[Git][security-tracker-team/security-tracker][master] Add squid3 to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: a0a7e747 by Markus Koschany at 2018-11-01T20:56:58Z Add squid3 to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -77,6 +77,9 @@ smarty3 (Mike Gabriel) -- spamassassin (Antoine Beaupre) -- +squid3 + NOTE:20181101: consider fixing no-dsa issues too. (apo) +-- symfony (Thorsten Alteholz) -- systemd View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0a7e7474c8c2fffa32fe600093ed34864433abc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0a7e7474c8c2fffa32fe600093ed34864433abc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-16840,curl: Jessie is not affected.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 64b24959 by Markus Koschany at 2018-11-01T20:46:03Z CVE-2018-16840,curl: Jessie is not affected. Vulnerable code was introduced later. - - - - - 4c4be79f by Markus Koschany at 2018-11-01T20:46:49Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4944,6 +4944,7 @@ CVE-2018-16841 CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59.0 ...) - curl 7.62.0-1 [stretch] - curl (Use-after-free issue introduced later) + [jessie] - curl (Use-after-free issue introduced later) NOTE: https://curl.haxx.se/docs/CVE-2018-16840.html NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a16934ea83ff06d66c4e3fd410b2d268c6953457...4c4be79fb8ff7a5166529c95bc2d548364671a54 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a16934ea83ff06d66c4e3fd410b2d268c6953457...4c4be79fb8ff7a5166529c95bc2d548364671a54 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add openssl to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 12cce199 by Markus Koschany at 2018-11-01T20:41:25Z Add openssl to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -65,6 +65,8 @@ openjpeg2 (Hugo Lefeuvre) NOTE: to approve CVE-2017-17480 before upload. NOTE: had in depth investigations for CVE-2018-5727, see upstream bug report -- +openssl +-- qemu (Santiago) NOTE: 20181026: no fix yet for recent dsa issues, but start working on NOTE: pending no-dsa issues View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12cce1993f931e71fc20c708553883cee7920650 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12cce1993f931e71fc20c708553883cee7920650 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-16789:shellinabox, no-dsa for Jessie, minor issue.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c0ddf2e by Markus Koschany at 2018-11-01T20:38:14Z CVE-2018-16789:shellinabox, no-dsa for Jessie, minor issue. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5111,6 +5111,7 @@ CVE-2018-16789 [nfinite loop due to malformed request payload] RESERVED - shellinabox 2.21 (low) [stretch] - shellinabox (Minor issue) + [jessie] - shellinabox (Minor issue) NOTE: https://github.com/shellinabox/shellinabox/pull/446 CVE-2018-16788 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c0ddf2e37c66a3f49ff53654d0492220ee54dff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c0ddf2e37c66a3f49ff53654d0492220ee54dff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-15688,network-manager: Jessie is not affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 1244c206 by Markus Koschany at 2018-11-01T20:31:49Z CVE-2018-15688,network-manager: Jessie is not affected The vulnerable code does not exist in this version. The systemd files were imported for the first time in April 2015. https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/src/systemd/src/libsystemd-network/dhcp6-option.c?id=8af18182f3bf55270aadc83f32c518935d553a2a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7897,6 +7897,7 @@ CVE-2018-15689 CVE-2018-15688 (A buffer overflow vulnerability in the dhcp6 client of systemd allows ...) - network-manager 1.14.4-2 [stretch] - network-manager (Minor issue; internal dhcp implementation not used by default) + [jessie] - network-manager (vulnerable code not present) - systemd 239-11 (bug #912008) [stretch] - systemd (Minor issue; not enabled by default in Debian, will be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1639067 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1244c206e8c176b2a74d59b815d717cf479edaf9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1244c206e8c176b2a74d59b815d717cf479edaf9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add systemd to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a5244c1 by Markus Koschany at 2018-11-01T20:05:31Z Add systemd to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -77,6 +77,10 @@ spamassassin (Antoine Beaupre) -- symfony (Thorsten Alteholz) -- +systemd + NOTE: 20181101: I recommend to fix all open issues including the postponed + NOTE: ones, too. (apo) +-- tiff -- thunderbird View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a5244c101f70c0d6c352988f5ae1adc03dda6b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a5244c101f70c0d6c352988f5ae1adc03dda6b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] glusterfs, link to fixing commits
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: f29af771 by Markus Koschany at 2018-11-01T17:51:15Z glusterfs,link to fixing commits - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10308,6 +10308,7 @@ CVE-2018-14661 (It was found that usage of snprintf function in feature/locks .. - glusterfs NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880 + NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/ CVE-2018-14660 RESERVED - glusterfs @@ -10317,6 +10318,7 @@ CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vuln - glusterfs NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929 + NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/ CVE-2018-14658 RESERVED CVE-2018-14657 @@ -10332,10 +10334,13 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a - glusterfs NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576 + NOTE: https://review.gluster.org/#/c/glusterfs/+/21534/ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...) - glusterfs NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431 + NOTE: https://review.gluster.org/#/c/glusterfs/+/21528/ + NOTE: https://review.gluster.org/#/c/glusterfs/+/21529/ CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...) - glusterfs NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 @@ -10345,6 +10350,7 @@ CVE-2018-14651 (It was found that the fix for CVE-2018-10927, CVE-2018-10928, .. [stretch] - glusterfs (Incomplete fixes for CVE-2018-109{26,27,28,29,30} not applied) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632557 + NOTE: https://review.gluster.org/#/c/glusterfs/+/21527/ CVE-2018-14650 (It was discovered that sos-collector does not properly set the default ...) NOT-FOR-US: sos-collector (not same as sosreport itself, additional tool to sosreport) CVE-2018-14649 (It was found that ceph-isci-cli package as shipped by Red Hat Ceph ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f29af771d80b6224a64acb65895d052fd88ebaab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f29af771d80b6224a64acb65895d052fd88ebaab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2009-0689,mono: Remove no-dsa tag.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b1db4cbb by Markus Koschany at 2018-11-01T16:56:08Z CVE-2009-0689,mono: Remove no-dsa tag. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -262141,7 +262141,6 @@ CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka . - kde4libs 4:4.3.4-1 (medium; bug #559266) [lenny] - kde4libs (Only uses by a few packages in Lenny, hardly any attack vector) - mono 4.2.1.102+dfsg2-4 - [jessie] - mono (Minor issue) [wheezy] - mono (Minor issue) NOTE: http://www.mono-project.com/docs/about-mono/vulnerabilities/ NOTE: https://gist.github.com/directhex/01e853567fd2cc74ed39 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1db4cbbca37a95ef64a25b7f85f30ae5ac09a0f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1db4cbbca37a95ef64a25b7f85f30ae5ac09a0f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1564-1 for mono
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c4bfa30 by Markus Koschany at 2018-11-01T16:55:35Z Reserve DLA-1564-1 for mono - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[01 Nov 2018] DLA-1564-1 mono - security update + {CVE-2009-0689} + [jessie] - mono 3.2.8+dfsg-10+deb8u1 [01 Nov 2018] DLA-1563-1 tzdata - update [jessie] - tzdata 2018g-0+deb8u1 [31 Oct 2018] DLA-1562-1 poppler - security update = data/dla-needed.txt = @@ -52,9 +52,6 @@ linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) -- -mono (Markus Koschany) - NOTE: 20181031: Waiting for upstream response for CVE-2018-1002208. (apo) --- mysql-5.5 (Roberto C. Sánchez) -- nsis (Thorsten Alteholz) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c4bfa30e674b6d7eede5b4073a99717d8f4234d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c4bfa30e674b6d7eede5b4073a99717d8f4234d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add tiff to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 786a523d by Markus Koschany at 2018-10-31T21:37:37Z Add tiff to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -80,6 +80,8 @@ spamassassin (Antoine Beaupre) -- symfony (Thorsten Alteholz) -- +tiff +-- thunderbird -- tzdata (Santiago) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/786a523d0b4f623796f684515c1e48481bbf4c1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/786a523d0b4f623796f684515c1e48481bbf4c1d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE/list: Link to upstream comment about CVE-2018-1002208
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 45becf37 by Markus Koschany at 2018-10-31T20:15:16Z CVE/list: Link to upstream comment about CVE-2018-1002208 - - - - - 708e6cda by Markus Koschany at 2018-10-31T20:16:17Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10552,6 +10552,7 @@ CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversa - mono-reference-assemblies (unimportant) NOTE: https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247 NOTE: https://github.com/icsharpcode/SharpZipLib/issues/232 + NOTE: https://github.com/mono/mono/issues/11492 CVE-2018-1002207 (mholt/archiver golang package before ...) NOT-FOR-US: golang-github-mholt-archiver CVE-2018-1002206 (SharpCompress before 0.21.0 is vulnerable to directory traversal, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2bf1a0cd576c12ac6d5cf9494a374c6ec80d3ed7...708e6cdaf65296ddc3c5b0f77d0e38655f0c1376 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2bf1a0cd576c12ac6d5cf9494a374c6ec80d3ed7...708e6cdaf65296ddc3c5b0f77d0e38655f0c1376 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla-needed.txt: Add NOTE for mono.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 4361c628 by Markus Koschany at 2018-10-31T19:55:57Z dla-needed.txt: Add NOTE for mono. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -53,6 +53,7 @@ linux (Ben Hutchings) linux-4.9 (Ben Hutchings) -- mono (Markus Koschany) + NOTE: 20181031: Waiting for upstream response for CVE-2018-1002208. (apo) -- mysql-5.5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4361c6289c51e5cd9786a6f0e635fbce54d32ae7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4361c6289c51e5cd9786a6f0e635fbce54d32ae7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim glusterfs in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 417f4d3d by Markus Koschany at 2018-10-31T19:54:54Z Claim glusterfs in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -25,6 +25,8 @@ firefox-esr firmware-nonfree (Ben Hutchings) NOTE: Waiting for approval of Stretch update. -- +glusterfs (Markus Koschany) +-- imagemagick (Thorsten Alteholz) NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled formats NOTE: 20181023: wait with upload until this is done in unstable -> #907336 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/417f4d3d20a3e55146d87710b781704664753a03 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/417f4d3d20a3e55146d87710b781704664753a03 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Unlock the packages claimed by Emilio as discussed on our team mailing list.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 11e9b10a by Markus Koschany at 2018-10-31T12:53:28Z Unlock the packages claimed by Emilio as discussed on our team mailing list. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -18,7 +18,7 @@ cairo enigmail (Antoine Beaupre) NOTE: 20180926: see 871s9fps8e@curie.anarc.at before working on this (anarcat) -- -firefox-esr (Emilio Pozuelo) +firefox-esr NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- @@ -52,13 +52,13 @@ mono (Markus Koschany) -- mupdf (Abhijith pa) -- -mysql-5.5 (Emilio Pozuelo) +mysql-5.5 -- nsis (Thorsten Alteholz) NOTE: 20181007: Windows installer, but issue was reported by gpg4win so NOTE: 20181007: likely affects UNIX systems. (Chris Lamb) -- -openjdk-7 (Emilio Pozuelo) +openjdk-7 -- openjpeg2 (Hugo Lefeuvre) NOTE: 20181022: wrote patches for CVE-2018-5785 and CVE-2017-17480, waiting for upstream @@ -84,7 +84,7 @@ spamassassin (Antoine Beaupre) -- symfony (Thorsten Alteholz) -- -thunderbird (Emilio Pozuelo) +thunderbird -- xen -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11e9b10a353c0e0d1278ea276151fb25a14c2cb2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11e9b10a353c0e0d1278ea276151fb25a14c2cb2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-18541,teeworlds: Fixed in unstable.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f38313e by Markus Koschany at 2018-10-27T17:44:54Z CVE-2018-18541,teeworlds: Fixed in unstable. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -375,7 +375,7 @@ CVE-2018-18540 (TeaKKi 2.7 allows XSS via a crafted onerror attribute for a pict CVE-2018-18539 RESERVED CVE-2018-18541 (In Teeworlds before 0.6.5, connection packets could be forged. There ...) - - teeworlds (bug #911487) + - teeworlds 0.7.0-1 (bug #911487) [jessie] - teeworlds (Not supported in jessie LTS) NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=12544 NOTE: https://github.com/teeworlds/teeworlds/issues/1536 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f38313e2d0a2f23a6a97a8527078f63e86cf20e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f38313e2d0a2f23a6a97a8527078f63e86cf20e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Let Ben handle firmware-nonfree in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b711317 by Markus Koschany at 2018-10-24T15:34:39Z Let Ben handle firmware-nonfree in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,9 +22,8 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- -firmware-nonfree (Markus Koschany) - NOTE: Perhaps this should be handled by or at least coordinated with Ben - NOTE: Hutchings. The stretch-pu might be a good place to start the update. +firmware-nonfree (Ben Hutchings) + NOTE: Waiting for approval of Stretch update. -- gnutls28 (Antoine Beaupre) NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (Chris Lamb) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b711317466645cf406ac30551ab9c78d0199c06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b711317466645cf406ac30551ab9c78d0199c06 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim firmware-nonfree in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 15a74bf2 by Markus Koschany at 2018-10-22T10:53:05Z Claim firmware-nonfree in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,7 +22,7 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- -firmware-nonfree +firmware-nonfree (Markus Koschany) NOTE: Perhaps this should be handled by or at least coordinated with Ben NOTE: Hutchings. The stretch-pu might be a good place to start the update. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15a74bf22688b544c48e58be8f2f0d40ce7c421f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15a74bf22688b544c48e58be8f2f0d40ce7c421f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1552-1 for ghostscript
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: c2f2eaba by Markus Koschany at 2018-10-22T10:51:46Z Reserve DLA-1552-1 for ghostscript - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[22 Oct 2018] DLA-1552-1 ghostscript - security update + {CVE-2018-17961 CVE-2018-18073 CVE-2018-18284} + [jessie] - ghostscript 9.06~dfsg-2+deb8u11 [20 Oct 2018] DLA-1551-1 exiv2 - security update {CVE-2018-10958 CVE-2018-10999 CVE-2018-16336} [jessie] - exiv2 0.24-4.1+deb8u2 = data/dla-needed.txt = @@ -26,8 +26,6 @@ firmware-nonfree NOTE: Perhaps this should be handled by or at least coordinated with Ben NOTE: Hutchings. The stretch-pu might be a good place to start the update. -- -ghostscript (Markus Koschany) --- gnutls28 (Antoine Beaupre) NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (Chris Lamb) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2f2eaba09195a44ae8efec0a8927c5ebb0d7398 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2f2eaba09195a44ae8efec0a8927c5ebb0d7398 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-18541, teeworlds: Add links to upstream bug report and fixing commits.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d6f10b3 by Markus Koschany at 2018-10-20T22:37:56Z CVE-2018-18541,teeworlds: Add links to upstream bug report and fixing commits. Debian bug #911487 was assigned CVE-2018-18541. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,10 @@ -CVE-2018- [remote DOS by forging connection packets] +CVE-2018-18541 [remote DOS by forging connection packets] - teeworlds (bug #911487) NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=12544 + NOTE: https://github.com/teeworlds/teeworlds/issues/1536 + NOTE: https://github.com/teeworlds/teeworlds/commit/a263185571903ead01f6b351a91ea219ac9d215f + NOTE: https://github.com/teeworlds/teeworlds/commit/aababc63e1bc41672502ca6c7a1dd9f61d94 + NOTE: https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e CVE-2018-18538 RESERVED CVE-2018-18537 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d6f10b3581f06cdb7f0c6362be02cf744a69cd8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d6f10b3581f06cdb7f0c6362be02cf744a69cd8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1546-1 for moin
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: a47cba8a by Markus Koschany at 2018-10-15T20:07:55Z Reserve DLA-1546-1 for moin - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Oct 2018] DLA-1546-1 moin - security update + {CVE-2017-5934} + [jessie] - moin 1.9.8-1+deb8u2 [15 Oct 2018] DLA-1545-1 tomcat8 - security update {CVE-2018-11784} [jessie] - tomcat8 8.0.14-1+deb8u14 = data/dla-needed.txt = @@ -51,8 +51,6 @@ linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) -- -moin (Markus Koschany) --- mono (Markus Koschany) -- mysql-5.5 (Emilio Pozuelo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a47cba8a601af99418b0fe3cb01fcb63cb44ae2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a47cba8a601af99418b0fe3cb01fcb63cb44ae2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1545-1 for tomcat8
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 15077240 by Markus Koschany at 2018-10-15T15:15:04Z Reserve DLA-1545-1 for tomcat8 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Oct 2018] DLA-1545-1 tomcat8 - security update + {CVE-2018-11784} + [jessie] - tomcat8 8.0.14-1+deb8u14 [14 Oct 2018] DLA-1544-1 tomcat7 - security update {CVE-2018-11784} [jessie] - tomcat7 7.0.56-3+really7.0.91-1 = data/dla-needed.txt = @@ -92,8 +92,6 @@ symfony (Thorsten Alteholz) -- thunderbird (Emilio Pozuelo) -- -tomcat8 (Markus Koschany) --- wireshark (Thorsten Alteholz) -- xen View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/150772402aaeaa235bd7f6477f424757adf46a50 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/150772402aaeaa235bd7f6477f424757adf46a50 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Triage imagemagick for Jessie.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b48aa5dc by Markus Koschany at 2018-10-14T19:55:05Z Triage imagemagick for Jessie. - - - - - 2a1a767f by Markus Koschany at 2018-10-14T19:55:29Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -764,12 +764,14 @@ CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-r CVE-2018-18024 (In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ...) - imagemagick (low) [stretch] - imagemagick (Minor issue) + [jessie] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1337 NOTE: https://github.com/ImageMagick/ImageMagick/commit/948f1c86d649a29df08a38d2ff8b91cdf3e92b82 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/b268ce7a59440972f4476b9fd98104b6a836d971 CVE-2018-18023 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...) - imagemagick [stretch] - imagemagick (Vulnerable code not present) + [jessie] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1336 NOTE: https://github.com/ImageMagick/ImageMagick/commit/5d71e23b853461dd3628cd1218834fcf13938365 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a5db4873626f702d2ddd8bc293573493e0a412c0 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6526309ed859686fa19469392830f0221460c96b...2a1a767fc6ea89ff867fff49d5dca3f676258c11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6526309ed859686fa19469392830f0221460c96b...2a1a767fc6ea89ff867fff49d5dca3f676258c11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-17795,tiff: Mark issue as postponed for Jessie.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 96e1ee8a by Markus Koschany at 2018-10-14T19:02:42Z CVE-2018-17795,tiff: Mark issue as postponed for Jessie. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1297,6 +1297,7 @@ CVE-2018-17796 (An issue was discovered in MRCMS (aka mushroom) through 3.1.2. T NOT-FOR-US: MRCMS CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remote ...) - tiff + [jessie] - tiff (possibly a duplicate, can be revisited later) - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2816 NOTE: Seems like duplicate. Waiting info from reporter View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/96e1ee8aabf7c34ba2ce9d32f4cb6e69e9ce64eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/96e1ee8aabf7c34ba2ce9d32f4cb6e69e9ce64eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Claim moin and mono in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b9cbbccb by Markus Koschany at 2018-10-14T18:58:43Z Claim moin and mono in dla-needed.txt - - - - - 69883723 by Markus Koschany at 2018-10-14T18:59:31Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -51,6 +51,10 @@ linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) -- +moin (Markus Koschany) +-- +mono (Markus Koschany) +-- mysql-5.5 (Emilio Pozuelo) -- nsis View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/699c06133e602d603b916bdd138ada05f74db61e...698837232507bd8e624a54ee220fa6571a97c499 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/699c06133e602d603b916bdd138ada05f74db61e...698837232507bd8e624a54ee220fa6571a97c499 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Triage firmware-nonfree for Jessie."
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 01d79dd0 by Markus Koschany at 2018-10-14T18:48:36Z Revert Triage firmware-nonfree for Jessie. This reverts commit 744ef2d45a425bb5819b28196a349aaa599c6784. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61779,14 +61779,12 @@ CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w {DSA-3999-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) - [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) {DSA-3999-1 DLA-1200-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) - [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 - linux 4.13.13-1 [stretch] - linux 4.9.65-1 @@ -61797,21 +61795,18 @@ CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w {DSA-3999-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) - [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) {DSA-3999-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) - [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13077 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) {DSA-3999-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) - [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13076 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01d79dd0a6c3bc1420f9425cb3ee6133442d9e68 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01d79dd0a6c3bc1420f9425cb3ee6133442d9e68 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Triage firmware-nonfree for Jessie.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 744ef2d4 by Markus Koschany at 2018-10-14T18:43:27Z Triage firmware-nonfree for Jessie. Non-free is not supported. - - - - - 70aa5a6c by Markus Koschany at 2018-10-14T18:47:28Z Add firmware-nonfree to dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -61779,12 +61779,14 @@ CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w {DSA-3999-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) + [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) {DSA-3999-1 DLA-1200-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) + [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 - linux 4.13.13-1 [stretch] - linux 4.9.65-1 @@ -61795,18 +61797,21 @@ CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w {DSA-3999-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) + [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) {DSA-3999-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) + [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13077 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) {DSA-3999-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree (non-free not supported) + [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13076 = data/dla-needed.txt = @@ -24,6 +24,10 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- +firmware-nonfree + NOTE: Perhaps this should be handled by or at least coordinated with Ben + NOTE: Hutchings. The stretch-pu might be a good place to start the update. +-- ghostscript (Markus Koschany) -- gnutls28 (Antoine Beaupre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/921cb236033478690730f9f08452c62ebba63a38...70aa5a6cdc04b5a427261f654dbd68d7ff4fcc40 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/921cb236033478690730f9f08452c62ebba63a38...70aa5a6cdc04b5a427261f654dbd68d7ff4fcc40 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim tomcat in dla-needed.txt as discussed with Roberto via private email.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 921cb236 by Markus Koschany at 2018-10-14T18:17:08Z Claim tomcat in dla-needed.txt as discussed with Roberto via private email. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -84,7 +84,7 @@ symfony (Thorsten Alteholz) -- thunderbird (Emilio Pozuelo) -- -tomcat8 (Roberto C. Sánchez) +tomcat8 (Markus Koschany) -- wireshark (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/921cb236033478690730f9f08452c62ebba63a38 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/921cb236033478690730f9f08452c62ebba63a38 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1544-1 for tomcat7
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c717e67 by Markus Koschany at 2018-10-14T18:16:49Z Reserve DLA-1544-1 for tomcat7 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[14 Oct 2018] DLA-1544-1 tomcat7 - security update + {CVE-2018-11784} + [jessie] - tomcat7 7.0.56-3+really7.0.91-1 [10 Oct 2018] DLA-1543-1 gnulib - security update {CVE-2018-17942} [jessie] - gnulib 20140202+stable-2+deb8u1 = data/dla-needed.txt = @@ -84,8 +84,6 @@ symfony (Thorsten Alteholz) -- thunderbird (Emilio Pozuelo) -- -tomcat7 (Roberto C. Sánchez) --- tomcat8 (Roberto C. Sánchez) -- wireshark (Thorsten Alteholz) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c717e6700963c5b81c8e98ad9946fcb4c3e610e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c717e6700963c5b81c8e98ad9946fcb4c3e610e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2012-3144,glassfish: end-of-life for Jessie
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 9068a2de by Markus Koschany at 2018-10-11T21:29:19Z CVE-2012-3144,glassfish: end-of-life for Jessie This package has no real life impact. It is outdated and not used at runtime. - - - - - 1c0ba288 by Markus Koschany at 2018-10-11T21:49:05Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -210924,6 +210924,7 @@ CVE-2012-3156 (Unspecified vulnerability in the MySQL Server component in Oracle - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3155 (Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...) - glassfish (bug #692035) + [jessie] - glassfish [wheezy] - glassfish NOTE: Oracle doesn't provide any useful public information to fix the package without importing a new upstream version. CVE-2012-3154 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d...1c0ba28829e75f54ab0a01b9ab3b432bfed34031 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d...1c0ba28829e75f54ab0a01b9ab3b432bfed34031 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-18074,requests: Mark issue as postponed for Jessie
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 74a411cf by Markus Koschany at 2018-10-10T22:20:06Z CVE-2018-18074,requests: Mark issue as postponed for Jessie This can be fixed later when a more important issue arises. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -299,6 +299,7 @@ CVE-2018-18075 (WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id CVE-2018-18074 (The Requests package through 2.19.1 before 2018-09-14 for Python sends ...) - requests (low; bug #910766) [stretch] - requests (Minor issue) + [jessie] - requests (Minor issue) NOTE: https://github.com/requests/requests/issues/4716 NOTE: https://github.com/requests/requests/pull/4718 NOTE: https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74a411cf2333d4b4a2b6ed944c32706551d3032c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74a411cf2333d4b4a2b6ed944c32706551d3032c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-18020,qpdf: Mark as no-dsa for Jessie.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 10120ec1 by Markus Koschany at 2018-10-10T21:40:57Z CVE-2018-18020,qpdf: Mark as no-dsa for Jessie. Minor issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -458,6 +458,7 @@ CVE-2012-6710 (ext_find_user in eXtplorer through 2.1.2 allows remote attackers - extplorer CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and ...) - qpdf + [jessie] - qpdf (Minor issue) NOTE: https://github.com/qpdf/qpdf/issues/243 CVE-2018-1000806 REJECTED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10120ec1bfbebe46ebae562e1ca0a11776296a7f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10120ec1bfbebe46ebae562e1ca0a11776296a7f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add paramiko to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 39890f94 by Markus Koschany at 2018-10-10T21:34:06Z Add paramiko to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -56,6 +56,9 @@ openjdk-7 (Emilio Pozuelo) openjpeg2 (Hugo Lefeuvre) NOTE: 20180719: there is no patch available for the remaining CVEs -- +paramiko + NOTE: 20181010: Consider fixing no-dsa issue too. (apo) +-- phpldapadmin (Mike Gabriel) NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39890f94be5890a2e0d89519201e71b60efdf9d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39890f94be5890a2e0d89519201e71b60efdf9d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1543-1 for gnulib
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 04544cbd by Markus Koschany at 2018-10-10T20:11:26Z Reserve DLA-1543-1 for gnulib - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[10 Oct 2018] DLA-1543-1 gnulib - security update + {CVE-2018-17942} + [jessie] - gnulib 20140202+stable-2+deb8u1 [10 Oct 2018] DLA-1542-1 dnsruby - update [jessie] - dnsruby 1.54-2+deb8u1 [10 Oct 2018] DLA-1541-1 jekyll - security update = data/dla-needed.txt = @@ -24,8 +24,6 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- -gnulib (Markus Koschany) --- gnutls28 (Antoine Beaupre) NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (Chris Lamb) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04544cbd7f4b0ebef31f38801929a622a817bc8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04544cbd7f4b0ebef31f38801929a622a817bc8b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-17942,gnulib: Reference bug number
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: afa15090 by Markus Koschany at 2018-10-10T19:12:25Z CVE-2018-17942,gnulib: Reference bug number - - - - - 0ff22550 by Markus Koschany at 2018-10-10T19:12:47Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -606,7 +606,7 @@ CVE-2018-17944 CVE-2018-17943 RESERVED CVE-2018-17942 (The convert_to_decimal function in vasnprintf.c in Gnulib before ...) - - gnulib + - gnulib (bug #910757) NOTE: pspp affecting bug: https://savannah.gnu.org/bugs/?func=detailitem_id=54686 NOTE: https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html NOTE: https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/36842dfaca1f41a78bc48bf2aa53bb36f50b640c...0ff22550a46beda9fa71f89a582dd3b6fdd75d85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/36842dfaca1f41a78bc48bf2aa53bb36f50b640c...0ff22550a46beda9fa71f89a582dd3b6fdd75d85 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1540-1 for net-snmp
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 66bf129f by Markus Koschany at 2018-10-09T20:26:41Z Reserve DLA-1540-1 for net-snmp - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[09 Oct 2018] DLA-1540-1 net-snmp - security update + {CVE-2018-18065} + [jessie] - net-snmp 5.7.2.1+dfsg-1+deb8u2 [08 Oct 2018] DLA-1539-1 samba - security update {CVE-2018-10858 CVE-2018-10919} [jessie] - samba 2:4.2.14+dfsg-0+deb8u10 = data/dla-needed.txt = @@ -49,8 +49,6 @@ linux-4.9 (Ben Hutchings) -- mysql-5.5 (Emilio Pozuelo) -- -net-snmp (Markus Koschany) --- nsis NOTE: 20181007: Windows installer, but issue was reported by gpg4win so NOTE: 20181007: likely affects UNIX systems. (Chris Lamb) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66bf129f634f5dd30afbbfd9fbb038564866dc5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66bf129f634f5dd30afbbfd9fbb038564866dc5e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-18065,net-snmp: Link to exploit
