Source: icu
Severity: grave
Tags: security
Hi Laszlo,
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
refers to a ICU vulnerability, but there's little information what fixes/fixed
that.
Could you reach out to upstream whether they've been in touch with them
Source: guacamole-client
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3158
Cheers,
Moritz
Package: mupdf
Version: 1.11+ds1-2
Severity: grave
Tags: security
Please see
https://security-tracker.debian.org/tracker/CVE-2018-151
https://security-tracker.debian.org/tracker/CVE-2018-6544
Cheers,
Moritz
Package: osc
Severity: grave
Tags: security
Please see https://bugzilla.novell.com/show_bug.cgi?id=938556
Cheers,
Moritz
On Thu, Jan 11, 2018 at 02:03:23PM +0200, Faidon Liambotis wrote:
> On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote:
> > please see http://seclists.org/oss-sec/2016/q2/413 for details.
>
> That link says:
> Versions Affected:
> Apache Tika 0.10 to 1.1
Source: mysql-connector-net
Severity: grave
Tags: security
Hi,
the http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
mentions two vulnerabilities in Connector/Net.
Cheers,
Moritz
Package: xine-plugin
Severity: grave
With the update to Firefox (which remove the old plugin interface), the plugin
gets disabled.
It's still usable with firefox-esr, but only for a limited time frame (until
ESR switches to 59 in February) and given that it's dead upstream, let's remove
it from t
Package: bchunk
Severity: grave
Tags: security
Please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953
Cheers,
Moritz
On Tue, Oct 17, 2017 at 04:30:16PM +0200, Emmanuel Bourg wrote:
> I ran the Oracle JavaFX demos with the new version and it worked fine
> (except the media player but this isn't a regression, something is
> probably misconfigured on my machine).
>
> Should I proceed with the upload, or do you want
On Tue, Oct 10, 2017 at 02:16:28PM +0200, Vincent Lefevre wrote:
> On 2017-10-10 13:58:16 +0200, Moritz Muehlenhoff wrote:
> > This is neutralised by kernel hardening starting with stretch, see release
> > notes:
> > https://www.debian.org/releases/jessie/amd64/release-notes
On Tue, Oct 10, 2017 at 01:17:54PM +0200, Vincent Lefevre wrote:
> Package: muttprint
> Version: 0.73-8
> Severity: grave
> Tags: security upstream
> Justification: user security hole
>
> The muttprint Perl script contains:
>
> my $logf = "/tmp/muttprint.log";
>
> if (-e
On Fri, Oct 06, 2017 at 04:27:02PM +0200, Emmanuel Bourg wrote:
> Hi,
>
> Quick update on openjfx: the package is back on track, as of version
> 8u141-b14-3 I eventually managed to get it to build on both amd64 and
> i386 in unstable for the first time since January. If the tests go well
> I'll pr
Package: node-tough-cookie
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010
Cheers,
Moritz
On Sat, Aug 05, 2017 at 09:58:53PM +0200, Salvatore Bonaccorso wrote:
> Source: openjfx
> Version: 8u131-b11-1
> Severity: grave
> Tags: upstream security
>
> Hi,
>
> the following vulnerabilities were published for openjfx.
>
> CVE-2017-10086[0] and CVE-2017-10114[1].
>
> Unfortunately it's no
Package: mupdf
Version: 1.11+ds1-1
Severity: grave
Tags: security
Hi,
please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687
which contains further descriptio
On Sun, Jul 23, 2017 at 07:55:20AM +0200, Salvatore Bonaccorso wrote:
> Source: resiprocate
> Version: 1:1.9.7-5
> Severity: grave
> Tags: upstream security
> Forwarded: https://github.com/resiprocate/resiprocate/pull/88
>
> Hi,
>
> the following vulnerability was published for resiprocate.
>
>
Source: yadifa
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14339
Cheers,
Moritz
Package: imagemagick
Severity: grave
Tags: security
This was assigned CVE-2017-12876:
https://github.com/ImageMagick/ImageMagick/issues/663
https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
Cheers,
Moritz
Package: imagemagick
Version: 8:6.9.7.4+dfsg-16
Severity: grave
Tags: security
This was assigned CVE-2017-12877:
https://github.com/ImageMagick/ImageMagick/issues/662
https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
Cheers,
Moritz
Source: ioquake3
Severity: grave
Tags: security
Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721
Cheers,
Moritz
On Thu, Jul 27, 2017 at 10:35:36AM -0700, Noah Meyerhans wrote:
> On Mon, Jul 10, 2017 at 11:18:35PM +0200, Moritz Muehlenhoff wrote:
> >
> > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
>
> Hi Moritz. I assume your intent was not to issue
On Thu, Jul 27, 2017 at 09:59:46AM -0400, Daniel Kahn Gillmor wrote:
> Control: affects 869774 + thunderbird
> Control: retitle 869774 thunderbird 52 needs enigmail 1.9.8.1 or later
> Control: forwarded 869774 https://sourceforge.net/p/enigmail/bugs/687/
>
> Hi there--
>
> On Thu 2017-07-27 12:42
Source: freerdp
Severity: grave
Tags: security
Hi,
please see:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339
https://www.talosin
On Tue, Jul 25, 2017 at 08:04:09AM -0400, Sam Hartman wrote:
>
> I can absolutely prepare a stable point update request for stretch.
> Is there still going to be a last point release to jessie?
There will be point releases for jessie at least until June 2018,
i.e. one year after the stretch relea
On Tue, Jul 25, 2017 at 12:35:08PM +0200, Bernd Zeimetz wrote:
> Hi,
>
> do you want to issue a DSA for that CVE? I don't think the impact is
> high enough for that and it could be fixed with the next point release.
I agree, this can be fixed via a point release. I'm updating the
Debian security
Source: open-vm-tools
Severity: grave
Tags: security
Please see:
http://www.openwall.com/lists/oss-security/2017/07/24/3
Cheers,
Moritz
On Mon, Jul 24, 2017 at 12:32:28PM +0300, Timo Aaltonen wrote:
> On 22.07.2017 09:44, Moritz Muehlenhoff wrote:
> > Source: dogtag-pki
> > Severity: grave
> > Tags: security
> >
> > Please see:
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-753
Source: dogtag-pki
Severity: grave
Tags: security
Please see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537
Cheers,
Moritz
Source: krb5
Severity: grave
Tags: security
Hi,
please see:
https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2
Cheers,
Moritz
Source: nodejs
Severity: grave
Tags: security
Hi,
please see https://nodejs.org/en/blog/release/v4.8.4/
and https://nodejs.org/en/blog/release/v6.11.1/
The hash see vulnerabiliy doesn't have a CVE ID yet and the
c-ares one is being addressed via the sec:c-ares package.
Cheers,
Moritz
Source: spice
Severity: grave
Tags: security
Please see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7506
Cheers,
Moritz
Package: nasm
Severity: grave
Tags: security
Please see
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10686
Cheers,
Moritz
Package: racoon
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
Cheers,
Moritz
Source: lame
Severity: grave
Tags: security
Hi,
please see:
CVE-2017-9869:
https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/
CVE-2017-9870:
https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/
CVE-2017-9871:
h
On Fri, Mar 10, 2017 at 11:50:45AM +0100, Joost van Baal-Ilić wrote:
> Hi,
>
> Is any DD interested in working on shipping Moodle with upcoming upcoming
> Debian 10 Buster release?
Did anyone step up? If not, should we proceed with removal at this point?
Cheers,
Moritz
Package: catdoc
Severity: grave
Tags: security
This was assigned CVE-2017-0:
https://bugzilla.redhat.com/show_bug.cgi?id=1468471
Cheers,
Moritz
Source: libquicktime
Severity: grave
Tags: security
Please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017
Source: undertow
Severity: grave
Tags: security
There's no other reference that what Red Hat published here:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
Upstream needs to be contacted or the patch pulled from their
update.
Cheers,
Moritz
Source: libmwaw
Severity: grave
Tags: security
Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
Cheers,
Moritz
Package: otrs
Severity: grave
Tags: security
Hi,
details are sparse on this one, could you get in touch with upstream to
isolate this to the change in question?
https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/
Cheers,
Moritz
On Wed, May 31, 2017 at 02:08:35PM +0200, Alexander Wirt wrote:
> Someone should decide, which is not me. Therefore I don't think this is
> grave.
