Source: tomcat9
Version: 9.0.34-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1 9.0.31-1~deb10u1
Control: found -1 9.0.16-4
Hi,
The following vulnerability was published for tomcat9.
CVE-2020-9484[0]:
| When using Apache Tomcat versions 10.0.0-M1 to
Source: jodd
Version: 3.8.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/oblac/jodd/issues/628
Hi,
The following vulnerability was published for jodd. I'm filling it as
RC severity since altough one might dispute the severity for the is
Control: tags -1 + moreinfo
Hi Anton,
On Fri, Sep 20, 2019 at 11:09:29AM +0100, Anton Ivanov wrote:
> Package: src:linux
> Version: 5.2.9-2
> Severity: critical
> Justification: breaks unrelated software
>
> Dear Maintainer,
>
> NFSv4 caching is completely broken on SMP.
>
> How to reproduce:
Hi Alexander,
On Tue, Dec 22, 2020 at 07:57:15PM +0300, Alexander Gerasiov wrote:
> On Sun, 20 Dec 2020 11:50:42 +0200
> Adrian Bunk wrote:
> > this is a regression in 1.2.1+dfsg-2 that is currently in both
> > buster-security (which was done on top of 1.2.1+dfsg-2 that
> > introduced the regres
Source: influxdb
Version: 1.6.4-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/influxdata/influxdb/issues/12927
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.6.4-1
Control: found -1 1.0.2+dfsg1-1
Control: fixed -1 1.1.1+dfsg1-4+deb9u1
Hi,
The
ebian/changelog atftp-0.7.git20120829/debian/changelog
--- atftp-0.7.git20120829/debian/changelog
+++ atftp-0.7.git20120829/debian/changelog
@@ -1,3 +1,10 @@
+atftp (0.7.git20120829-3.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix for DoS issue CVE-2020-6097 (Closes: #970066)
+
+ -- Salv
Control: tag -1 pending
Hello,
Bug #975803 in lnav reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/carnil/lnav/-/commit/ea9faa66577f735c6d97d7c61fe9c0329f6fd538
close 976211 9.4.35-1
thanks
Control: tags -1 + moreinfo
Hi Markus,
Thanks for your report.
On Thu, Dec 31, 2020 at 12:45:47PM +0200, Markus Bäcklund wrote:
> Package: src:linux-image-4.19.0-13-amd64
> Version: 4.19.160-2
> Severity: critical
> Justification: breaks the whole system
>
>
>
> -- Package-specific info:
> **
Hi Alexander,
Sorry for the late reply.
On Sat, Dec 26, 2020 at 08:16:28PM +0300, Alexander Gerasiov wrote:
> On Thu, 24 Dec 2020 06:31:31 +0100
> Salvatore Bonaccorso wrote:
>
> > Hi Alexander,
> >
> > On Tue, Dec 22, 2020 at 07:57:15PM +0300, Alexander Gerasiov
Hi,
On Mon, Jul 06, 2020 at 10:15:43PM +0300, Adrian Bunk wrote:
> Source: quagga
> Version: 1.2.4-4
> Severity: serious
>
> The maintained fork from quagga that continues the zebra codebase is frr,
> which is already in buster:
> https://tracker.debian.org/pkg/frr
>
> Additionally shipping quag
Hi Utkarsh
On Sat, Jan 02, 2021 at 05:45:04PM +0530, Utkarsh Gupta wrote:
> Hello,
>
> On Sat, Jan 2, 2021 at 2:02 AM Salvatore Bonaccorso wrote:
> > While strictly speaking this issue is no-dsa for buster, I'm raising
> > the severity to RC, would it be possible
Hi Utkarsh,
On Sat, Jan 02, 2021 at 06:38:37PM +0530, Utkarsh Gupta wrote:
> Hi Salvatore,
>
> On Sat, Jan 2, 2021 at 5:55 PM Salvatore Bonaccorso wrote:
> > > Of course. Uploaded a fix! :)
> > > (thanks for the explicit CC, please do it next time as well if you
&g
Hi Jörg,
On Sat, Jan 02, 2021 at 01:22:09PM +0100, Salvatore Bonaccorso wrote:
> Control: severity -1 grave
>
> Hi Jörg, Adam,
>
> On Wed, Feb 05, 2020 at 10:11:58PM +0100, Salvatore Bonaccorso wrote:
> > Source: ipmitool
> > Version: 1.8.18-8
> > Severity: impo
assphrase support when rendering PDF's
+
+ -- Salvatore Bonaccorso Sun, 03 Jan 2021 15:06:17 +0100
+
imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
* Acknowledge NMU
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
imagemagick-6.9.11.
2020-28052) (Closes: #977683)
+
+ -- Salvatore Bonaccorso Sun, 03 Jan 2021 21:12:39 +0100
+
bouncycastle (1.65-1) unstable; urgency=medium
* Team upload.
diff -Nru bouncycastle-1.65/debian/patches/corrected-constant-time-equals.patch bouncycastle-1.65/debian/patches/corrected-constant-time-eq
Source: dovecot
Version: 1:2.3.11.3+dfsg1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:2.3.4.1-5+deb10u4
Control: fixed -1 1:2.3.4.1-5+deb10u5
Control: found -1 1:2.2.27-3+deb9u6
Control: fixed
Source: nodejs
Version: 12.19.0~dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 10.21.0~dfsg-1~deb10u1
Control: found -1 14.13.0~dfsg-1
Hi,
The following vulnerabilities were published for no
Hi Adam, hi Alexander,
On Fri, Jan 01, 2021 at 06:20:32PM +, Adam D. Barratt wrote:
> Hi,
>
> On Fri, 2021-01-01 at 14:21 +0100, Salvatore Bonaccorso wrote:
> > Uplaoding 1.2.1+dfsg-1 + CVE fix cannot work. We have already
> > released 1.2.1+dfsg-2+deb10u1 in the secu
Hi Jörg,
Thanks a lot for your work on this package!
On Sun, Jan 03, 2021 at 05:21:42PM +0100, Jörg Frings-Fürst wrote:
> tags 950761 - pending
> thanks
>
> Hello Salvatore,
> hello @All,
>
>
> following a tip from Salvatore, I have added the missing commits.
> Although these can be incorporat
Source: asterisk
Version: 1:16.15.0~dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:16.2.1~dfsg-1+deb10u2
Hi,
The following vulnerability was published for asterisk.
Rationale: Choosed RC
Source: python-django-channels
Version: 3.0.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-django-channels.
CVE-2020-35681[0]:
| Potential leakage of ses
Source: chromium
Version: 87.0.4280.88-0.4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 87.0.4280.88-0.4~deb10u1
Hi
Please see
https://chromereleases.googleblog.com/2021/01/stable-channel-update-
Source: wolfssl
Version: 4.5.0+dfsg-4
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/wolfSSL/wolfssl/pull/3426
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wolfssl.
CVE-2020-36177
Hi,
[dropping the 971216 but from recipients for those]
On Sat, Jan 09, 2021 at 09:54:36AM +, Bastien ROUCARIES wrote:
> hi,
>
> I am ok with this but could you mention, the whole list of format
> instead of ghostscript format in changelog aka (pdf, eps, ps)
Yes right would be ok.
Note for
Source: tcmu
Version: 1.5.2-5
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tcmu.
CVE-2020-28374[0]:
| Linux SCSI target (LIO) unrestricted copy offload
A patch w
Source: linux
Source-Version: 5.9.11-1
Hi Simon,
On Fri, Oct 30, 2020 at 11:09:40AM +0100, Simon Kainz wrote:
> Package: src:linux
> Version: 5.9.1-1
> Severity: critical
> Justification: breaks the whole system
>
> Dear Maintainer,
>
> Please see the attached crash dump. This machine is a SLU
Control: retitle -1 tcmu: VE-2021-3139
On Tue, Jan 12, 2021 at 09:15:30PM +0100, Salvatore Bonaccorso wrote:
> Source: tcmu
> Version: 1.5.2-5
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> X-Debbugs-Cc: car...@debian.org, Debian Securit
Source: openvswitch
Version: 2.15.0~git20210104.def6eb1ea+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12+deb10u2
Control: found -1 2.10.0+2018.08.28+gi
Hi Thomas,
On Fri, Jan 15, 2021 at 09:29:47AM +0100, Thomas Goirand wrote:
> On 1/14/21 10:38 PM, Salvatore Bonaccorso wrote:
> > Source: openvswitch
> > Version: 2.15.0~git20210104.def6eb1ea+dfsg1-3
> > Severity: grave
> > Tags: security upstream
> > Justif
Source: flask-security
Version: 3.4.2-2
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Flask-Middleware/flask-security/issues/421
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for flask
On Fri, Jan 15, 2021 at 08:59:31PM +0100, Salvatore Bonaccorso wrote:
[...]
> Admitelly the CVE description currently on MITRE is quite confusing
> reffering to Flask-Security-Too package. But the other references
> pointed out and reviewing the changes seem to apply to the original
>
Hi Thomas,
On Fri, Jan 15, 2021 at 01:59:18PM +0100, Salvatore Bonaccorso wrote:
> Hi Thomas,
>
> On Fri, Jan 15, 2021 at 09:29:47AM +0100, Thomas Goirand wrote:
> > On 1/14/21 10:38 PM, Salvatore Bonaccorso wrote:
> > > Source: openvswitch
> > > Version: 2.1
Source: erlang
Version: 1:23.2.1+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for erlang.
CVE-2020-35733[0]:
| An issue was discovered in Erlang/OTP before 23.
groups for regular expressions (CVE-2021-21236)
+(Closes: #979597)
+
+ -- Salvatore Bonaccorso Sat, 16 Jan 2021 09:45:26 +0100
+
cairosvg (2.5.0-1) unstable; urgency=low
[ Debian Janitor ]
diff -Nru cairosvg-2.5.0/debian/patches/0002-Don-t-use-overlapping-groups-for-regular-expressions.patc
Source: chromium
Version: 87.0.4280.141-0.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
For Details please see
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
covering a
Hi,
On Mon, Jan 11, 2021 at 05:23:50PM +0100, Michel Le Bihan wrote:
[...]
> The window for getting in Bullseye will close soon and this issue is
> blocking. Will you be able to maintain Chromium in Bullseye? I can help
> with it if needed.
Thanks for you both which were involved in the last two
Hi,
On Wed, Jan 20, 2021 at 09:25:15PM +0100, Lucas Nussbaum wrote:
> Source: arping
> Version: 2.21-1
> Severity: serious
> Justification: FTBFS on amd64
> Tags: bullseye sid ftbfs
> Usertags: ftbfs-20210120 ftbfs-bullseye
>
> Hi,
>
> During a rebuild of all packages in sid, your package failed
Hi,
On Wed, Jan 20, 2021 at 10:23:30PM +, Thomas Habets wrote:
> libcheck made a breaking change.
> Patch for arping to make it build:
> https://github.com/ThomasHabets/arping/commit/e0773bc26ae14d4a19825023307d1496d7c7d0f1
>
> I aim to release 2.22 tomorrow with this change.
> But there are
Control: tag -1 pending
Hello,
Bug #980595 in arping reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian/arping/-/commit/fc1e7c5fa6ca636e381d4e15b50f2df13a21
Source: python-pysaml2
Version: 6.1.0-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-pysaml2.
CVE-2021-21239[0]:
| PySAML2 is a pure python implementation
Source: python-pysaml2
Version: 6.1.0-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-pysaml2.
CVE-2021-21238[0]:
| PySAML2 is a pure python implementation
Source: qemu
Version: 1:5.2+dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qemu, filling it with RC
severity due to the privilege escalation potential (it aff
Source: mysql-5.7
Version: 5.7.26-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
See
https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL
for a list of CVEs affecting src:mysql-5.7.
Regards,
Sal
On Thu, Feb 11, 2021 at 08:33:58AM +0100, Sebastien Delafond wrote:
> Package: zstd
> Version: 1.4.8+dfsg-1
> Severity: grave
> Tags: security
> X-Debbugs-Cc: t...@security.debian.org
>
> The recently applied patch still creates the file with the default
> umask[0], before chmod'ing down to 0600,
Source: bind9
Version: 1:9.16.11-2
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:9.11.5.P4+dfsg-5.1+deb10u2
Control: found -1 1:9.11.5.P4+dfsg-5.1
Control: fixed -1 1:9.11.5.P4+dfsg
Hi Utkarsh,
On Fri, Feb 19, 2021 at 10:44:08PM +0530, Utkarsh Gupta wrote:
> Hi Axel, Salvatore,
>
> On Fri, Feb 19, 2021 at 2:44 PM Axel Beckert wrote:
> > No issue popped up so far during production use on Stretch and Buster.
> > I'd say, we can publish these in good conscience.
>
> Perfect,
Source: asterisk
Version: 1:16.15.1~dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for asterisk, filling as RC
but this might not be warranted, if you feel otherwise please
downgrade. I made it su
Control: reopen -1
Hi Anton,
On Sat, Feb 20, 2021 at 12:59:17PM +, Anton Ivanov wrote:
> On 20/02/2021 10:33, Debian Bug Tracking System wrote:
> > This is an automatic notification regarding your Bug report
> > which was filed against the src:linux package:
> >
> > #940821: linux-image-5.2.
Hi,
On Mon, Jul 08, 2019 at 07:19:54PM +0100, Anton Ivanov wrote:
> Hi list,
>
> NFS caching appears broken in 4.19.37.
>
> The more cores/threads the easier to reproduce. Tested with identical
> results on Ryzen 1600 and 1600X.
>
> 1. Mount an openwrt build tree over NFS v4
> 2. Run make -j `c
Hi Markus,
On Thu, Feb 25, 2021 at 09:11:47AM +0100, Markus Koschany wrote:
> Hello security team, hello Hugo, I hope you are doing well!
>
> I have just uploaded a NMU for xcftools fixing CVE-2019-5086 and
> CVE-2019-5087.
> The new patch also addresses the 32 bit portability issues. The basic
Hi Chris,
On Thu, Feb 25, 2021 at 04:47:34PM +, Chris Lamb wrote:
> Sébastien Delafond wrote:
>
> > > > Django is vulnerable because it embeds parse_qsl:
> > > >
> > > > https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
> > >
> > > Security team, let me know if you would
Source: zint
Version: 2.9.1-1
Severity: serious
Tags: security upstream
Forwarded: https://sourceforge.net/p/zint/tickets/218/
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for zint.
CVE-2021-27799[0]:
| ean_leading_zeroes in backend/upcean.
Source: salt
Version: 3002.2+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for salt.
CVE-2020-28243[0]:
| An issue was discovered in SaltStack Salt before 3
Hey Dmitry,
Thanks for the reply!
On Sun, Feb 28, 2021 at 04:29:24PM +1100, Dmitry Smirnov wrote:
> > Reasoning for making it RC: it is in the library part
>
> Even though nothing depends on the library yet??
But you have cutted away the second part of the sentence :). Usually I
do not put such
Hi Peter,
As the bullseye realease (respetively the hard freeze is approaching),
can you please have a look so that the fix is included in bullseye?
Regards,
Salvatore
Hi
[Adding CC to security-team alias]
On Mon, Mar 01, 2021 at 08:31:54AM +, Chris Knadle wrote:
> Salvatore Bonaccorso:
> > Source: mumble
> > Version: 1.3.3-1
> > Severity: grave
> > Tags: security upstream
> > Justification: user security hole
> > Fo
On Mon, Mar 01, 2021 at 11:46:17AM +0100, Patrick Matthäi wrote:
> Hi
>
> Am 12.02.21 um 08:26 schrieb Salvatore Bonaccorso:
> > Source: otrs2
> > Version: 6.0.30-2
> > Severity: important
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org,
Hi,
On Wed, Apr 03, 2019 at 12:27:25PM +, Mike Gabriel wrote:
> Hi Moritz,
>
> On Di 02 Apr 2019 22:04:34 CEST, Moritz Muehlenhoff wrote:
>
> > Source: guacamole-client
> > Severity: serious
> >
> > Should guacamole-client be removed?
> >
> > guacamole-client hasn't been updated since 201
Control: tags -1 + patch
Hi,
On Sun, Feb 28, 2021 at 01:54:37PM +0100, Salvatore Bonaccorso wrote:
> Source: libcaca
> Version: 0.99.beta19-2.1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/cacalabs/libcaca/issues/52
> X-Debbugs-Cc: car...@
Source: squid
Version: 4.13-7
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 4.13-5
Control: found -1 4.6-1+deb10u4
Control: found -1 4.6-1
Hi,
The following vulnerability was published for squid.
Hi
According to https://bugzilla.suse.com/show_bug.cgi?id=1182382#c16
this might just be a SUSE specific issue.
salt maintainers, please could you double check if we have the same
interaction of patches? And otherwise please close the bug.
Regards,
Salvatore
Source: phpldapadmin
Version: 1.2.2-6.3
Severity: serious
Tags: security
Justification: unfit for stable release
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
It looks that phpldapadmin lacks several upstream releases behind, was
recently updated by NMUs but the the base version for p
Source: ruby-kramdown
Version: 2.3.0-4
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/gettalong/kramdown/pull/708
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-kramdown.
CVE-2
Hi Simon,
Thank you!
On Sat, Mar 20, 2021 at 12:12:39AM +, Simon McVittie wrote:
> On Fri, 19 Mar 2021 at 22:48:33 +0100, Salvatore Bonaccorso wrote:
> > While reviewing the current uploads for the upcoming point release I
> > noticed that the i386 build of flatpak was appa
Hi,
On Wed, Mar 10, 2021 at 04:45:40PM +0100, Salvatore Bonaccorso wrote:
> Control: tags -1 + patch
>
> Hi,
>
> On Sun, Feb 28, 2021 at 01:54:37PM +0100, Salvatore Bonaccorso wrote:
> > Source: libcaca
> > Version: 0.99.beta19-2.1
> > Severity: impo
Source: ldb
Version: 2:2.2.0-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugzilla.samba.org/show_bug.cgi?id=14595
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ldb.
CVE-2020-27840[0]:
|
Source: ldb
Version: 2:2.2.0-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugzilla.samba.org/show_bug.cgi?id=14655
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ldb.
CVE-2021-20277[0]:
|
move tests from ldb_match_test that do not pass
+
+ -- Salvatore Bonaccorso Fri, 26 Mar 2021 19:00:09 +0100
+
ldb (2:2.2.0-3) unstable; urgency=medium
* Upload to unstable
diff -Nru ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch ldb-2.2.0/debian/patches/CVE-20
ldb_wildcard_compare
+ * ldb tests: ldb_match tests with extra spaces
+ * ldb: Remove tests from ldb_match_test that do not pass
+
+ -- Salvatore Bonaccorso Fri, 26 Mar 2021 19:52:18 +0100
+
ldb (2:2.2.0-3) unstable; urgency=medium
* Upload to unstable
diff -Nru
ldb-2.2.0/debian/patches
Source: underscore
Version: 1.9.1~dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
,y...@debian.org
Hi,
The following vulnerability was published for underscore.
CVE-2021-23358[0]:
| The package underscore fro
Source: ircii
Version: 20190117-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:scrollz 2.2.3-1
Control: retitle -2 scrollz: CVE-2021-29376
The following vulnerability was published for ircii.
CVE-2021-
Source: netty
Version: 1:4.1.48-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
Strictly speaking this might be disputable as RC severity, but I think
it should be reach bullseye and so make
Source: python-bleach
Version: 3.2.1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-bleach.
CVE-2021-23980[0]:
| mutation XSS via allowed math or svg; p or
Source: curl
Version: 7.74.0-1.1
Severity: serious
Tags: security upstream
Justification: security regression from stable
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 7.64.0-4
Control: fixed -1 7.64.0-4+deb10u2
Hi,
The following vulnerability was published for curl, fi
Source: curl
Version: 7.74.0-1.1
Severity: serious
Tags: security upstream
Justification: security regression from stable
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 7.64.0-4
Control: fixed -1 7.64.0-4+deb10u2
Hi,
The following vulnerability was published for curl, fi
Source: pikepdf
Version: 1.17.3+dfsg-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pikepdf.
CVE-2021-29421[0]:
| models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for
| Python allows
-referer header field
+(CVE-2021-22876) (Closes: #986269)
+ * vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
+(CVE-2021-22890) (Closes: #986270)
+
+ -- Salvatore Bonaccorso Sat, 03 Apr 2021 14:43:39 +0200
+
curl (7.74.0-1.1) unstable; urgency=medium
* Non-
HTML comments (CVE-2021-23980) (Closes: #986251)
+ * tests: add tests for more eject tags for GHSA-vv2x-vrpj-qqpq
+
+ -- Salvatore Bonaccorso Sat, 03 Apr 2021 17:17:55 +0200
+
python-bleach (3.2.1-2) unstable; urgency=medium
* Team upload.
diff -Nru python-bleach-3.2.1/debian/patches/0004-sani
ferer header field
+(CVE-2021-22876) (Closes: #986269)
+ * vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
+(CVE-2021-22890) (Closes: #986270)
+
+ -- Salvatore Bonaccorso Sat, 03 Apr 2021 14:43:39 +0200
+
curl (7.74.0-1.1) unstable; urgency=medium
* Non-maintain
Source: mosquitto
Version: 2.0.9-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for mosquitto.
CVE-2021-28166[0]:
| In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an
Hi Bastian,
On Wed, Oct 14, 2020 at 05:39:00PM +0200, Salvatore Bonaccorso wrote:
> Hi Bastian,
>
> On Tue, Oct 13, 2020 at 11:36:40PM +0200, Bastian Germann wrote:
> > Hi Salvatore,
> >
> > Thanks for your hints.
> >
> > Am 10.10.20 um 23:02 schrieb
Source: freetype
Version: 2.10.2+dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://savannah.nongnu.org/bugs/?59308
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for freetype.
CVE-2020-15999[0
buffer overflow (CVE-2020-15999) (Closes: #972586)
+
+ -- Salvatore Bonaccorso Tue, 20 Oct 2020 21:15:41 +0200
+
freetype (2.9.1-3+deb10u1) buster; urgency=medium
* debian/control:
diff -Nru freetype-2.9.1/debian/patches/series
freetype-2.9.1/debian/patches/series
--- freetype-2.9.1/debian
Source: mariadb-10.3
Version: 1:10.3.24-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:10.3.23-0+deb10u1
Control: fixed -1 1:10.3.25-0+deb10u1
Hi,
This is to track CVE-2020-15180. The issue is
Hi Otto,
On Fri, Oct 23, 2020 at 09:03:16AM +0300, Otto Kekäläinen wrote:
> Hello!
>
> Thanks!
>
> Bullseye is meant to ship with 10.5 and 10.3 should be removed once
> 10.5 has been in Debian testing for a while (currently still in Debian
> unstable due to debci false positive).
Thanks, this s
Source: mysql-5.7
Version: 5.7.26-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
See
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL
for a list of CVEs affecting src:mysql-5.7.
Regards,
Sal
close 931193 8:6.9.11.24+dfsg-1
close 931192 8:6.9.11.24+dfsg-1
thanks
Source: lookatme
Version: 1.2.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for lookatme.
CVE-2020-15271[0]:
| In lookatme (python/pypi package) versions prior to
close 973417 4.9.240-2
thanks
Source: nvidia-cuda-toolkit
Version: 10.2.89-5
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for nvidia-cuda-toolkit.
I have no further details apart what is in [1], w
Source: blueman
Version: 2.1.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.0.8-1
Control: fixed -1 2.0.8-1+deb10u1
Hi,
The following vulnerability was published for blueman.
CVE-2020-15238[
Source: sddm
Version: 0.18.1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sddm.
CVE-2020-28049[0]:
| local privilege escalation due to race condition in creatio
Hi,
On Wed, Nov 04, 2020 at 01:52:12PM +0100, Salvatore Bonaccorso wrote:
> Source: sddm
> Version: 0.18.1-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
>
Source: spice-vdagent
Version: 0.20.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for spice-vdagent.
CVE-2020-25650[0]:
| Memory DoS via Arbitrary Entries in ac
Hi Norbert,
On Thu, Nov 05, 2020 at 08:26:07PM +0900, Norbert Preining wrote:
> Hi Salvatore, hi FTP Master,
>
> @Salvatore: thanks for the NMU preparation. We are now preparing a fix
> for unstable via version 0.19, and at the same time I thought I upload
> to buster-security, based on your patc
ectly 0.19 sounds great, thank you.
>
> That is coming in in short time.
Thank you for your work on this update (and in general for the
package).
Regards,
Salvatore
>From e2fceb114a975775fd64dd064e4b7be3dee5cd1f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso
Date: Wed, 4 Nov
Hi Norbert,
On Thu, Nov 05, 2020 at 09:15:15PM +0900, Norbert Preining wrote:
> Hi Salvatore,
>
> On Thu, 05 Nov 2020, Salvatore Bonaccorso wrote:
> > to day, this is the debdiff I just used for the upload. tracker.d.o
> > does not show it yet because the packages are sit
Source: raptor2
Version: 2.0.14-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for raptor2.
CVE-2017-18926[0]:
| raptor_xml_writer_start_element_common in raptor_xml_
tions correctly for XML writer
+(CVE-2017-18926) (Closes: #973889)
+
+ -- Salvatore Bonaccorso Fri, 06 Nov 2020 22:08:54 +0100
+
raptor2 (2.0.14-1) unstable; urgency=medium
* New upstream release
diff -Nru raptor2-2.0.14/debian/patches/Calcualte-max-nspace-declarations-correctly-for-XML-.
701 - 800 of 3953 matches
Mail list logo