug #950499) - [buster] - samba (Minor issue) [stretch] - samba (Only affects Samba 4.9 onwards) [jessie] - samba (Only affects Samba 4.9 onwards) NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html @@ -292162,7 +292161,6 @@ CVE-2019-14908 CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...) {DLA-2668-1} - samba 2:4.11.5+dfsg-1 - [buster] - samba (Minor issue) [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...) @@ -292187,7 +292185,6 @@ CVE-2019-14903 CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...) {DLA-2668-1} - samba 2:4.11.5+dfsg-1 - [buster] - samba (Minor issue) [jessie] - samba (difficult and risky backport to 4.2 in jessie) NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html NOTE: Workaround: Use of 'samba-tool drs replicate $DC1 $DC2 $NC --full-sync' will @@ -292502,7 +292499,6 @@ CVE-2019-14848 CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...) {DLA-2668-1} - samba 2:4.11.0+dfsg-6 - [buster] - samba (Minor issue) [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, an ...) @@ -292547,7 +292543,6 @@ CVE-2019-14834 (A vulnerability was found in dnsmasq before version 2.81, where CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0 before sa ...) {DLA-2668-1} - samba 2:4.11.1+dfsg-2 - [buster] - samba (Minor issue) [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14833.html CVE-2019-14832 (A flaw was found in the Keycloak REST API before version 8.0.0 where i ...) @@ -307015,7 +307010,6 @@ CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml v CVE-2019-10218 (A flaw was found in the samba client, all samba versions before samba ...) {DLA-2668-1} - samba 2:4.11.1+dfsg-2 - [buster] - samba (Minor issue) [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-10218.html CVE-2019-10217 (A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensit ...) @@ -465836,7 +465830,6 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa CVE-2016-2124 (A flaw was found in the way samba implemented SMB1 authentication. An ...) {DSA-5003-1} - samba 2:4.13.14+dfsg-1 - [buster] - samba (Minor issue) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444 NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine n ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Sep 2023] DLA-3563-1 samba - security update + {CVE-2016-2124 CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 CVE-2019-14902 CVE-2019-14907 CVE-2019-19344} + [buster] - samba 2:4.9.5+dfsg-5+deb10u4 [12 Sep 2023] DLA-3562-1 orthanc - security update {CVE-2023-33466} [buster] - orthanc 1.5.6+dfsg-1+deb10u1 = data/dla-needed.txt = @@ -227,16 +227,6 @@ salt NOTE: 20230720: https://docs.saltproject.io/en/master/topics/releases/3002.html#execution-module-changes NOTE: 20230720: Last but not least salt is not present in stable/testing (rouca) -- -samba - NOTE: 20220904: Added by Front-Desk (apo) - NOTE: 20220904: Many postponed or open CVE in general. (apo) - NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee) - NOTE: 20230807: WIP package is available at g...@salsa.debian.org:lts-team/packages/samba.git - NOTE: 20230807: in the branch "lgarrett/2023-02-23-debian/buster-proposed" - NOTE: 20230807: functional test framework is however needed (WIP) as most - NOTE: 20230807:
[Git][security-tracker-team/security-tracker][master] Reclaim samba and add status update
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: c74cec47 by Lee Garrett at 2023-08-07T19:32:44+02:00 Reclaim samba and add status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -182,10 +182,14 @@ salt NOTE: 20230720: https://docs.saltproject.io/en/master/topics/releases/3002.html#execution-module-changes NOTE: 20230720: Last but not least salt is not present in stable/testing (rouca) -- -samba +samba (Lee Garrett) NOTE: 20220904: Added by Front-Desk (apo) NOTE: 20220904: Many postponed or open CVE in general. (apo) NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee) + NOTE: 20230807: WIP package is available at g...@salsa.debian.org:lts-team/packages/samba.git + NOTE: 20230807: in the branch "lgarrett/2023-02-23-debian/buster-proposed" + NOTE: 20230807: functional test framework is however needed (WIP) as most + NOTE: 20230807: CVEs/bugfixes don't have test coverage. -- sox NOTE: 20230731: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c74cec47db7b35e640acbdc5adf33784ed37d82c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c74cec47db7b35e640acbdc5adf33784ed37d82c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim samba
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: c0ecdceb by Lee Garrett at 2023-06-27T16:02:58+02:00 Reclaim samba - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -226,7 +226,7 @@ salt NOTE: 20220814: I am not sure, whether it is possible to fix issues NOTE: 20220814: without backporting a newer verion. (Anton) -- -samba +samba (Lee Garrett) NOTE: 20220904: Added by Front-Desk (apo) NOTE: 20220904: Many postponed or open CVE in general. (apo) NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ecdceb44acc4640beb32419822c8576e7f34af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ecdceb44acc4640beb32419822c8576e7f34af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim samba again (lee)
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 7fda9d6a by Lee Garrett at 2023-05-29T16:17:18+02:00 Reclaim samba again (lee) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -204,7 +204,7 @@ salt NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/salt.html NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/salt.git -- -samba +samba (Lee Garrett) NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/samba.git NOTE: 20220904: Special attention: High popcon! Used in many servers. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fda9d6a2be2bd3ad410808f339e44837d149823 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fda9d6a2be2bd3ad410808f339e44837d149823 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim samba again (lee)
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 43126be0 by Lee Garrett at 2023-03-23T17:47:51+01:00 Reclaim samba again (lee) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -294,11 +294,12 @@ salt NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/salt.html NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/salt.git -- -samba +samba (Lee Garrett) NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/samba.git NOTE: 20220904: Special attention: High popcon! Used in many servers. NOTE: 20220904: Many postponed or open CVE in general. (apo) + NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee) -- sssd NOTE: 20230131: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43126be062e2f483bd21533b8ca1fc1aed6f8785 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43126be062e2f483bd21533b8ca1fc1aed6f8785 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3351-1 for apache2
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: f2f77ff7 by Lee Garrett at 2023-03-03T15:45:45+01:00 Reserve DLA-3351-1 for apache2 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -132879,7 +132879,6 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...) - apache2 2.4.48-4 [bullseye] - apache2 2.4.48-3.1+deb11u1 - [buster] - apache2 (Fix along with next DLA) [stretch] - apache2 (Revisit when a suitable backport is available for 2.4.25) NOTE: https://portswigger.net/research/http2 NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c (2.4.49) = data/DLA/list = @@ -1,3 +1,6 @@ +[03 Mar 2023] DLA-3351-1 apache2 - security update + {CVE-2006-20001 CVE-2019-0215 CVE-2020-1927 CVE-2021-33193 CVE-2022-36760 CVE-2022-37436} + [buster] - apache2 2.4.38-3+deb10u9 [03 Mar 2023] DLA-3350-1 node-css-what - security update {CVE-2021-33587 CVE-2022-21222} [buster] - node-css-what 2.1.0-1+deb10u1 = data/dla-needed.txt = @@ -18,12 +18,6 @@ rather than remove/replace existing ones. NOTE: 20221231: Few users. Low prio. (opal). NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git -- -apache2 (Lee Garrett) - NOTE: 20221227: Programming language: C. - NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git - NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!. - NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee) --- ceph NOTE: 20221031: Programming language: C++. NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f77ff74b00362432d4aa36f3a23c9251fadbe2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim samba in dla-needed.txt
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: c31a1ca4 by Lee Garrett at 2023-02-22T16:04:54+01:00 Claim samba in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -310,7 +310,7 @@ salt NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/salt.html NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/salt.git -- -samba +samba (Lee Garrett) NOTE: 20220904: Programming language: C. NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/samba.git NOTE: 20220904: Special attention: High popcon! Used in many servers. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c31a1ca46f59649e2b6a589a7c87cdb0eb82196d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c31a1ca46f59649e2b6a589a7c87cdb0eb82196d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add comment on CVE-2019-17567 (apache2)
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 6669cad2 by Lee Garrett at 2023-02-22T15:16:30+01:00 Add comment on CVE-2019-17567 (apache2) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,6 +22,7 @@ apache2 (Lee Garrett) NOTE: 20221227: Programming language: C. NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!. + NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee) -- asterisk (Markus Koschany) NOTE: 20221211: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6669cad2cc6aad63d7522626f7e45f52aacab648 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6669cad2cc6aad63d7522626f7e45f52aacab648 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim apache2