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b025923 by Markus Koschany at 2018-10-09T19:23:27Z CVE-2018-18065,net-snmp: Link to exploit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,6 +13,7 @@ CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 ha NOTE: same commit. CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has ...) - net-snmp (bug #910638) + NOTE: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos NOTE: https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write during ...) - cairo View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b02592336f6f125f9ce7bcb8e709f99194c7b80 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b02592336f6f125f9ce7bcb8e709f99194c7b80 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim net-snmp in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 8558ea72 by Markus Koschany at 2018-10-09T15:28:52Z Claim net-snmp in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,6 +49,8 @@ linux-4.9 (Ben Hutchings) -- mysql-5.5 (Emilio Pozuelo) -- +net-snmp (Markus Koschany) +-- nsis NOTE: 20181007: Windows installer, but issue was reported by gpg4win so NOTE: 20181007: likely affects UNIX systems. (Chris Lamb) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8558ea72c2afc110506ca9f4c750b0ea82cf7174 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8558ea72c2afc110506ca9f4c750b0ea82cf7174 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark open tcpreplay issues as no-dsa for Jessie.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: df8f7e73 by Markus Koschany at 2018-10-09T15:26:22Z Mark open tcpreplay issues as no-dsa for Jessie. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -243,6 +243,7 @@ CVE-2018-17975 CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer ...) - tcpreplay (bug #910598) [stretch] - tcpreplay (Minor issue) + [jessie] - tcpreplay (Minor issue) NOTE: https://github.com/appneta/tcpreplay/issues/486 CVE-2018-17973 RESERVED @@ -1085,6 +1086,7 @@ CVE-2018-17583 CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The ...) - tcpreplay (bug #910597) [stretch] - tcpreplay (Minor issue) + [jessie] - tcpreplay (Minor issue) NOTE: https://github.com/appneta/tcpreplay/issues/484 CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has ...) - exiv2 (low; bug #910060) @@ -1093,6 +1095,7 @@ CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 CVE-2018-17580 (A heap-based buffer over-read exists in the function fast_edit_packet() ...) - tcpreplay (bug #910596) [stretch] - tcpreplay (Minor issue) + [jessie] - tcpreplay (Minor issue) NOTE: https://github.com/appneta/tcpreplay/issues/485 CVE-2018-17579 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df8f7e739047389eaaba54435e5370bdb767db22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df8f7e739047389eaaba54435e5370bdb767db22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-17883,otrs2: Jessie is not affected.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f2689f4 by Markus Koschany at 2018-10-09T15:02:55Z CVE-2018-17883,otrs2: Jessie is not affected. Only affects 6.x releases. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -442,6 +442,7 @@ CVE-2018-17883 RESERVED - otrs2 6.0.12-1 [stretch] - otrs2 (Only affects 6.x) + [jessie] - otrs2 (Only affects 6.x) NOTE: https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/ NOTE: https://github.com/OTRS/otrs/commit/40bbcc261a77c2f4c0383658cd99c07d577179ce CVE-2018-18021 (arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f2689f4b291bce8f020cb5892d6f8e813dc499a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f2689f4b291bce8f020cb5892d6f8e813dc499a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim gnulib in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ccefd53 by Markus Koschany at 2018-10-09T14:33:45Z Claim gnulib in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -24,6 +24,8 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- +gnulib (Markus Koschany) +-- gnutls28 (Antoine Beaupre) NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (Chris Lamb) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ccefd531f93682f821e497c7c08e6dd69ab1d57 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ccefd531f93682f821e497c7c08e6dd69ab1d57 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1537-1 for php-horde-kronolith
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d2a559b by Markus Koschany at 2018-10-07T20:24:33Z Reserve DLA-1537-1 for php-horde-kronolith - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[07 Oct 2018] DLA-1537-1 php-horde-kronolith - security update + {CVE-2017-16906} + [jessie] - php-horde-kronolith 4.2.2-4+deb8u1 [07 Oct 2018] DLA-1536-1 php-horde-core - security update {CVE-2017-16907} [jessie] - php-horde-core 2.15.0+debian0-1+deb8u2 = data/dla-needed.txt = @@ -56,8 +56,6 @@ openjdk-7 (Emilio Pozuelo) openjpeg2 (Hugo Lefeuvre) NOTE: 20180719: there is no patch available for the remaining CVEs -- -php-horde-kronolith (Markus Koschany) --- phpldapadmin (Mike Gabriel) NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d2a559b268fc98fe4b20ce4fb823fdebb5881e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d2a559b268fc98fe4b20ce4fb823fdebb5881e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1535-1 for php-horde
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: dabf81d3 by Markus Koschany at 2018-10-07T20:21:08Z Reserve DLA-1535-1 for php-horde - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[07 Oct 2018] DLA-1535-1 php-horde - security update + {CVE-2017-16907} + [jessie] - php-horde 5.2.1+debian0-2+deb8u4 [07 Oct 2018] DLA-1534-1 adplug - security update {CVE-2018-17825} [jessie] - adplug 2.2.1+dfsg3-0.1+deb8u1 = data/dla-needed.txt = @@ -56,8 +56,6 @@ openjdk-7 (Emilio Pozuelo) openjpeg2 (Hugo Lefeuvre) NOTE: 20180719: there is no patch available for the remaining CVEs -- -php-horde (Markus Koschany) --- php-horde-core (Markus Koschany) -- php-horde-kronolith (Markus Koschany) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dabf81d308d9840caa0aaeb24346ed7cb3336a61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dabf81d308d9840caa0aaeb24346ed7cb3336a61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1536-1 for php-horde-core
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 01b63f46 by Markus Koschany at 2018-10-07T20:21:49Z Reserve DLA-1536-1 for php-horde-core - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[07 Oct 2018] DLA-1536-1 php-horde-core - security update + {CVE-2017-16907} + [jessie] - php-horde-core 2.15.0+debian0-1+deb8u2 [07 Oct 2018] DLA-1535-1 php-horde - security update {CVE-2017-16907} [jessie] - php-horde 5.2.1+debian0-2+deb8u4 = data/dla-needed.txt = @@ -56,8 +56,6 @@ openjdk-7 (Emilio Pozuelo) openjpeg2 (Hugo Lefeuvre) NOTE: 20180719: there is no patch available for the remaining CVEs -- -php-horde-core (Markus Koschany) --- php-horde-kronolith (Markus Koschany) -- phpldapadmin (Mike Gabriel) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01b63f46d5270c511120edbd3ff6ec768f2a0898 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01b63f46d5270c511120edbd3ff6ec768f2a0898 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-16908,php-horde-kronolith: Jessie is not affected.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b990a51a by Markus Koschany at 2018-10-07T20:18:51Z CVE-2017-16908,php-horde-kronolith: Jessie is not affected. The vulnerable JavaScript code is not present. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49421,6 +49421,7 @@ CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field durin NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html NOTE: https://bugs.horde.org/ticket/14857 NOTE: https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716 + [jessie] - php-horde-kronolith (vulnerable code not present) CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...) - php-horde (bug #909739) - php-horde-core (bug #909800) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b990a51a15de2afddd0389df06f6aa1f2bca7838 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b990a51a15de2afddd0389df06f6aa1f2bca7838 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1527-2 for ghostscript
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: d7251193 by Markus Koschany at 2018-10-01T10:55:53Z Reserve DLA-1527-2 for ghostscript - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[01 Oct 2018] DLA-1527-2 ghostscript - regression update + [jessie] - ghostscript 9.06~dfsg-2+deb8u10 [30 Sep 2018] DLA-1527-1 ghostscript - security update {CVE-2018-16543 CVE-2018-17183} [jessie] - ghostscript 9.06~dfsg-2+deb8u9 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d725119301a54db61f0eb14a66ac53aa5c725e84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d725119301a54db61f0eb14a66ac53aa5c725e84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim php-horde packages in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 7fd21741 by Markus Koschany at 2018-09-30T11:43:24Z Claim php-horde packages in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -54,6 +54,12 @@ openjdk-7 (Emilio Pozuelo) openjpeg2 (Hugo Lefeuvre) NOTE: 20180719: there is no patch available for the remaining CVEs -- +php-horde (Markus Koschany) +-- +php-horde-core (Markus Koschany) +-- +php-horde-kronolith (Markus Koschany) +-- phpldapadmin (Mike Gabriel) NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7fd21741f32a43596c486b2d726e702abed28998 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7fd21741f32a43596c486b2d726e702abed28998 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage golang-go.net-dev for Jessie.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 317f46d5 by Markus Koschany at 2018-09-30T11:40:46Z Triage golang-go.net-dev for Jessie. The vulnerable code is not present. The in template insertion mode was introduced in 2018. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1358,12 +1358,14 @@ CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.1 CVE-2018-17143 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles ...) - golang-golang-x-net-dev - golang-go.net-dev + [jessie] - golang-go.net-dev (vulnerable code not present) NOTE: https://github.com/golang/go/issues/27704 NOTE: https://github.com/golang/net/commit/2f5d2388922f370f4355f327fcf4cfe9f5583908 TODO: check, issue possibly only introduced with the 500e7a4f953ddaf55d316b4d3adc516aa0379622 commit (adding "in template" insertion mode support) CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles ...) - golang-golang-x-net-dev - golang-go.net-dev + [jessie] - golang-go.net-dev (vulnerable code not present) NOTE: https://github.com/golang/go/issues/27702 NOTE: https://github.com/golang/net/commit/cf3bd585ca2a5a21b057abd8be7eea2204af89d0 TODO: check, issue possibly only introduced with the 500e7a4f953ddaf55d316b4d3adc516aa0379622 commit (adding "in template" insertion mode support) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/317f46d5ef512306e22bd3e185bbe939ce2a4407 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/317f46d5ef512306e22bd3e185bbe939ce2a4407 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add jekyll to dla-needed.txt.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 4aa7698c by Markus Koschany at 2018-09-30T11:20:12Z Add jekyll to dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,6 +32,8 @@ gnutls28 (Antoine Beaupre) -- imagemagick (Roberto C. Sánchez) -- +jekyll +-- libav (Hugo Lefeuvre) NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop. NOTE: 20180118: It is unlikely that he will start again in the next weeks. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4aa7698c894b772315abab0387f0980aa6401ab0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4aa7698c894b772315abab0387f0980aa6401ab0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add poppler to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c1c887c by Markus Koschany at 2018-09-28T18:36:08Z Add poppler to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -61,6 +61,10 @@ openjpeg2 (Hugo Lefeuvre) phpldapadmin (Mike Gabriel) NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- +poppler + NOTE: 20180928: Consider fixing no-dsa/ignored bugs as well since this is + NOTE: frequently used package. +-- salt NOTE: 20180921: CVE-2017-7893 is not crucial since the managed system must be NOTE: 20180921: compromised first. But the security escalation effect can cause View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c1c887cae95f34842f3d057da0991d7644fad17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c1c887cae95f34842f3d057da0991d7644fad17 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-16646,poppler: Reference bug number
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: aa5ec653 by Markus Koschany at 2018-09-28T18:33:37Z CVE-2018-16646,poppler: Reference bug number - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2092,7 +2092,7 @@ CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in ...) [jessie] - mupdf (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699686 CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause ...) - - poppler + - poppler (bug #909802) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951 NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67 TODO: check, reporter did only report to Red Hat so far, few details View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa5ec653cc1edf05b862de9f4aa1ff1d52e8a2fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa5ec653cc1edf05b862de9f4aa1ff1d52e8a2fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-16646,poppler: Link to proposed patch
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c2eb604 by Markus Koschany at 2018-09-28T18:30:20Z CVE-2018-16646,poppler: Link to proposed patch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2092,8 +2092,9 @@ CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in ...) [jessie] - mupdf (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699686 CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause ...) - - poppler + - poppler NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951 + NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67 TODO: check, reporter did only report to Red Hat so far, few details CVE-2018-16645 (There is an excessive memory allocation issue in the functions ...) - imagemagick View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c2eb60475718d2d6c3b6b0438a204148beecd1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c2eb60475718d2d6c3b6b0438a204148beecd1e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update CVE-2017-16907 and rearrange the NOTES.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 30772934 by Markus Koschany at 2018-09-28T18:10:22Z Update CVE-2017-16907 and rearrange the NOTES. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48277,11 +48277,9 @@ CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color - php-horde (bug #909739) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html NOTE: https://bugs.horde.org/ticket/14857 - NOTE: https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230 + NOTE: php-horde: https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230 + NOTE: php-horde-core: https://github.com/horde/Core/commit/ecea6ea740419e19122a50579ba2903c1cb71d7a - php-horde-core (bug #909800) - NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html - NOTE: https://bugs.horde.org/ticket/14857 - NOTE: https://github.com/horde/Core/commit/ecea6ea740419e19122a50579ba2903c1cb71d7a CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...) - php-horde-kronolith (bug #909737) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30772934ec44822e39a4839ae2473be356745450 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30772934ec44822e39a4839ae2473be356745450 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-16907 is also in php-horde-core.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 92ee75ea by Markus Koschany at 2018-09-28T17:55:55Z CVE-2017-16907 is also in php-horde-core. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48278,6 +48278,10 @@ CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html NOTE: https://bugs.horde.org/ticket/14857 NOTE: https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230 + - php-horde-core (bug #909800) + NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html + NOTE: https://bugs.horde.org/ticket/14857 + NOTE: https://github.com/horde/Core/commit/ecea6ea740419e19122a50579ba2903c1cb71d7a CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...) - php-horde-kronolith (bug #909737) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92ee75ea91f3ab1a3c3ed461a418dc1f12d0c9ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92ee75ea91f3ab1a3c3ed461a418dc1f12d0c9ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-15365,percona-xtrabackup: Jessie is not affected.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: c0c74a7b by Markus Koschany at 2018-09-28T13:59:50Z CVE-2017-15365,percona-xtrabackup: Jessie is not affected. The vulnerable WSREP code was never introduced to this backup tool. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53201,6 +53201,7 @@ CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x b [stretch] - mariadb-10.1 (Minor issue) - mariadb-10.0 - percona-xtrabackup + [jessie] - percona-xtrabackup (vulnerable code not present) - mysql-5.7 - mysql-5.5 (Vulnerable code not present) NOTE: MariaDB: Fixed in 10.2.10, 10.1.30 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0c74a7bf4a9e120ebd4adc2ee7e63c9687071c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0c74a7bf4a9e120ebd4adc2ee7e63c9687071c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage binutils for Jessie.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: ac6657cb by Markus Koschany at 2018-09-28T11:36:58Z Triage binutils for Jessie. Follow Stretch. Mark CVE-2018-17358, CVE-2018-17359 and CVE-2018-17360 as ignored. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -455,16 +455,19 @@ CVE-2018-17361 (Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote at CVE-2018-17360 (An issue was discovered in the Binary File Descriptor (BFD) library ...) - binutils [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23685 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf93e9c2cf8f8b2566f8fc86e961592b51b5980d CVE-2018-17359 (An issue was discovered in the Binary File Descriptor (BFD) library ...) - binutils [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102 CVE-2018-17358 (An issue was discovered in the Binary File Descriptor (BFD) library ...) - binutils [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102 CVE-2018-17357 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac6657cb57a7ffae4bb5e09ae4aad5f4a03938cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac6657cb57a7ffae4bb5e09ae4aad5f4a03938cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-16907,php-horde: Link to patch and add Debian bug number
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c445d55 by Markus Koschany at 2018-09-27T13:27:35Z CVE-2017-16907,php-horde: Link to patch and add Debian bug number C# die mit # beginnen, werden ignoriert, und eine leere Beschreibung - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48241,10 +48241,10 @@ CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field durin NOTE: https://bugs.horde.org/ticket/14857 NOTE: https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716 CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...) - - php-horde + - php-horde (bug #909739) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html NOTE: https://bugs.horde.org/ticket/14857 - TODO: check + NOTE: https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230 CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...) - php-horde-kronolith (bug #909737) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c445d55d76f1972143eefcd34d1cc6a2fc13828 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c445d55d76f1972143eefcd34d1cc6a2fc13828 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-16908,php-horde-kronolith: Link to patch and add the Debian bug number
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e0ec96a6 by Markus Koschany at 2018-09-27T13:21:30Z CVE-2017-16908,php-horde-kronolith: Link to patch and add the Debian bug number - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48236,10 +48236,10 @@ CVE-2017-16909 NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19 NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during ...) - - php-horde + - php-horde-kronolith (bug #909738) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html NOTE: https://bugs.horde.org/ticket/14857 - TODO: check + NOTE: https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716 CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...) - php-horde NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0ec96a6ce707cef6cfa8eb6248ee40271b86704 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0ec96a6ce707cef6cfa8eb6248ee40271b86704 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-16906,php-horde-kronolith: Add link to patch and the Debian bug
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: a2768e41 by Markus Koschany at 2018-09-27T13:09:24Z CVE-2017-16906,php-horde-kronolith: Add link to patch and the Debian bug number. This issue is actually in php-horde-kronolith. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -48246,10 +48246,10 @@ CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color NOTE: https://bugs.horde.org/ticket/14857 TODO: check CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...) - - php-horde + - php-horde-kronolith (bug #909737) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html NOTE: https://bugs.horde.org/ticket/14857 - TODO: check + NOTE: https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d CVE-2017-16905 (The DuoLingo TinyCards application before 1.0 for Android has one use ...) NOT-FOR-US: DuoLingo TinyCards application CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2768e41c573ff2835cdcf0ada0e5948f11045ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2768e41c573ff2835cdcf0ada0e5948f11045ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1523-1 for asterisk
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 176a04ff by Markus Koschany at 2018-09-27T12:18:16Z Reserve DLA-1523-1 for asterisk - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[27 Sep 2018] DLA-1523-1 asterisk - security update + {CVE-2018-17281} + [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u6 [26 Sep 2018] DLA-1522-1 strongswan - security update {CVE-2018-16151 CVE-2018-16152} [jessie] - strongswan 5.2.1-6+deb8u7 = data/dla-needed.txt = @@ -15,8 +15,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- activemq (Abhijith PA) -- -asterisk (Markus Koschany) --- dnsmasq (Santiago) NOTE: 2010920: main reason for a DLA is to update dns trust anchors (Santiago) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/176a04ff37ae6a7ff1dd0e558942dfccc793c3f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/176a04ff37ae6a7ff1dd0e558942dfccc793c3f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-17336,udisks2: Jessie is not affected.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 6adf6bce by Markus Koschany at 2018-09-26T17:14:37Z CVE-2018-17336,udisks2: Jessie is not affected. Vulnerable code was introduced later. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -414,6 +414,7 @@ CVE-2018-17337 CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in ...) - udisks2 (bug #909607) [stretch] - udisks2 (Vulnerable code introduced later) + [jessie] - udisks2 (Vulnerable code introduced later) NOTE: https://github.com/storaged-project/udisks/issues/578 NOTE: Fixed by: https://github.com/storaged-project/udisks/commit/e369a9b4b08e9373c814c05328b366c938284eb5 NOTE: Introduced by: https://github.com/storaged-project/udisks/commit/ad2ce6714e911be58011dd6b838ec0f6fd0f950f (udisks-2.6.4) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6adf6bce851280d0c288bdf6159edbb1e7b57056 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6adf6bce851280d0c288bdf6159edbb1e7b57056 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add python2.7 to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: fa4333ec by Markus Koschany at 2018-09-25T21:11:32Z Add python2.7 to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -72,6 +72,8 @@ otrs2 phpldapadmin (Mike Gabriel) NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- +python2.7 +-- python3.4 (Antoine Beaupré) -- salt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa4333ece29ca5fa706a3dfc5a7149d6132e4249 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa4333ece29ca5fa706a3dfc5a7149d6132e4249 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add strongswan to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e598c27d by Markus Koschany at 2018-09-25T21:06:10Z Add strongswan to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -88,6 +88,8 @@ spamassassin NOTE: 20180925: wait for feedback (anarcat) NOTE: 20180925: 20180920021632.5ak6iznomgw5q...@ctrl.internal.morgul.net -- +strongswan +-- symfony (Thorsten Alteholz) -- thunderbird View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e598c27db8170392da587ac100ad74a344b9de8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e598c27db8170392da587ac100ad74a344b9de8b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add otrs2 to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: f3fa3266 by Markus Koschany at 2018-09-25T21:00:38Z Add otrs2 to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -67,6 +67,8 @@ openjdk-7 (Emilio Pozuelo) openjpeg2 (Hugo Lefeuvre) NOTE: 20180719: there is no patch available for the remaining CVEs -- +otrs2 +-- phpldapadmin (Mike Gabriel) NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3fa32665edb32be8b4f51f2ae932e676b7d9b42 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3fa32665edb32be8b4f51f2ae932e676b7d9b42 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim asterisk in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: baef0731 by Markus Koschany at 2018-09-25T20:58:39Z Claim asterisk in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -15,6 +15,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- activemq (Abhijith PA) -- +asterisk (Markus Koschany) +-- dnsmasq (Santiago) NOTE: 2010920: main reason for a DLA is to update dns trust anchors (Santiago) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baef0731b7036ff0c77cbd6f9912090a7222ffa9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baef0731b7036ff0c77cbd6f9912090a7222ffa9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-1000632,dom4j will be fixed in Jessie and Stretch.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 814588ba by Markus Koschany at 2018-09-24T17:15:09Z CVE-2018-1000632,dom4j will be fixed in Jessie and Stretch. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4234,8 +4234,6 @@ CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 5.4 NOT-FOR-US: Open Microscopy Environment CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection ...) - dom4j 2.1.1-1 (low) - [stretch] - dom4j (Minor issue) - [jessie] - dom4j (Minor issue) NOTE: https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387 NOTE: https://github.com/dom4j/dom4j/issues/48 CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/814588ba2d296bb9806078ad7d0cd28875206777 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/814588ba2d296bb9806078ad7d0cd28875206777 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim dom4j and ghostscript in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 63cd5363 by Markus Koschany at 2018-09-24T17:14:12Z Claim dom4j and ghostscript in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -18,6 +18,8 @@ activemq (Abhijith PA) dnsmasq (Santiago) NOTE: 2010920: main reason for a DLA is to update dns trust anchors (Santiago) -- +dom4j (Markus Koschany) +-- enigmail NOTE: 20180603: Commits between https://sourceforge.net/p/enigmail/source/ci/f6c111 (abhijith) NOTE: 20180603: and https://sourceforge.net/p/enigmail/source/ci/d2a83a might be useful. (abhijith) @@ -28,7 +30,7 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- -ghostscript +ghostscript (Markus Koschany) NOTE: 20180913: CVE-2018-16543 is still unfixed. Preliminary work is available at NOTE: 20180913: https://people.debian.org/~apo/lts/. See also the README. (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63cd5363d82456333425e7028ce37a59f867452c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63cd5363d82456333425e7028ce37a59f867452c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Reference upstream ticket for php-horde bugs.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 368492da by Markus Koschany at 2018-09-24T12:20:16Z Reference upstream ticket for php-horde bugs. I requested more information because I couldnt find any mention of a fix for those issues. - - - - - 1c263142 by Markus Koschany at 2018-09-24T12:21:56Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37347,6 +37347,7 @@ CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-rea CVE-2017-17781 (In Horde Groupware through 5.2.22, SQL Injection exists via the group ...) - php-horde NOTE: http://code610.blogspot.com/2017/12/modus-operandi-horde-52x.html + NOTE: https://bugs.horde.org/ticket/14857 CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS via a ...) NOT-FOR-US: Clockwork SMS plugins for WordPress CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the referrals.php id ...) @@ -47680,14 +47681,17 @@ CVE-2017-16909 CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during ...) - php-horde NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html + NOTE: https://bugs.horde.org/ticket/14857 TODO: check CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...) - php-horde NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html + NOTE: https://bugs.horde.org/ticket/14857 TODO: check CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...) - php-horde NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html + NOTE: https://bugs.horde.org/ticket/14857 TODO: check CVE-2017-16905 (The DuoLingo TinyCards application before 1.0 for Android has one use ...) NOT-FOR-US: DuoLingo TinyCards application View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ba60f28dedea26a8ec005a39dfd1e57d67f20d6f...1c2631429d0b7114305531420e826b6391d0bcd8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ba60f28dedea26a8ec005a39dfd1e57d67f20d6f...1c2631429d0b7114305531420e826b6391d0bcd8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct typo in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 89556cdf by Markus Koschany at 2018-09-21T16:58:39Z Correct typo in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -85,7 +85,7 @@ spamassassin -- symfony (Thorsten Alteholz) -- -textlive-bin (Markus Koschany) +texlive-bin (Markus Koschany) -- thunderbird -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89556cdf146e40cd56a5e15aaa52c9098074681d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89556cdf146e40cd56a5e15aaa52c9098074681d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim textlive-bin in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b223dc8 by Markus Koschany at 2018-09-21T16:45:29Z Claim textlive-bin in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -85,6 +85,8 @@ spamassassin -- symfony (Thorsten Alteholz) -- +textlive-bin (Markus Koschany) +-- thunderbird -- xen View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b223dc83d90e78bc15c454600dffdad3567e9b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b223dc83d90e78bc15c454600dffdad3567e9b8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1513-1 for openafs
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 14931c07 by Markus Koschany at 2018-09-21T16:42:12Z Reserve DLA-1513-1 for openafs - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[21 Sep 2018] DLA-1513-1 openafs - security update + {CVE-2018-16947 CVE-2018-16948 CVE-2018-16949} + [jessie] - openafs 1.6.9-2+deb8u8 [21 Sep 2018] DLA-1512-1 sympa - security update {CVE-2018-1000671} [jessie] - sympa 6.1.23~dfsg-2+deb8u3 = data/dla-needed.txt = @@ -66,8 +66,6 @@ mysql-5.5 (Emilio Pozuelo) -- okular (Thorsten Alteholz) -- -openafs (Markus Koschany) --- openjdk-7 (Emilio Pozuelo) -- openjpeg2 (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14931c07ac99d868ea40d633b8c37a4c23ce3b17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14931c07ac99d868ea40d633b8c37a4c23ce3b17 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1511-1 for reportbug
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 49089814 by Markus Koschany at 2018-09-20T13:10:09Z Reserve DLA-1511-1 for reportbug - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[20 Sep 2018] DLA-1511-1 reportbug - security update + [jessie] - reportbug 6.6.3+deb8u2 [20 Sep 2018] DLA-1510-1 glusterfs - security update {CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930} [jessie] - glusterfs 3.5.2-2+deb8u4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49089814d63586821512ef39759aaa726d176c61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49089814d63586821512ef39759aaa726d176c61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim openafs in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 2248311e by Markus Koschany at 2018-09-20T10:31:11Z Claim openafs in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -63,7 +63,7 @@ mysql-5.5 (Emilio Pozuelo) -- okular (Thorsten Alteholz) -- -openafs +openafs (Markus Koschany) -- openjdk-7 (Emilio Pozuelo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2248311ee3afe7c726bed5dbc3d8b6048964553d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2248311ee3afe7c726bed5dbc3d8b6048964553d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1510-1 for glusterfs
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b33243bb by Markus Koschany at 2018-09-20T09:06:31Z Reserve DLA-1510-1 for glusterfs - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[20 Sep 2018] DLA-1510-1 glusterfs - security update + {CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930} + [jessie] - glusterfs 3.5.2-2+deb8u4 [19 Sep 2018] DLA-1509-1 php5 - security update {CVE-2018-17082} [jessie] - php5 5.6.38+dfsg-0+deb8u1 = data/dla-needed.txt = @@ -30,8 +30,6 @@ ghostscript (Roberto C. Sánchez) NOTE: CVE-2018-16543 is still unfixed. Preliminary work is available at NOTE: https://people.debian.org/~apo/lts/. See also the README. -- -glusterfs (Markus Koschany) --- gnutls28 NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b33243bbffa8853c420728a63f5572c9d0a7d02a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b33243bbffa8853c420728a63f5572c9d0a7d02a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1507-1 for libapache2-mod-perl2
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: bead295e by Markus Koschany at 2018-09-18T18:04:10Z Reserve DLA-1507-1 for libapache2-mod-perl2 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[18 Sep 2018] DLA-1507-1 libapache2-mod-perl2 - security update + {CVE-2011-2767} + [jessie] - libapache2-mod-perl2 2.0.9~1624218-2+deb8u3 [16 Sep 2018] DLA-1506-1 intel-microcode - security update [jessie] - intel-microcode 3.20180807a.1~deb8u1 [15 Sep 2018] DLA-1505-1 zutils - security update = data/dla-needed.txt = @@ -39,8 +39,6 @@ imagemagick (Roberto C. Sánchez) -- kdepim -- -libapache2-mod-perl2 (Markus Koschany) --- libav (Hugo Lefeuvre) NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop. NOTE: 20180118: It is unlikely that he will start again in the next weeks. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bead295e30f9e76c07ca496fdde2caf879c8749b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bead295e30f9e76c07ca496fdde2caf879c8749b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim libapache2-mod-perl2 in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f4ee4fc by Markus Koschany at 2018-09-18T17:48:03Z Claim libapache2-mod-perl2 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -39,7 +39,7 @@ imagemagick (Roberto C. Sánchez) -- kdepim -- -libapache2-mod-perl2 +libapache2-mod-perl2 (Markus Koschany) -- libav (Hugo Lefeuvre) NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f4ee4fc02be70640e1f23fd1b988aad47cfa7f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f4ee4fc02be70640e1f23fd1b988aad47cfa7f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Remove nss from dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 42772674 by Markus Koschany at 2018-09-17T17:01:13Z Remove nss from dla-needed.txt - - - - - 3fe3596f by Markus Koschany at 2018-09-17T17:02:12Z Claim glusterfs in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -30,7 +30,7 @@ ghostscript (Roberto C. Sánchez) NOTE: CVE-2018-16543 is still unfixed. Preliminary work is available at NOTE: https://people.debian.org/~apo/lts/. See also the README. -- -glusterfs +glusterfs (Markus Koschany) -- gnutls28 (Ola Lundqvist) NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (lamby) @@ -59,8 +59,6 @@ linux-4.9 (Ben Hutchings) mosquitto NOTE: 20180629: there are still two CVEs open, their upstream bugs show no progress -- -nss (Markus Koschany) --- mysql-5.5 (Emilio Pozuelo) -- openjdk-7 (Emilio Pozuelo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/263431f6d9707e2b62998386a40447d71dbd5007...3fe3596f3e9b2ec1a195ad370b8555e54cfc9274 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/263431f6d9707e2b62998386a40447d71dbd5007...3fe3596f3e9b2ec1a195ad370b8555e54cfc9274 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim two frontdesk weeks.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b505fc8f by Markus Koschany at 2018-09-17T10:48:24Z Claim two frontdesk weeks. - - - - - 1 changed file: - org/lts-frontdesk.2018.txt Changes: = org/lts-frontdesk.2018.txt = @@ -48,13 +48,13 @@ From 20-08 to 26-08:Chris Lamb From 27-08 to 02-09:Markus Koschany From 03-09 to 09-09:Chris Lamb From 10-09 to 16-09:Thorsten Alteholz -From 17-09 to 23-09:Markus Koschany -From 24-09 to 30-09: +From 17-09 to 23-09:Ola Lundqvist +From 24-09 to 30-09:Markus Koschany From 01-10 to 07-10:Chris Lamb From 08-10 to 14-10:Markus Koschany From 15-10 to 21-10:Chris Lamb From 22-10 to 28-10:Thorsten Alteholz -From 29-10 to 04-11:Ola Lundqvist +From 29-10 to 04-11:Markus Koschany From 05-11 to 11-11:Chris Lamb From 12-11 to 18-11: From 19-11 to 25-11:Markus Koschany View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b505fc8f9cfe8755b3faff1698ee8ef0fb5ab932 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b505fc8f9cfe8755b3faff1698ee8ef0fb5ab932 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Switch frontdesk with Ola from 17.9 to 23.9.18
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 3bc3bc99 by Markus Koschany at 2018-09-16T19:51:23Z Switch frontdesk with Ola from 17.9 to 23.9.18 - - - - - a3d99024 by Markus Koschany at 2018-09-16T19:52:37Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - org/lts-frontdesk.2018.txt Changes: = org/lts-frontdesk.2018.txt = @@ -48,7 +48,7 @@ From 20-08 to 26-08:Chris Lamb From 27-08 to 02-09:Markus Koschany From 03-09 to 09-09:Chris Lamb From 10-09 to 16-09:Thorsten Alteholz -From 17-09 to 23-09:Ola Lundqvist +From 17-09 to 23-09:Markus Koschany From 24-09 to 30-09:Guido Günther From 01-10 to 07-10:Chris Lamb From 08-10 to 14-10:Markus Koschany View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4d52193edd3d631fc5970cd88302448256e2d477...a3d9902409c6f316936fc22f0fa597f256be13f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4d52193edd3d631fc5970cd88302448256e2d477...a3d9902409c6f316936fc22f0fa597f256be13f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1506-1 for intel-microcode
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: ed6099e3 by Markus Koschany at 2018-09-16T10:13:07Z Reserve DLA-1506-1 for intel-microcode - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[16 Sep 2018] DLA-1506-1 intel-microcode - security update + [jessie] - intel-microcode 3.20180807a.1~deb8u1 [15 Sep 2018] DLA-1505-1 zutils - security update {CVE-2018-1000637} [jessie] - zutils 1.3-4+deb8u1 = data/dla-needed.txt = @@ -33,10 +33,6 @@ gnutls28 (Ola Lundqvist) -- imagemagick (Roberto C. Sánchez) -- -intel-microcode (Henrique de Moraes Holschuh) - NOTE: 20180915: intel-microcode 3.20180807a.1 also going through stretch-security (hmh) - NOTE: 20180915: DLA likely should wait for (or be done in sync with) the DSA (hmh) --- kdepim -- libav (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed6099e3b02acd941bae4e7dc45e7c3627b709da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed6099e3b02acd941bae4e7dc45e7c3627b709da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim nss in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: c760b912 by Markus Koschany at 2018-09-15T16:56:07Z Claim nss in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -53,6 +53,8 @@ linux-4.9 (Ben Hutchings) mosquitto NOTE: 20180629: there are still two CVEs open, their upstream bugs show no progress -- +nss (Markus Koschany) +-- mupdf (Abhijith PA) NOTE: 20180912: convert command not available in jessie mupdf. Couldn't reproduce, but codebase almost similar. NOTE: 20180912: Waiting for bug reporter's reply (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c760b9125d1ffa05b7c7fe7ee9daedbaca145703 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c760b9125d1ffa05b7c7fe7ee9daedbaca145703 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Readd ghostscript with comments to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d133574 by Markus Koschany at 2018-09-13T11:34:33Z Readd ghostscript with comments to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,6 +22,10 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- +ghostscript + NOTE: CVE-2018-16543 is still unfixed. Preliminary work is available at + NOTE: https://people.debian.org/~apo/lts/. See also the README. +-- glusterfs -- gnutls28 (Ola Lundqvist) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d133574e45e7435aa5848d5ca22a2c3972f5095 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d133574e45e7435aa5848d5ca22a2c3972f5095 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1504-1 for ghostscript
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: df25b86f by Markus Koschany at 2018-09-13T11:09:15Z Reserve DLA-1504-1 for ghostscript - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[13 Sep 2018] DLA-1504-1 ghostscript - security update + {CVE-2018-11645 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16585 CVE-2018-16802} + [jessie] - ghostscript 9.06~dfsg-2+deb8u8 [12 Sep 2018] DLA-1500-2 openssh - regression update [jessie] - openssh 1:6.7p1-5+deb8u7 [12 Sep 2018] DLA-1503-1 kamailio - security update = data/dla-needed.txt = @@ -22,8 +22,6 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- -ghostscript (Markus Koschany) --- glusterfs -- gnutls28 (Ola Lundqvist) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df25b86f3a8f0e4c8a4af28fc2355dcd47881230 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df25b86f3a8f0e4c8a4af28fc2355dcd47881230 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-16510,ghostscript: Jessie is not affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 65d0f34a by Markus Koschany at 2018-09-09T15:52:02Z CVE-2018-16510,ghostscript: Jessie is not affected Vulnerable code is not present. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2087,6 +2087,7 @@ CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A ty NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659 CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...) - ghostscript (bug #908304) + [jessie] - ghostscript (vulnerable code is not present) NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671 CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65d0f34a3b4554be3dba7c13e66b0f9caa3d3804 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65d0f34a3b4554be3dba7c13e66b0f9caa3d3804 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1499-1 for discount
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b2265d3a by Markus Koschany at 2018-09-08T19:45:40Z Reserve DLA-1499-1 for discount - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[08 Sep 2018] DLA-1499-1 discount - security update + {CVE-2018-11468 CVE-2018-11503 CVE-2018-11504 CVE-2018-12495} + [jessie] - discount 2.1.7-1+deb8u1 [08 Sep 2018] DLA-1498-1 curl - security update {CVE-2018-14618} [jessie] - curl 7.38.0-4+deb8u12 = data/dla-needed.txt = @@ -14,8 +14,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues NOTE: 20180901: No detailed information or a reproducer available at the NOTE: moment. Check. (apo) -- -discount (Markus Koschany) --- enigmail NOTE: 20180603: Commits between https://sourceforge.net/p/enigmail/source/ci/f6c111 (abhijith) NOTE: 20180603: and https://sourceforge.net/p/enigmail/source/ci/d2a83a might be useful. (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2265d3ad9609eeb6476e35045ff66d3b24f990e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2265d3ad9609eeb6476e35045ff66d3b24f990e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ghostscript,-dSafer issues: Link to more required fixes
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 80978b42 by Markus Koschany at 2018-09-03T17:56:26Z ghostscript,-dSafer issues: Link to more required fixes Apparently there are more issues to fix. According to oss-sec, Marcus Meissner from SUSE security intends to request new CVE. Until this is done, lets track the proposed fixes here. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1135,6 +1135,13 @@ CVE-2018- [Multiple -dSAFER sandbox bypass vulnerabilities] NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614 + NOTE: https://marc.info/?l=oss-security=153544835030871=2 + NOTE: According to oss-sec there are more fixes required. Possibly new CVE + NOTE: will be assigned soon. For now let's track them here. + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b5536fa88a9e885032bc0df3852c3439399a5c0 CVE-2018- [preserve LockSafetyParams in the nulldevice] - ghostscript (bug #907703) NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=79cccf641486 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80978b42a92136be5f0298d1d06d542a2b406c14 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80978b42a92136be5f0298d1d06d542a2b406c14 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-11645,ghostscript: Will be fixed in Jessie
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e89cd7a6 by Markus Koschany at 2018-09-03T15:59:57Z CVE-2018-11645,ghostscript: Will be fixed in Jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11656,7 +11656,6 @@ CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...) CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status ...) - ghostscript 9.21~dfsg-1 (low) [stretch] - ghostscript (Be be fixed along in future update) - [jessie] - ghostscript (Be be fixed along in future update) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1) CVE-2018-11644 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e89cd7a67cf112356f68170587a2684b24a6ef68 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e89cd7a67cf112356f68170587a2684b24a6ef68 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add polarssl to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a98be56 by Markus Koschany at 2018-09-02T21:53:04Z Add polarssl to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -92,6 +92,9 @@ openssh (Santiago) phpldapadmin (Mike Gabriel) NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- +polarssl + NOTE: 20180902: The no-dsa/postponed issues could be fixed as well. (apo) +-- qemu (Santiago) -- samba (Holger Levsen) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a98be562fc30b77ebab8e054f90a5b12c0858fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a98be562fc30b77ebab8e054f90a5b12c0858fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim discount in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 69191d45 by Markus Koschany at 2018-09-02T19:55:30Z Claim discount in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -14,6 +14,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues NOTE: 20180901: No detailed information or a reproducer available at the NOTE: moment. Check. (apo) -- +discount (Markus Koschany) +-- dojo (Abhijith PA) -- enigmail View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69191d458ec31b80a846e73216d6e040aead3493 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69191d458ec31b80a846e73216d6e040aead3493 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] discount: Add link to fixing commit
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: b0f40ae2 by Markus Koschany at 2018-09-02T19:54:21Z discount: Add link to fixing commit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9255,6 +9255,7 @@ CVE-2018-12496 CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT ...) - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501 + NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974 CVE-2018-12494 (An issue discovered in PublicCMS V4.0.20180210. There is a Directory ...) NOT-FOR-US: PublicCMS CVE-2018-12493 (An issue discovered in PublicCMS V4.0.20180210. There is a Directory ...) @@ -11904,10 +11905,12 @@ CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 2 - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798 NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase + NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974 CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT ...) - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798 NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase + NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974 CVE-2018-11502 (An issue was discovered in the Moderator Log Notes plugin 1.1 for ...) NOT-FOR-US: MyBB plugin CVE-2018-11501 (PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via ...) @@ -12000,6 +12003,7 @@ CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISC - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189 NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase + NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974 CVE-2018-11467 RESERVED CVE-2018-11466 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0f40ae2ca171650caee3b3096e5f7500c54993f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0f40ae2ca171650caee3b3096e5f7500c54993f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-16328,imagemagick: Jessie is not-affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a18f3f0 by Markus Koschany at 2018-09-02T19:32:11Z CVE-2018-16328,imagemagick: Jessie is not-affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -30,6 +30,7 @@ CVE-2018-16329 (In ImageMagick before 7.0.8-8, a NULL pointer dereference exists CVE-2018-16328 (In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the ...) - imagemagick 8:6.9.10.8+dfsg-1 [stretch] - imagemagick (Vulnerable code introduced later) + [jessie] - imagemagick (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1224 NOTE: https://github.com/ImageMagick/ImageMagick/commit/107ce8577e818cf4801e5a59641cb769d645cc95 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/68e4f4d22abaf97b61019ea85f74e2f639d0e93e View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a18f3f0e50f85791d80b6fa7e9aada2c93f4ad8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a18f3f0e50f85791d80b6fa7e9aada2c93f4ad8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-16335,tiff: postponed for Jessie
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: f60f5c51 by Markus Koschany at 2018-09-02T19:26:45Z CVE-2018-16335,tiff: postponed for Jessie Can be fixed in a future DLA when upstream clarifies impact and solution. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,6 +5,7 @@ CVE-2018-16336 (Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows r CVE-2018-16335 (newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c ...) - tiff (bug #907795) [stretch] - tiff (Can be fixed along in future DSA) + [jessie] - tiff (Can be fixed along in future DLA) - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2809 NOTE: The fix for CVE-2017-11613 is possibly covering the bug. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f60f5c5193d965afc14177db5ec665c4df2dfa60 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f60f5c5193d965afc14177db5ec665c4df2dfa60 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Revert "Let's try this syntax instead."
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 096ad330 by Markus Koschany at 2018-09-02T19:24:03Z Revert Lets try this syntax instead. This reverts commit e80ddceb278cbbc06a8bd97f23f8ad062b5ec681. - - - - - 996f06e9 by Markus Koschany at 2018-09-02T19:24:18Z Revert Mark some php5 issues as affecting/not affecting all suites as This reverts commit 1dcb45420187d8cc2ea4b0812c778308726e5878. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -68992,7 +68992,8 @@ CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial o - php7.2 - php7.1 - php7.0 - - php5 (Not reproducible, vulnerable code not present.) + - php5 + [jessie] - php5 (Not reproducible, vulnerable code not present.) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544 CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...) - php7.1 (unimportant) @@ -69004,7 +69005,8 @@ CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl vi - php7.2 - php7.1 - php7.0 - - php5 (not reproducible, most likely not affected) + - php5 + [jessie] - php5 (not reproducible, most likely not affected) NOTE: Check for Jessie again as soon as more information are available. NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604 CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying ...) @@ -75006,7 +75008,8 @@ CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that ac - php7.1 - php7.0 [stretch] - php7.0 (Upstream patch breaks existing applications, revisit if a new approach has been identified) - - php5 (Never applied to PHP 5 by upstream, breaks existing applications) + - php5 + [jessie] - php5 (Never applied to PHP 5 by upstream, breaks existing applications) NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a NOTE: https://bugs.php.net/bug.php?id=74216 NOTE: Fixed in 7.1.4 and 7.0.18, but were later reverted: https://bugzilla.redhat.com/show_bug.cgi?id=1437837#c3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f214a693db7aa287e6e4e588fa3ee88f3b0e8e91...996f06e9a25ee11875dc91a7d73c387d7573e207 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f214a693db7aa287e6e4e588fa3ee88f3b0e8e91...996f06e9a25ee11875dc91a7d73c387d7573e207 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Let's try this syntax instead.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: e80ddceb by Markus Koschany at 2018-09-02T19:19:43Z Lets try this syntax instead. - - - - - f214a693 by Markus Koschany at 2018-09-02T19:20:25Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -68992,8 +68992,7 @@ CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial o - php7.2 - php7.1 - php7.0 - - php5 - php5 (Not reproducible, vulnerable code not present.) + - php5 (Not reproducible, vulnerable code not present.) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544 CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...) - php7.1 (unimportant) @@ -69005,8 +69004,7 @@ CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl vi - php7.2 - php7.1 - php7.0 - - php5 - php5 (not reproducible, most likely not affected) + - php5 (not reproducible, most likely not affected) NOTE: Check for Jessie again as soon as more information are available. NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604 CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying ...) @@ -75008,8 +75006,7 @@ CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that ac - php7.1 - php7.0 [stretch] - php7.0 (Upstream patch breaks existing applications, revisit if a new approach has been identified) - - php5 - php5 (Never applied to PHP 5 by upstream, breaks existing applications) + - php5 (Never applied to PHP 5 by upstream, breaks existing applications) NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a NOTE: https://bugs.php.net/bug.php?id=74216 NOTE: Fixed in 7.1.4 and 7.0.18, but were later reverted: https://bugzilla.redhat.com/show_bug.cgi?id=1437837#c3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/19d66e6986d123047168d1b89a051b276f02d9f8...f214a693db7aa287e6e4e588fa3ee88f3b0e8e91 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/19d66e6986d123047168d1b89a051b276f02d9f8...f214a693db7aa287e6e4e588fa3ee88f3b0e8e91 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark some php5 issues as affecting/not affecting all suites as
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dcb4542 by Markus Koschany at 2018-09-02T19:14:34Z Mark some php5 issues as affecting/not affecting all suites as recommended by jmm. Technically src:php5 only exists in Jessie, so the specific [jessie] prefix can be removed. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -68993,7 +68993,7 @@ CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial o - php7.1 - php7.0 - php5 - [jessie] - php5 (Not reproducible, vulnerable code not present.) + php5 (Not reproducible, vulnerable code not present.) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544 CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...) - php7.1 (unimportant) @@ -69006,7 +69006,7 @@ CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl vi - php7.1 - php7.0 - php5 - [jessie] - php5 (not reproducible, most likely not affected) + php5 (not reproducible, most likely not affected) NOTE: Check for Jessie again as soon as more information are available. NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604 CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying ...) @@ -75009,7 +75009,7 @@ CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that ac - php7.0 [stretch] - php7.0 (Upstream patch breaks existing applications, revisit if a new approach has been identified) - php5 - [jessie] - php5 (Never applied to PHP 5 by upstream, breaks existing applications) + php5 (Never applied to PHP 5 by upstream, breaks existing applications) NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a NOTE: https://bugs.php.net/bug.php?id=74216 NOTE: Fixed in 7.1.4 and 7.0.18, but were later reverted: https://bugzilla.redhat.com/show_bug.cgi?id=1437837#c3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dcb45420187d8cc2ea4b0812c778308726e5878 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dcb45420187d8cc2ea4b0812c778308726e5878 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2014-7250,kfreebsd-10: EOL in Jessie, not supported.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: d8c228ba by Markus Koschany at 2018-09-01T21:55:26Z CVE-2014-7250,kfreebsd-10: EOL in Jessie, not supported. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -158143,6 +158143,7 @@ CVE-2014-7250 (The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD pos - kfreebsd-9 [wheezy] - kfreebsd-9 (Not supported in wheezy LTS) - kfreebsd-10 (bug #778367) + [jessie] - kfreebsd-10 (Not supported in Jessie LTS) CVE-2014-7249 (Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, ...) NOT-FOR-US: Allied Telesis CVE-2014-7248 (Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c228ba5f18143879d2101acd4fb4d5ee7c3414 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c228ba5f18143879d2101acd4fb4d5ee7c3414 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-16323,imagemagick: Ignored for Jessie, minor issue.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: eb8d5144 by Markus Koschany at 2018-09-01T21:52:39Z CVE-2018-16323,imagemagick: Ignored for Jessie, minor issue. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,6 +2,7 @@ CVE-2018-16324 (In IceWarp Server 12.0.3.1 and before, there is XSS in the /webm NOT-FOR-US: IceWarp Server CVE-2018-16323 (ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data ...) - imagemagick (bug #907776) + [jessie] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786 CVE-2018-16322 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb8d5144af41001e187ae2d51436a9e11c8aafe9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb8d5144af41001e187ae2d51436a9e11c8aafe9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-7685,libzypp: Ignored in Jessie, minor issue
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: da3e01ef by Markus Koschany at 2018-09-01T20:48:15Z CVE-2018-7685,libzypp: Ignored in Jessie, minor issue very low popcon, not used by any sponsor - - - - - e9354264 by Markus Koschany at 2018-09-01T20:49:14Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21737,6 +21737,7 @@ CVE-2018-7686 (Information leakage vulnerability in NetIQ eDirectory before 9.1. NOT-FOR-US: NetIQ eDirectory CVE-2018-7685 (The decoupled download and installation steps in libzypp before 17.5.0 ...) - libzypp 17.6.1-1 + [jessie] - libzypp (Minor issue, very low popcon) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1091624 NOTE: https://github.com/openSUSE/libzypp/commit/5186110992f29c5e3b1b5bfe9e1ca899a155399c CVE-2018-7684 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ef05c5f47ccca52658bcd42f329eed582fe20ad3...e9354264bf6e51d2d119cd79ac7bc5a1996576d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ef05c5f47ccca52658bcd42f329eed582fe20ad3...e9354264bf6e51d2d119cd79ac7bc5a1996576d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-9118,php5: postponed for Jessie, most likely not affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c132d94 by Markus Koschany at 2018-09-01T20:19:27Z CVE-2017-9118,php5: postponed for Jessie, most likely not affected The issue is not reproducible. Bug reporter states that only php7 is affected. No more details available at this moment. Can be postponed and re-evaluated at a later point in time. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -68965,6 +68965,8 @@ CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl vi - php7.1 - php7.0 - php5 + [jessie] - php5 (not reproducible, most likely not affected) + NOTE: Check for Jessie again as soon as more information are available. NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604 CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying ...) - tiff (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c132d944172b8f7cac7f54228711815bd2f9a9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c132d944172b8f7cac7f54228711815bd2f9a9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2017-9120,php5: Jessie is not affected.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 09796eeb by Markus Koschany at 2018-09-01T20:16:24Z CVE-2017-9120,php5: Jessie is not affected. This is issue is neither reproducible with the POC nor is the vulnerable code in mysqli_real_escape_string present. - - - - - 54ccbe0d by Markus Koschany at 2018-09-01T20:17:35Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -68952,6 +68952,7 @@ CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial o - php7.1 - php7.0 - php5 + [jessie] - php5 (Not reproducible, vulnerable code not present.) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544 CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...) - php7.1 (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/911fdfac1012384a194ae4698d684e65b41bba1d...54ccbe0d7afe0f4cbac744abac0b7f988e03b17a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/911fdfac1012384a194ae4698d684e65b41bba1d...54ccbe0d7afe0f4cbac744abac0b7f988e03b17a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage open Wireshark issues for Jessie.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 117bd382 by Markus Koschany at 2018-09-01T19:16:19Z Triage open Wireshark issues for Jessie. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -517,16 +517,19 @@ CVE-2018-16059 RESERVED CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) - wireshark 2.6.3-1 + [jessie] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) - wireshark 2.6.3-1 + [jessie] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) - wireshark 2.6.3-1 + [jessie] - wireshark (vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-45.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/117bd3825e6eb4de83a05f37e8c6344e7e05fdeb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/117bd3825e6eb4de83a05f37e8c6344e7e05fdeb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits