Dear Team,
Just a friendly reminder that CVE-2023-39616 was fixed in Trixie
and Sid, and that https://security-tracker.debian.org/tracker/CVE-2023-39616
should be updated accordingly. I mentioned it in the package changelog but
looks like manual intervention is needed.
Thanks,
Boyuan Yang
CVE-2023-5388: missing from list
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.
Hello Samuel,
On Fri, 2023-10-13 at 02:42 +0100, Samuel Henrique wrote:
> Hello Sven,
>
> > > @Samuel: Would you mind to create a repo under the group [3]?
> > >
> > > [1] https://salsa.debian.org/debian/argon2
> > > [2] https://salsa.debian.org/sven-geuer/argon2
> > > [3]
CVE-2023-5388: missing from list
CVE-2023-5557: missing from list
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.
Hello Sven,
> > @Samuel: Would you mind to create a repo under the group [3]?
> >
> > [1] https://salsa.debian.org/debian/argon2
> > [2] https://salsa.debian.org/sven-geuer/argon2
> > [3] https://salsa.debian.org/pkg-security-team
>
> I believe argon2 under my personal projects [1] is in a ready
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5522-2 secur...@debian.org
https://www.debian.org/security/ Markus Koschany
October 12, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5527-1 secur...@debian.org
https://www.debian.org/security/ Alberto Garcia
October 12, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5526-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 12, 2023
Hi,
We're using openscap and OVAL files provided by the Debian security team to
monitor CVEs on our systems. I'd first like to say that we've found the quality
of Debian OVALs to be very good so far, which we cannot say for some other
distros even though they are backed by large corporations.
Hi!
After the recent RCE in libcue DSA-5524-1, CVE-2023-43641, [1], I've decided
to re-check that I have scanning of the ~/Downloads directory disabled for
GNOME Search. The Settings app of GNOME says it's disabled but if I do
gsettings get org.freedesktop.Tracker3.Miner.Files
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5525-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 11, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5524-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 11, 2023
Hello Samuel,
hope you are doing well.
On Tue, 2023-10-03 at 23:15 +0200, Sven Geuer wrote:
> X-Debbugs-CC: Debian QA Group , Samuel
> Henrique , Debian Security Tools Packaging Team
> ,
>
> I forked the argon2 package from the Debian group [1] to my personal
> projects [2] and started to work
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5523-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 11, 2023
CVE-2023-4421: missing from list
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5522-1 secur...@debian.org
https://www.debian.org/security/ Markus Koschany
October 10, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5521-1 secur...@debian.org
https://www.debian.org/security/ Markus Koschany
October 10, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5520-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2023
Package: security-tracker
Severity: important
The security tracker currently uses the JSON feeds as linked from
https://nvd.nist.gov/vuln/data-feeds. Those data feeds will be retired
on December, 15th 2023, so in a bit more then two months. After that
the information will be only available via
Moin
On Sun, Sep 24, 2023 at 03:01:51PM +0200, Bastian Blank wrote:
> ## Kernel modules will be signed with an ephemeral key
This is now
https://salsa.debian.org/kernel-team/linux/-/merge_requests/607.
> ## Image packages contains more version info
>
> Example: linux-image-6.5.3-cloud-arm64
>
On Fri, Sep 01, 2023 at 05:57:20PM +0100, Jonathan Wiltshire wrote:
> The next point releases for "bookworm" (12.2) and "bullseye" (11.8) will
> take place on Saturday, October 7th 2023. Processing of new uploads into
> the relevant queues will be frozen the preceding weekend.
The archive side of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5519-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 06, 2023
CVE-2022-3248: TODO: check
CVE-2022-4900: RESERVED
CVE-2023-3171: missing from list
CVE-2023-4061: missing from list
CVE-2023-5408: missing from list
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the
Hi
On Sun, Sep 24, 2023 at 06:05:09PM +0200, Ben Hutchings wrote:
> > Multiple uploads of the same upstream version will have
> > the same package name, but those rarely happens.
> Those happen fairly often for urgent security updates.
We could encode that in the upstream version. Aka to have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5518-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 05, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5517-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 05, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5516-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 05, 2023
Sam Hartman writes:
> B) They might already have headers installed. Imagine someone who
> installs headers at the same time they install the kernel. Unless they
> managed to upgrade the same version of their kernel without also
> upgrading their headers, they will still have headers. They can
> "Bastian" == Bastian Blank writes:
Bastian> The same as now: nowhere, because those packages have been
Bastian> removed from the archive already.
Bastian> And sadly you did not answer the question why a second
Bastian> degree error must not be worse then a worked around
On Tue, Oct 03, 2023 at 03:00:53PM -0500, Robert Nelson wrote:
> On Tue, Oct 3, 2023 at 2:54 PM Adrian Bunk wrote:
> > How will the user get the headers matching this previously-used kernel
> > that are required until we provide a kernel with the regression fixed?
The same as now: nowhere,
Hi Andreas
On Tue, Oct 03, 2023 at 11:58:29PM +0200, Andreas Beckmann wrote:
> That should solve the problem where several source packages need to be
> updated together.
The problem does not come from multiple source packages that need to be
updated together. Instead it comes from the way
CVE-2022-4900: RESERVED
CVE-2023-3430: missing from list
CVE-2023-3576: TODO: check
CVE-2023-38469: missing from list
CVE-2023-38470: missing from list
CVE-2023-38471: missing from list
CVE-2023-38472: missing from list
CVE-2023-38473: missing from list
CVE-2023-39191: TODO: check
CVE-2023-5341:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5515-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2023
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-4610: missing from list
CVE-2023-5157: TODO: check
CVE-2023-5366: missing from list
--
The output might be a bit terse, but the above ids are known
On 03/10/2023 19.30, Bastian Blank wrote:
thread. Or freak out because meta packages remain uninstallable in
backports for days.
...
plus gcc or we change how backports works.
If uninstallable packages in backports are a problem, perhaps backports
needs something like britney to migrate
X-Debbugs-CC: Debian QA Group , Samuel Henrique
, Debian Security Tools Packaging Team
,
I forked the argon2 package from the Debian group [1] to my personal
projects [2] and started to work on it.
In the end I would like to maintain the package under the umbrella of
the Debian Security Tools
On Tue, Oct 3, 2023 at 2:54 PM Adrian Bunk wrote:
>
> On Tue, Oct 03, 2023 at 07:30:49PM +0200, Bastian Blank wrote:
> >...
> > The core problem is that people assume they can get headers matching the
> > currently running kernel, without upgrading first, see also the parallel
> > thread.
> >...
On Tue, Oct 03, 2023 at 07:30:49PM +0200, Bastian Blank wrote:
>...
> The core problem is that people assume they can get headers matching the
> currently running kernel, without upgrading first, see also the parallel
> thread.
>...
If the new kernel has a regression that affects the user, the
e 03/10/2023 à 19:06, Bjørn Mork a écrit :
herve writes:
concerning the linux-headers. may i explain what happend to me.
I reinstalled a debian 11.6 some months ago. and last week i had to
make virtualbox functioning again. it had to "compile" some kernel
modules and need some "headers". my
Hi Sam
On Tue, Oct 03, 2023 at 08:31:57AM -0600, Sam Hartman wrote:
> I still think it would help if you would work more on articulating what
> problem you are trying to solve with the linux-headers versioning
> change. I have read multiple versions of this proposal, and your
> follow-ups, and I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5514-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 03, 2023
herve writes:
> concerning the linux-headers. may i explain what happend to me.
>
> I reinstalled a debian 11.6 some months ago. and last week i had to
> make virtualbox functioning again. it had to "compile" some kernel
> modules and need some "headers". my kernel (from the install is
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5513-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 03, 2023
>> 6.7). So the old gpu module for 6.6 gets removed and a new one is
>> built for 6.7 only (since there are only 6.7 headers now).
Bastian> Ah, here lays the missconception. No, the 6.6 ones are not
Bastian> removed. Why should they be? The system knows it can't
Bastian>
> "Bastian" == Bastian Blank writes:
Bastian> On Mon, Sep 25, 2023 at 04:35:08AM +0200, Andreas Beckmann wrote:
>> On 25/09/2023 00.50, Bastian Blank wrote:
>> > Already built modules remain until someone deletes it. So you
>> can also > switch back to the still installed
CVE-2011-3101: missing from list
CVE-2011-3105: missing from list
CVE-2011-3131: missing from list
CVE-2011-3146: missing from list
CVE-2011-3148: missing from list
CVE-2011-3149: missing from list
CVE-2011-3170: missing from list
CVE-2011-3182: missing from list
CVE-2011-3184: missing from list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5512-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 02, 2023
Hi,
in the course of the current CVEs regarding Exim there is claimed to be
an issue with libspf2. We (the Exim developers) are not sure, if this
is something *we* can on our side. We're not even sure about the
details, as of now we do not have any further information.
But, it *may* be related
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-5157: TODO: check
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5511-1 secur...@debian.org
https://www.debian.org/security/ Markus Koschany
October 01, 2023
On 2023-10-01, Bastian Blank wrote:
> So you upgrade the driver and libaries and suddenly your system fails
> until you reboot? Okay, I could imaging NVidia doing something like
> tying libraries to kernel modules. At least in the past they replaced
> gl libraries that did not longer work with
Samuel Henrique
writes:
> Hello Richard,
>
>> All changes are in salsa:
>> - https://salsa.debian.org/pkg-security-team/chkrootkit
>>
>>
>> Let me know what you think, or if you need other info!
>
> All the changes look good to me, uploaded.
>
thank-you!
> I would like to ask, for future
Hi Michel
On Sun, Oct 01, 2023 at 12:19:22PM +0200, Michel Verdier wrote:
> On 2023-10-01, Bastian Blank wrote:
> > Ah, here lays the missconception. No, the 6.6 ones are not removed. Why
> > should they be? The system knows it can't rebuild them.
> As the old kernel driver is not rebuild it
On 2023-10-01, Bastian Blank wrote:
>> Then I upgrade the system, which brings Linux 6.7 (along linux-image-6.6
>> which is kept installed) and a new version of the gpu driver (which adds
>> support for 6.7). So the old gpu module for 6.6 gets removed and a new one
>> is built for 6.7 only (since
On Mon, Sep 25, 2023 at 04:35:08AM +0200, Andreas Beckmann wrote:
> On 25/09/2023 00.50, Bastian Blank wrote:
> > Already built modules remain until someone deletes it. So you can also
> > switch back to the still installed older kernel version and it will have
> > the still working module
CVE-2017-2653: missing from list
CVE-2017-2654: missing from list
CVE-2017-2658: missing from list
CVE-2017-2659: missing from list
CVE-2017-2661: missing from list
CVE-2017-2662: missing from list
CVE-2017-2663: missing from list
CVE-2017-2664: missing from list
CVE-2017-2665: missing from list
Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucariès a écrit :
Hi,
An update
> Hi
>
> I am trying to fix the CVE for SALT
Salt need to be updated due to a failure on the custom crypto protocol what was
broken. Both server and client need to be updated due to protocol change.
>
>
Hi,
On Fri, Sep 29, 2023 at 09:18:09AM +, Sonali L U wrote:
> Dear Team,
>
> Please help us to resolve this issue.
>
> ERROR: openssl-native-1.1.1n-r0 do_fetch: Fetcher failure: Fetch command
> export PSEUDO_DISABLED=1; export
> DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1000/bus";
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-43646: TODO: check
CVE-2023-5157: TODO: check
CVE-2023-5215: TODO: check
--
The output might be a bit terse, but the above ids are known elsewhere,
check
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5510-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 29, 2023
Hello Debora,
> > If you agree, I can create the repo on salsa and give you
> > permissions,
> > just let me know what's your username.
>
> My userid on salsa is "debora"
I see that you have a repo for ibmtss under your account:
https://salsa.debian.org/debora/ibmtss
Is that the most up-to-date
On Fri, 2023-09-29 at 13:29 +0100, Samuel Henrique wrote:
> Hello Debora,
>
> > I am interested in packaging the updated version of the tss2
> > package.
> > It is not currently one of the packages maintained by the security
> > tools packaging team.
>
> Great,
>
> > The package in debian is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5509-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 29, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5508-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 29, 2023
Hello Håvard,
> I have updated the scap-security-guide package and uploaded it to salsa [1].
> I hope a member is willing to review and upload it.
I missed this one, sorry it took so long, next time please feel free
to ping me after 7 days if there's no response.
Uploaded!
Thank you for
Hello Debora,
> I am interested in packaging the updated version of the tss2 package.
> It is not currently one of the packages maintained by the security
> tools packaging team.
Great,
> The package in debian is currently called tss2, although upstream has
> renamed it to ibmtss. TSS stands
Hello Richard,
> All changes are in salsa:
> - https://salsa.debian.org/pkg-security-team/chkrootkit
>
>
> Let me know what you think, or if you need other info!
All the changes look good to me, uploaded.
I would like to ask, for future uploads, that you try and make sure
you sign the tags with
Dear Team,
Please help us to resolve this issue.
ERROR: openssl-native-1.1.1n-r0 do_fetch: Fetcher failure: Fetch command export
PSEUDO_DISABLED=1; export
DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1000/bus"; export
SSH_AGENT_PID="23846"; export SSH_AUTH_SOCK="/run/user/1000/keyring/ssh";
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-43646: TODO: check
CVE-2023-5157: TODO: check
CVE-2023-5215: TODO: check
--
The output might be a bit terse, but the above ids are known elsewhere,
check
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5507-1 secur...@debian.org
https://www.debian.org/security/ Markus Koschany
September 28, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5506-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 28, 2023
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-0833: TODO: check
CVE-2023-2422: missing from list
CVE-2023-2585: missing from list
CVE-2023-4065: TODO: check
CVE-2023-4066: missing from list
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-0833: RESERVED
CVE-2023-4065: TODO: check
CVE-2023-5115: missing from list
CVE-2023-5157: TODO: check
CVE-2023-5189: missing from list
--
The output might
CVE-2019-19450: TODO: check
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-0833: RESERVED
CVE-2023-36479: TODO: check
--
The output might be a bit terse, but the above ids are known elsewhere,
check
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5505-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 25, 2023
On Mon, Sep 25, 2023 at 02:03:35AM +0200, Bastian Blank wrote:
> The current way does not work. See all the bug reports about
> uninstallable packages and what not with dkms.
>
> To build modules against version x, you'll need to install version x of
> the headers, not x-1 or x+1. This
CVE-2019-19450: TODO: check
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-36479: TODO: check
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the
On Mon, 2023-09-25 at 04:35 +0200, Andreas Beckmann wrote:
> On 25/09/2023 00.50, Bastian Blank wrote:
> > Already built modules remain until someone deletes it. So you can
> > also
> > switch back to the still installed older kernel version and it will
> > have
> > the still working module
On 25/09/2023 00.50, Bastian Blank wrote:
Already built modules remain until someone deletes it. So you can also
switch back to the still installed older kernel version and it will have
the still working module available.
This is what I expect not to work.
Assume I have Linux 6.6 and a
Hi Ben
On Sun, Sep 24, 2023 at 06:05:09PM +0200, Ben Hutchings wrote:
> On Sun, 2023-09-24 at 15:01 +0200, Bastian Blank wrote:
> > The same upstream version in testing and backports will have the same
> > package name.
> This is not OK, because they will be incompatible on architectures
>
Hi Andreas
On Sun, Sep 24, 2023 at 11:10:36PM +0200, Andreas Beckmann wrote:
> On 24/09/2023 15.01, Bastian Blank wrote:
> > ## Kernel modules will be signed with an ephemeral key
> >
> > The modules will not longer be signed using the Secure Boot CA like the
> > EFI kernel image itself.
On 24/09/2023 15.01, Bastian Blank wrote:
## Kernel modules will be signed with an ephemeral key
The modules will not longer be signed using the Secure Boot CA like the
EFI kernel image itself. Instead a key will be created during the build
and thrown away after.
Do I correctly assume that
On Sun, 2023-09-24 at 15:01 +0200, Bastian Blank wrote:
[...]
> ## Kernel modules will be signed with an ephemeral key
>
> The modules will not longer be signed using the Secure Boot CA like the
> EFI kernel image itself. Instead a key will be created during the build
> and thrown away after.
>
Hi folks
Debian currently does Secure Boot signing using a shim chained to the
Microsoft key. This use requires that we follow certain rules. And one
of the recent changes to those rules state that our method of signing
kernel modules also with the same key will not be allowed anymore. Some
2023-09-24 05:40:04
URL:https://bugzilla.redhat.com/buglist.cgi?classification=Other=vulnerability=alias=regexp=Security%20Response_format=advanced=%5ECVE-.*=priority%2Cbug_severity=0
[65516] -> "redhat-bugzilla.html" [1]
2023-09-24 05:40:04
CVE-2019-19450: TODO: check
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-36479: TODO: check
CVE-2023-40619: TODO: check
--
The output might be a bit terse, but the above ids are known elsewhere,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5504-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 22, 2023
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-26144: TODO: check
CVE-2023-3628: missing from list
CVE-2023-3629: missing from list
CVE-2023-5002: missing from list
--
The output might be a bit terse,
Greetings,
I am interested in packaging the updated version of the tss2 package.
It is not currently one of the packages maintained by the security
tools packaging team.
The package in debian is currently called tss2, although upstream has
renamed it to ibmtss. TSS stands for TPM Software
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in
Hi,
I'm looking for a sponsor for an upload of chkrootkit - Marcos Fources
sponsored the last upload but has other commitments
It fixes some bugs (severity <= normal), but the main improvement is
that it fixes the issues on https://tracker.debian.org/pkg/chkrootkit:
- new upstream release (from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5503-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 20, 2023
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in
Package: wnpp
Severity: wishlist
Owner: Sophie Brun
User: de...@kali.org
Usertags: origin-kali
X-Debbugs-Cc: debian-de...@lists.debian.org,
debian-security-tools@lists.debian.org, sop...@offensive-security.com
* Package name: pontos
Version : 23.9.0
Upstream Contact: Greenbone
Package: wnpp
Severity: wishlist
Owner: Sophie Brun
User: de...@kali.org
Usertags: origin-kali
X-Debbugs-Cc: debian-de...@lists.debian.org,
debian-security-tools@lists.debian.org, sop...@offensive-security.com
* Package name: greenbone-feed-sync
Version : 23.8.0
Upstream
CVE-2022-3261: TODO: check, unclear which OpenStack components affected, from
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
CVE-2023-26141: TODO: check
CVE-2023-4237: missing from list
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5502-1 secur...@debian.org
https://www.debian.org/security/ Markus Koschany
September 18, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5501-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5500-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5499-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2023
601 - 700 of 44588 matches
Mail list logo