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dba7257 by Lee Garrett at 2023-02-20T11:08:45+01:00 Reclaim apache2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,7 +23,7 @@ amanda NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/amanda.git NOTE: 20230219: Special attention: Privilege escalation. -- -apache2 +apache2 (Lee Garrett) NOTE: 20221227: Programming language: C. NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dba7257fb74b39eafa8ac44f6b9e0fd6ffd6b00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dba7257fb74b39eafa8ac44f6b9e0fd6ffd6b00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Claim apache2 and asterisk
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f4b39a3 by Lee Garrett at 2023-01-29T16:53:03+01:00 LTS: Claim apache2 and asterisk - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -17,12 +17,12 @@ rather than remove/replace existing ones. NOTE: 20221231: Programming language: C. NOTE: 20221231: Few users. Low prio. (opal). -- -apache2 +apache2 (Lee Garrett) NOTE: 20221227: Programming language: C. NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!. -- -asterisk +asterisk (Lee Garrett) NOTE: 20221211: Programming language: C. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/asterisk.git -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4b39a34213dea3ed60b3d8c0f046869a5b167a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4b39a34213dea3ed60b3d8c0f046869a5b167a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] jessie/stretch are affected by CVE-2020-10684
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: d13dafbb by Lee Garrett at 2021-12-30T10:36:31+01:00 jessie/stretch are affected by CVE-2020-10684 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -123335,8 +123335,6 @@ CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine vers CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...) {DSA-4950-1} - ansible 2.9.7+dfsg-1 - [stretch] - ansible (Vulnerable code introduced later, 'ansible_facts' variable not exposed) - [jessie] - ansible (Vulnerable code introduced later, 'ansible_facts' variable not exposed) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519 NOTE: https://github.com/ansible/ansible/pull/68431 NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d13dafbb914e81b33ae171206626be42b250b546 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d13dafbb914e81b33ae171206626be42b250b546 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim ansible again
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 03bf60a2 by Lee Garrett at 2021-12-29T20:54:06+01:00 Claim ansible again - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -17,7 +17,7 @@ advancecomp (Adrian Bunk) -- agg (Adrian Bunk) -- -ansible +ansible (Lee Garrett) NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03bf60a2967e5ed2be79b0c7789318a4f1a45f84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03bf60a2967e5ed2be79b0c7789318a4f1a45f84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim ansible
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: d49cf6d1 by Lee Garrett at 2021-11-28T20:35:02+01:00 Claim ansible - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,7 +13,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -ansible +ansible (Lee Garrett) NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d49cf6d193bf51658b92c6afa907caf5593060e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d49cf6d193bf51658b92c6afa907caf5593060e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Claim ansible
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d9c3eb6 by Lee Garrett at 2021-09-06T17:01:41+02:00 LTS: Claim ansible - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,7 +20,7 @@ amd64-microcode NOTE: 20210831: https://lists.debian.org/debian-lts/2021/08/msg00033.html NOTE: 20210831: needs to be fixed (Beuc) -- -ansible +ansible (Lee Garrett) NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d9c3eb642858e1356f5e785030eab54a784db7a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d9c3eb642858e1356f5e785030eab54a784db7a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim ansible
Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker Commits: 4711a8e1 by Lee Garrett at 2021-06-24T22:43:02+02:00 data/dla-needed.txt: Claim ansible - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,7 +13,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -ansible +ansible (Lee Garrett) NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4711a8e1d12fd43d8b26c04b2af916da26ddd5c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4711a8e1d12fd43d8b26c04b2af916da26ddd5c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits