[Git][security-tracker-team/security-tracker][master] 3 commits: update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 392faaf2 by Thorsten Alteholz at 2023-04-23T23:14:45+02:00 update note - - - - - a3e660ee by Thorsten Alteholz at 2023-04-23T23:15:26+02:00 claim libxml2 - - - - - fdd07710 by Thorsten Alteholz at 2023-04-23T23:15:59+02:00 claim sniproxy - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -117,7 +117,7 @@ libapache2-mod-auth-openidc (Adrian Bunk) NOTE: 20230404: CVE-2022-23527 will be fixed in Debian 11.7 (#1026447) NOTE: 20230404: Also check if other postponed/open CVEs need to be fixed (Beuc/front-desk) -- -libxml2 +libxml2 (Thorsten Alteholz) NOTE: 20230416: Programming language: C. NOTE: 20230416: VCS: https://salsa.debian.org/lts-team/packages/libxml2.git -- @@ -262,6 +262,7 @@ rainloop ring (Thorsten Alteholz) NOTE: 20221120: Programming language: C. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git + NOTE: 20230423: move CVEs appeared -- ruby-loofah (dleidert) NOTE: 20221231: Programming language: Ruby. @@ -289,7 +290,7 @@ samba NOTE: 20220904: Many postponed or open CVE in general. (apo) NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee) -- -sniproxy +sniproxy (Thorsten Alteholz) NOTE: 20230423: Programming language: C. NOTE: 20230423: Rather severe issue but very few users. (opal). -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad382ea0a4605ea89f3175ec7891ff8bcc2096fd...fdd07710473b31d5b501ff1063af46e117fc4114 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad382ea0a4605ea89f3175ec7891ff8bcc2096fd...fdd07710473b31d5b501ff1063af46e117fc4114 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 5969a87d by Thorsten Alteholz at 2022-01-16T23:30:46+01:00 update note - - - - - 8cf7c60f by Thorsten Alteholz at 2022-01-16T23:50:13+01:00 slurm-llnl is probably still affected by CVE-2021-31215 - - - - - 99c5b013 by Thorsten Alteholz at 2022-01-17T00:34:34+01:00 Reserve DLA-2882-1 for sphinxsearch - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -44780,7 +44780,6 @@ CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before - slurm-wlm 20.11.7+really20.11.4-2 (bug #988439) - slurm-llnl [buster] - slurm-llnl (Minor issue) - [stretch] - slurm-llnl (env is already SPANKed) NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7) NOTE: Initially already fixed in 20.11.7-1 (the tracker would do the right thing) NOTE: but the unstable upload invalidated the changelog 20.11.7-1 so use 20.11.7+really20.11.4-2 = data/DLA/list = @@ -1,3 +1,6 @@ +[17 Jan 2022] DLA-2882-1 sphinxsearch - security update + {CVE-2020-29050} + [stretch] - sphinxsearch 2.2.11-1.1+deb9u1 [16 Jan 2022] DLA-2881-1 thunderbird - security update {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751} [stretch] - thunderbird 1:91.5.0-1~deb9u1 = data/dla-needed.txt = @@ -64,6 +64,7 @@ guacamole-client -- libarchive (Thorsten Alteholz) NOTE: 20220102: testing package + NOTE: 20220116: waiting for upload in higher releases -- libgit2 (Utkarsh) NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed @@ -128,9 +129,6 @@ slurm-llnl (Sylvain Beucler) NOTE: 20220107: backporting patches (Beuc) NOTE: 20220114: wait for Thorsten's precisions wrt. CVE-2021-31215 triage -- -sphinxsearch (Thorsten Alteholz) - NOTE: 20220103: waiting for Buster upload --- uriparser (Chris Lamb) -- vim (Emilio) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/53745e7ce7986c08f267b01bff58ab8108312c0c...99c5b0136386769afc6165609f1bc61dd956e465 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/53745e7ce7986c08f267b01bff58ab8108312c0c...99c5b0136386769afc6165609f1bc61dd956e465 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e07338e by Thorsten Alteholz at 2020-01-26T22:34:50+01:00 update note - - - - - c35565ac by Thorsten Alteholz at 2020-01-26T22:34:51+01:00 CVE-2015-6748 will be fixed - - - - - acb9120d by Thorsten Alteholz at 2020-01-26T22:35:39+01:00 Reserve DLA-2075-1 for jsoup - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -216745,7 +216745,6 @@ CVE-2015-6738 RESERVED CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. ...) - jsoup 1.8.3-1 (bug #797275) - [jessie] - jsoup (Minor issue) [wheezy] - jsoup (Minor issue) NOTE: https://github.com/jhy/jsoup/pull/582 NOTE: https://hibernate.atlassian.net/browse/HV-1012 = data/DLA/list = @@ -1,3 +1,6 @@ +[26 Jan 2020] DLA-2075-1 jsoup - security update + {CVE-2015-6748} + [jessie] - jsoup 1.8.1-1+deb8u1 [23 Jan 2020] DLA-2074-1 python-apt - security update {CVE-2019-15795 CVE-2019-15796} [jessie] - python-apt 0.9.3.13 = data/dla-needed.txt = @@ -119,7 +119,7 @@ slurm-llnl -- sqlite3 (Thorsten Alteholz) NOTE: 20191212: look at no-dsa as well - NOTE: 20200112: WIP + NOTE: 20200126: WIP -- squid3 NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02...acb9120d35c27d0f919ddbd55600f08036f95254 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/70e452937683a6bcd4e98d4d9e6fbfb08c35ea02...acb9120d35c27d0f919ddbd55600f08036f95254 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits