subject:"\[Git\]\[security\-tracker\-team\/security\-tracker\]\[master\] 3 commits\: update note"

[Git][security-tracker-team/security-tracker][master] 3 commits: update note

2023-04-23 Thread Thorsten Alteholz (@alteholz)



Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
392faaf2 by Thorsten Alteholz at 2023-04-23T23:14:45+02:00
update note

- - - - -
a3e660ee by Thorsten Alteholz at 2023-04-23T23:15:26+02:00
claim libxml2

- - - - -
fdd07710 by Thorsten Alteholz at 2023-04-23T23:15:59+02:00
claim sniproxy

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -117,7 +117,7 @@ libapache2-mod-auth-openidc (Adrian Bunk)
   NOTE: 20230404: CVE-2022-23527 will be fixed in Debian 11.7 (#1026447)
   NOTE: 20230404: Also check if other postponed/open CVEs need to be fixed 
(Beuc/front-desk)
 --
-libxml2
+libxml2 (Thorsten Alteholz)
   NOTE: 20230416: Programming language: C.
   NOTE: 20230416: VCS: https://salsa.debian.org/lts-team/packages/libxml2.git
 --
@@ -262,6 +262,7 @@ rainloop
 ring (Thorsten Alteholz)
   NOTE: 20221120: Programming language: C.
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git
+  NOTE: 20230423: move CVEs appeared
 --
 ruby-loofah (dleidert)
   NOTE: 20221231: Programming language: Ruby.
@@ -289,7 +290,7 @@ samba
   NOTE: 20220904: Many postponed or open CVE in general. (apo)
   NOTE: 20230323: Still working on the long list of CVEs, will likely release 
an intermittent package first (lee)
 --
-sniproxy
+sniproxy (Thorsten Alteholz)
   NOTE: 20230423: Programming language: C.
   NOTE: 20230423: Rather severe issue but very few users. (opal).
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad382ea0a4605ea89f3175ec7891ff8bcc2096fd...fdd07710473b31d5b501ff1063af46e117fc4114

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad382ea0a4605ea89f3175ec7891ff8bcc2096fd...fdd07710473b31d5b501ff1063af46e117fc4114
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: update note

2022-01-16 Thread Thorsten Alteholz (@alteholz)



Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5969a87d by Thorsten Alteholz at 2022-01-16T23:30:46+01:00
update note

- - - - -
8cf7c60f by Thorsten Alteholz at 2022-01-16T23:50:13+01:00
slurm-llnl is probably still affected by CVE-2021-31215

- - - - -
99c5b013 by Thorsten Alteholz at 2022-01-17T00:34:34+01:00
Reserve DLA-2882-1 for sphinxsearch

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -44780,7 +44780,6 @@ CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 
20.03.x through 20.11.x before
- slurm-wlm 20.11.7+really20.11.4-2 (bug #988439)
- slurm-llnl 
[buster] - slurm-llnl  (Minor issue)
-   [stretch] - slurm-llnl  (env is already SPANKed)
NOTE: 
https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236
 (2.11.7)
NOTE: Initially already fixed in 20.11.7-1 (the tracker would do the 
right thing)
NOTE: but the unstable upload invalidated the changelog 20.11.7-1 so 
use 20.11.7+really20.11.4-2


=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[17 Jan 2022] DLA-2882-1 sphinxsearch - security update
+   {CVE-2020-29050}
+   [stretch] - sphinxsearch 2.2.11-1.1+deb9u1
 [16 Jan 2022] DLA-2881-1 thunderbird - security update
{CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 
CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 
CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
[stretch] - thunderbird 1:91.5.0-1~deb9u1


=
data/dla-needed.txt
=
@@ -64,6 +64,7 @@ guacamole-client
 --
 libarchive (Thorsten Alteholz)
   NOTE: 20220102: testing package
+  NOTE: 20220116: waiting for upload in higher releases
 --
 libgit2 (Utkarsh)
   NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed
@@ -128,9 +129,6 @@ slurm-llnl (Sylvain Beucler)
   NOTE: 20220107: backporting patches (Beuc)
   NOTE: 20220114: wait for Thorsten's precisions wrt. CVE-2021-31215 triage
 --
-sphinxsearch (Thorsten Alteholz)
-  NOTE: 20220103: waiting for Buster upload
---
 uriparser (Chris Lamb)
 --
 vim (Emilio)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/53745e7ce7986c08f267b01bff58ab8108312c0c...99c5b0136386769afc6165609f1bc61dd956e465

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/53745e7ce7986c08f267b01bff58ab8108312c0c...99c5b0136386769afc6165609f1bc61dd956e465
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: update note

2020-01-26 Thread Thorsten Alteholz



Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2e07338e by Thorsten Alteholz at 2020-01-26T22:34:50+01:00
update note

- - - - -
c35565ac by Thorsten Alteholz at 2020-01-26T22:34:51+01:00
CVE-2015-6748 will be fixed

- - - - -
acb9120d by Thorsten Alteholz at 2020-01-26T22:35:39+01:00
Reserve DLA-2075-1 for jsoup

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -216745,7 +216745,6 @@ CVE-2015-6738
RESERVED
 CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. 
...)
- jsoup 1.8.3-1 (bug #797275)
-   [jessie] - jsoup  (Minor issue)
[wheezy] - jsoup  (Minor issue)
NOTE: https://github.com/jhy/jsoup/pull/582
NOTE: https://hibernate.atlassian.net/browse/HV-1012


=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[26 Jan 2020] DLA-2075-1 jsoup - security update
+   {CVE-2015-6748}
+   [jessie] - jsoup 1.8.1-1+deb8u1
 [23 Jan 2020] DLA-2074-1 python-apt - security update
{CVE-2019-15795 CVE-2019-15796}
[jessie] - python-apt 0.9.3.13


=
data/dla-needed.txt
=
@@ -119,7 +119,7 @@ slurm-llnl
 --
 sqlite3 (Thorsten Alteholz)
   NOTE: 20191212: look at no-dsa as well
-  NOTE: 20200112: WIP
+  NOTE: 20200126: WIP
 --
 squid3
   NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02...acb9120d35c27d0f919ddbd55600f08036f95254

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02...acb9120d35c27d0f919ddbd55600f08036f95254
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: update note

[Git][security-tracker-team/security-tracker][master] 3 commits: update note

[Git][security-tracker-team/security-tracker][master] 3 commits: update note

3 matches

Site Navigation

Mail list logo

Footer information