Feel free to downgrade. I've only marked it RC due to possible jessie->
stretch upgrade problems.
I'm attaching a service unit which waits for name re
Source: grpc
Severity: grave
Tags: security
Hi,
please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9431
Cheers,
Moritz
Source: libraw
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887
Cheers,
Moritz
Moritz Muehlenhoff wrote:
> On Fri, Mar 24, 2017 at 07:41:03AM -0400, Scott Howard wrote:
> > I was contacted by someone at SUSE that is working on fixing the security
> > bugs - but even if successful, I don't know how good the quality will be or
> > how much testin
Source: openexr
Severity: grave
Tags: security
Please see http://www.openwall.com/lists/oss-security/2017/05/12/5
These were reported upstream at https://github.com/openexr/openexr/issues/232
Upstream fixes are linked in the github bug.
Cheers,
Moritz
On Fri, Mar 24, 2017 at 07:41:03AM -0400, Scott Howard wrote:
> I was contacted by someone at SUSE that is working on fixing the security
> bugs - but even if successful, I don't know how good the quality will be or
> how much testing will be able to get done before stretch is released.
> Removal m
On Tue, May 30, 2017 at 05:50:20PM +0200, Michael Stapelberg wrote:
> security-team, can you take care of applying the patch to stable and
> oldstable please? Thank you.
No, we generally expect maintainers to prepare/test security updates,
particularly for packages which are complex to test like f
Source: zookeeper
Severity: grave
Tags: security
Please see https://issues.apache.org/jira/browse/ZOOKEEPER-2693
Fix is referenced here: https://github.com/apache/zookeeper/pull/183
I'm also attaching the debdiff I'll be using for jessie for reference.
Cheers,
Moritz
diff -Nru zook
Package: ferm
Version: 2.3-2
Severity: grave
Ferm is broken in stretch for any rule set which contains resolve() statements.
(There might be others relying on network, didn't check). This got introduced
in 2.3-2, which now uses a Wants:/Before: network-pre.target
In jessie, no systemd unit was pr
On Tue, May 30, 2017 at 09:18:39PM +, Bdale Garbee wrote:
> Source: sudo
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Tue, 30 May 2017 14:41:58 -0600
> Source: sudo
> Binary: sudo sudo-ldap
> Architecture: source amd64
> Version: 1.8.20p1-1
> Distribution: uns
Package: picocom
Severity: grave
Tags: security
2015 CVE ID, but only recently assigned:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9059
Cheers,
Moritz
Package: rabbitmq-server
Severity: grave
Tags: security
Please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-4965
https://security-tracker.debian.org/tracker/CVE-2017-4966
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-4967
Cheers,
Moritz
Source: zabbix
Severity: grave
Tags: security
Please see
http://www.talosintelligence.com/reports/TALOS-2017-0325/
http://www.talosintelligence.com/reports/TALOS-2017-0326/
Cheers,
Moritz
Source: magnum
Severity: grave
Tags: security
Hi,
please see https://security-tracker.debian.org/tracker/CVE-2016-7404
Cheers,
Moritz
Source: mupdf
Severity: grave
Tags: security
Please see
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20
Cheers,
Moritz
Package: dolibarr
Severity: grave
Tags: security
Please see
https://security-tracker.debian.org/tracker/CVE-2017-8879
https://security-tracker.debian.org/tracker/CVE-2017-7888
https://security-tracker.debian.org/tracker/CVE-2017-7887
https://security-tracker.debian.org/tracker/CVE-2017-7886
Cheer
Source: nvidia-graphics-drivers
Severity: grave
Tags: security
Please see http://nvidia.custhelp.com/app/answers/detail/a_id/4462
Cheers,
Moritz
On Wed, May 10, 2017 at 01:40:42PM +0200, Michael Biebl wrote:
> Am 10.05.2017 um 07:32 schrieb Moritz Muehlenhoff:
> > On Tue, May 02, 2017 at 07:39:37PM +0200, Michael Biebl wrote:
> >> Same is true for users of startx. They need the suid wrapper provided by
> >> xs
On Tue, May 02, 2017 at 07:39:37PM +0200, Michael Biebl wrote:
> Same is true for users of startx. They need the suid wrapper provided by
> xserver-xorg-legacy in such a case.
That's not true. I use the text mode console nearly all the time and only
start X as needed via startx, that works fine w
Source: grpc
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7861 for details.
Cheers,
Moritz
On Mon, Apr 03, 2017 at 09:13:56PM +0300, Adrian Bunk wrote:
> On Mon, Apr 03, 2017 at 08:03:16PM +0200, Moritz Muehlenhoff wrote:
> > On Tue, Feb 28, 2017 at 02:28:28PM +0200, Adrian Bunk wrote:
> > > Control: severity -1 serious
> > >
> > > Dozens of unfixe
On Tue, Feb 28, 2017 at 02:28:28PM +0200, Adrian Bunk wrote:
> Control: severity -1 serious
>
> Dozens of unfixed CVEs, the oldest unfixed CVEs will be more than
> 4 years old when stretch gets released.
>
> In the current state the package is really too buggy for shipping
> in a new stable relea
Source: virglrenderer
Severity: grave
Tags: security
Please see:
https://security-tracker.debian.org/tracker/CVE-2017-5956
https://security-tracker.debian.org/tracker/CVE-2017-5957
https://security-tracker.debian.org/tracker/CVE-2017-5993
https://security-tracker.debian.org/tracker/CVE-2017-5994
h
Package: jhead
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3822
Cheers,
Moritz
Source: android-platform-system-core
Severity: grave
Tags: security
Please see
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3921
Cheers,
Moritz
On Tue, Mar 14, 2017 at 12:18:27PM +, Simon McVittie wrote:
> On Tue, 14 Mar 2017 at 08:30:36 +, Simon McVittie wrote:
> > On Tue, 14 Mar 2017 at 04:59:15 +0100, Daniel Gibson wrote:
> > > earlier today ioquake3 fixed a vulnerability that, as far as I understand,
> > > could let malicious m
Source: audiofile
Severity: grave
Tags: security
Hi,
please see these security tracker entries for details, which
have all the links to the reports, github issues and patches:
https://security-tracker.debian.org/tracker/CVE-2017-6829
https://security-tracker.debian.org/tracker/CVE-2017-6831
https
Source: libpodofo
Severity: grave
Tags: security
New podofo issues (no CVEs yet):
http://www.openwall.com/lists/oss-security/2017/03/02/10
http://www.openwall.com/lists/oss-security/2017/03/02/9
http://www.openwall.com/lists/oss-security/2017/03/02/8
http://www.openwall.com/lists/oss-security/201
Package: postfixadmin
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/345
Cheers,
Moritz
Source: sleekxmpp
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/373
Cheers,
Moritz
Source: slixmpp
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/373
Cheers,
Moritz
Package: mcabber
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/373
Cheers,
Moritz
Package: jitsi
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/373
Cheers,
Moritz
Package: profanity
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/373
Cheers,
Moritz
Source: psi-plus
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/373
Cheers,
Moritz
Source: mupdf
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/322
Cheers,
Moritz
Source: zoneminder
Severity: grave
Tags: security
Please see
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5595
Cheers,
Moritz
Source: zziplib
Severity: grave
Tags: security
Hi,
multiple security issues have been found in zziplib by Agostino Sarubbo
of Gentoo:
http://www.openwall.com/lists/oss-security/2017/02/09/10
http://www.openwall.com/lists/oss-security/2017/02/09/11
http://www.openwall.com/lists/oss-security/2017/0
Source: spice
Severity: grave
Tags: security
Please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578
Cheers,
Moritz
Package: mp3splt
Severity: grave
Tags: security
Please see
https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/
Cheers,
Moritz
Source: zoneminder
Severity: grave
Tags: security
Please see http://seclists.org/bugtraq/2017/Feb/5
Cheers,
Moritz
Source: libplist
Severity: grave
Tags: security
CVE-2017-5834: heap-buffer-overflow in parse_dict_node
https://github.com/libimobiledevice/libplist/issues/89
CVE-2017-5835: memory allocation error
https://github.com/libimobiledevice/libplist/issues/88
CVE-2017-5836 issue in plist_free_data plist
On Mon, Jan 30, 2017 at 02:36:11PM +, Gianfranco Costamagna wrote:
> fully agree, but I'm not in the position to revert this change
> >Why can't the Security Team treat VirtualBox like how it's been
> >treating WebKit1? Still have it in the archives but with a prominent
> >notice that Debian do
Source: glassfish
Severity: grave
Tags: security
So Oracle has these lovely, unspecified vulnerabilities reported against
Glassfish,
but it's my understanding that the Debian package only provides a minor subset
what usually constitutes Java, so could you have a look, which of
http://www.oracle
Source: netpbm-free
Severity: grave
Tags: security
Please see http://www.openwall.com/lists/oss-security/2017/02/02/2
Cheers,
Moritz
Package: libphp-phpmailer
Severity: grave
Tags: security
Justification: user security hole
Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5223
for details.
Cheers,
Moritz
Package: ntopng
Severity: grave
Tags: security
Justification: user security hole
Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5473
Cheers,
Moritz
On Fri, Jan 20, 2017 at 11:14:57AM +0100, Salvatore Bonaccorso wrote:
> @Moritz, strong opinion on that? If noth I would say to mark all of
> the ruby2.1 CVEs open (CVE-2016-7798, CVE-2016-2337 and CVE-2016-2339)
> as no-dsa and include them (if you can) in the next point release or
> for any futur
Source: groovy
Severity: grave
Tags: security
Hi,
please see http://seclists.org/oss-sec/2017/q1/92
Cheers,
Moritz
Source: tripleo-heat-templates
Severity: grave
Tags: security
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5303 affects
the package currently in stretch.
I'm not sure about https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5329,
maybe we're using a similar configuration?
Cheers,
Package: puppet-module-swift
Severity: grave
Tags: security
Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590
for details.
Cheers,
Moritz
Source: ruby2.3
Severity: grave
Tags: security
Hi,
this has been assigned CVE-2016-2339:
http://www.talosintelligence.com/reports/TALOS-2016-0034/
Patch is here:
https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
Cheers,
Moritz
Source: mcollective
Severity: grave
Tags: security
Please see https://puppet.com/security/cve/cve-2016-2788
Cheers,
Moritz
Package: docker.io
Severity: grave
Tags: security
Please see:
https://bugzilla.suse.com/show_bug.cgi?id=1012568
https://github.com/docker/docker/compare/v1.12.5...v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
Cheers,
Moritz
-- System Infor
Source: runc
Severity: grave
Tags: security
Please see:
https://bugzilla.suse.com/show_bug.cgi?id=1012568
https://github.com/docker/docker/compare/v1.12.5...v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
Cheers,
Moritz
On Mon, Jan 09, 2017 at 05:29:11PM +, Simon McVittie wrote:
> Control: reassign 850702 bubblewrap 0~git160513-1
> Control: forwarded 850702
> https://github.com/projectatomic/bubblewrap/issues/142
> Control: tags 850702 + security upstream
>
> On Mon, 09 Jan 2017 at 14:19:36 +0100, up201407..
On Thu, Jan 05, 2017 at 11:17:01AM +0100, Reiner Herrmann wrote:
> Control: reopen -1
>
> Hi Salvatore,
>
> On Thu, Jan 05, 2017 at 07:54:24AM +0100, Salvatore Bonaccorso wrote:
> > On Wed, Jan 04, 2017 at 11:21:05PM +, Debian Bug Tracking System wrote:
> > >* Add upstream fix for CVE-201
Package: firejail
Severity: grave
Tags: security
Justification: user security hole
Please see http://www.openwall.com/lists/oss-security/2017/01/04/1
Cheers,
Moritz
Source: android-platform-external-libunwind
Severity: grave
Tags: security
Hi,
https://security-tracker.debian.org/tracker/CVE-2015-3239 has been fixed in
src:unwind, but is still needed in android-platform-external-libunwind
Cheers,
Moritz
Package: libgme0
Version: 0.6.0-3
Severity: grave
Tags: security
Hi,
please see
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
for details.
Cheers,
Moritz
401 - 500 of 2355 matches
Mail list logo