Package: security-tracker
Severity: wishlist
Hi,
In the overview per-package, the tracker currently shows for each CVE
name about seven columns: squeeze, squeeze-security, squeeze-lts, wheezy,
wheezy-security, jessie, sid.
I think for the overviews it would be preferable if the table just
On Tue, September 16, 2014 09:10, Paul Wise wrote:
Could we get a new URL that also has information about unimportant and
resolved issues and DSAs? I would suggest a format like what lintian
uses:
Not sure what you'd use that additional info for, but I would heartily
disrecommend to display
On Mon, September 15, 2014 07:33, Henri Salo wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Sep 14, 2014 at 07:06:46PM -0400, micah wrote:
My guess is that the only reason that subversion is still used is
inertia and that people would be happier with git. However, I'm curious
On Mon, September 15, 2014 01:36, Holger Levsen wrote:
Hi,
See attached or branch html5+external_css from
ssh://git.debian.org/git/collab-maint/secure-testing.git
These patches turn the html into html5 and introduce a modern, slick css
style
inspired from tracker.d.o - enjoy! :)
On Fri, September 12, 2014 15:14, Holger Levsen wrote:
Hi,
On Freitag, 12. September 2014, Holger Levsen wrote:
attached are three small no brainer fixes I'd like to apply, please
confirm
thanks to Thijs, this diff even got smaller and better, see attached.
I've verified that the code
Hi Mathieu.
On Wed, April 16, 2014 18:59, vielg...@gmail.com wrote:
Is there a way to get the list of the correcting packets for each CVE in
Debian ?
Yes, if you go to https://security-tracker.debian.org/tracker/ and search
for a CVE name in the text field, you will get a list of the packages
Hi Mathieu,
On Wed, April 16, 2014 19:58, vielg...@gmail.com wrote:
Hi Thijs,
Yes, thanks, but is there a list .txt or .gz which sum up everything ?
The source data is plain text:
http://anonscm.debian.org/viewvc/secure-testing/data/CVE/
What may also be of use is the source data for the
Hi dsa,
On Thu, April 4, 2013 11:10, Thijs Kinkhorst wrote:
Hi admins,
It was noted that the security tracker now blanket redirects to
https://security-tracker.debian.org. This is fine of course for us DD's,
but it presents a problem for externals using it. The tracker is often
used by e.g
On Wed, February 27, 2013 04:43, Steven Chamberlain wrote:
Dear Security Team,
In the tracker, CVE-2011-1092 and CVE-2011-1148 in PHP before 5.3.6
are correctly shown as fixed in 5.3.3-7+squeeze14. But 5.4.4-13 is
still suggested as being vulnerable.
The upstream changelog for 5.4.4
On Sat, June 16, 2012 00:40, s...@powered-by-linux.com wrote:
Hi Team,
I had prepared a new security-stable version for mantis package to fix
some new CVE's, and I found out that CVE-2011-3578 [1], patched on mantis
1.1.8+dfsg-10squeeze1, from 2011, was not yet updated in the security
On Sun, September 11, 2011 22:28, Paul van der Vlis wrote:
Hello,
I see security issues in Django on the Django website,
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
But I don't see anything in the Debian security tracker about it:
Hi Enno,
On Mon, June 6, 2011 14:14, Enno Gröper wrote:
the link at [1] to http://svn.debian.org/wsvn/secure-testing/data/
doesn't work anymore. Last time I (my Newsreader) saw it working was May
20th.
The repository itself seems to still be there.
Is there any special reason for hiding the
On Fri, June 3, 2011 22:05, Francesco Poli wrote:
On Fri, 3 Jun 2011 20:01:05 +0200 Thijs Kinkhorst wrote:
On Fri, June 3, 2011 00:04, Francesco Poli wrote:
Hi,
DSA-2252-1 [1] talks about dovecot, but the tracker [2] claims that
the
DSA is about mahara.
Is there something wrong
On Monday 14 February 2011 19:07:41 Francesco Poli wrote:
No, wait: it fails again with the same exact proxy error as yesterday!
What's going on?
I just restarted the tracker after updating the code to the most recent
version and it seems to work again.
Thijs
signature.asc
Description:
On Wed, February 9, 2011 19:50, Francesco Poli wrote:
On the other hand, the security tracker seems to still think that lenny
is stable [1] and squeeze is testing [2], while I have been unable to
find any traces of wheezy...
Is there something that should be done manually, in order to let the
On Thu, February 10, 2011 03:40, Michael Gilbert wrote:
On Wed, 9 Feb 2011 22:12:21 +0100 Thijs Kinkhorst wrote:
On Wed, February 9, 2011 19:50, Francesco Poli wrote:
On the other hand, the security tracker seems to still think that
lenny
is stable [1] and squeeze is testing [2], while I
On Wed, December 22, 2010 21:35, Francesco Poli wrote:
I ran a script that automatically added released DSA's to data/DSA/list.
As
this script uses bin/dsa2list and that tool cannot cope with the changed
advisory format, it doesn't make sense to keep committing half parsed
advisories.
I am
Hi,
I ran a script that automatically added released DSA's to data/DSA/list. As
this script uses bin/dsa2list and that tool cannot cope with the changed
advisory format, it doesn't make sense to keep committing half parsed
advisories.
Cheers,
Thijs
signature.asc
Description: This is a
On Saturday 13 November 2010 11:14:16 Petter Reinholdtsen wrote:
I just created URL: http://bugs.debian.org/603344 to track
CVE-2010-2941 in BTS. You might want to add a reference to it from
URL: http://security-tracker.debian.org/tracker/CVE-2010-2941 .
Done, thanks.
Thijs
signature.asc
On tongersdei 9 Septimber 2010, Francesco Poli wrote:
it looks like something is missing in the tracker data [1] for
DSA-2107-1 [2] !
Completed, thanks!
Thijs
signature.asc
Description: This is a digitally signed message part.
Hi,
Is there a reason that the DNS name security-tracker.debian.net has been
removed? This seems problematic to me since there's still quite some links to
that, most notably debsecan in stable.
Unless there's a good reason I'd like to reinstate it.
Cheers,
Thijs
signature.asc
Description:
On snein 3 Jannewaris 2010, Michael Gilbert wrote:
I've updated the sql logic to workaround a bug in lenny's aspw (and
the code is actually now a bit cleaner...for sql anyway). Please push
this new commit to the live tracker.
Ulib/python/security_db.py
Updated to revision 13701.
--
On sneon 2 Jannewaris 2010, Michael Gilbert wrote:
It appears that new commits to the tracker service do not
automatically go live (based on the above syntax checker message
recieved from sectrac...@soler.debian.org). Anyway, can someone with
appropriate permissions update the repo there
On moandei 9 Novimber 2009, Jakub Wilk wrote:
NOTE: embeds msgfmt.py script
- - mailman unfixed (embed)
+ - mailman unfixed (embed; #555416)
Although this is installed into the Debian package, it is never used and not
installed into the path. What is the risk here? I can
On snein 24 Maaie 2009, Joey Hess wrote:
CVE-2007-2004 (Multiple SQL injection vulnerabilities in
InoutMailingListManager 3.1 ...)
- {DTSA-133-1}
NOT-FOR-US: InoutMailingListManager
Would it be possible for the tracker to error out on this when first
encountering the
On moandei 11 Maaie 2009, Michael S. Gilbert wrote:
security team,
should the DSA announcement be reissued to correct/clarify?
That should not be necessary. The DSA mails pertain to the state of afairs in
old/stable; we mention sid fixed versions as a courtesy but I don't see it
necessary to
On moandei 11 Maaie 2009, Michael S. Gilbert wrote:
security team,
should the DSA announcement be reissued to correct/clarify?
That should not be necessary. The DSA mails pertain to the state of afairs in
old/stable; we mention sid fixed versions as a courtesy but I don't see it
necessary to
On freed 17 April 2009, Kees Cook wrote:
For embargoed issues, this is supposed to happen already, by way of
vendor-sec. Who all from Debian is on that list, and what are the policies
and procedures you have in place for contacting maintainers?
The Security Team is on that list. We do contact
On Wed, December 17, 2008 00:03, Francesco Poli wrote:
It seems that there's no tracker page [1][2] for DSA-1686-1 [3] and
DSA-1687-1 [4]. What's wrong?
Something went wrong which brought the checkout the script uses to commit
its update in, in a conflict state. I resolved that now, and
On Thu, November 20, 2008 12:59, Gerfried Fuchs wrote:
The script itself (bin/dsa2list) is able to work through it properly,
so I suspect a mail problem, DSA-1666-1 got added automatically again?
There is a chance that the mail got lost or filtered.
Another possibility is that dsa2list failed
On Wed, October 22, 2008 23:59, Michael Gilbert wrote:
The tracker page [1] for CVE-2008-3699 says Debian/stable not known
to be vulnerable, yet in the next section it says that etch 1.4.4-4
vulnerable. These two statements contradict one another, and lead one
clueless as to whether the issue
On Mon, September 8, 2008 13:09, [EMAIL PROTECTED] wrote:
Regression fixed in wordnet
- - wordnet 1:3.0-12 (medium; bug #497441)
+ - wordnet 1:3.0-13 (medium; bug #497441)
Since the regression doesn't have security implications, wouldn't it be
more accurate to keep the fixed-version
On Thursday 28 August 2008 03:51, Michael Gilbert wrote:
what about a getting a fix for this issue into stable?
it doesn't affect stable
ok, can someone update the tracker [1] to reflect that this issue does
not effect etch (yelp 2.14) and sarge (yelp 2.6)?
I've updated the etch
Hi Moritz,
On Tuesday 6 May 2008 12:16, Moritz Naumann wrote:
http://www.php.net/ChangeLog-5.php lists several security fixes which are
included in upstream PHP 5.2.6:
Thanks for your help in matching the changelog issues to CVE names, I've put
your suggestions into the tracker.
* Fixed
On Wed, January 16, 2008 14:08, Nico Golde wrote:
do some more shifting on wordpress issues, associate them with the
wordpress package, discard some irrelevant ones. Have checked none with
lenny/sid, that needs to happen still.
Do we really want our users in unstable to think that they
are
Hi,
I found a mail from a couple of months ago where this URL was used:
http://security-tracker.debian.net/tracker/TEMP-000-009184
It was valid at the time, but later a CVE id got assigned for the issue.
The URL is not for external reference, but this was an internal Debian
mail.
Would it
Hi,
On Friday 9 November 2007 23:52, Francesco Poli wrote:
Hi all again!
DSA 1404-1 [1] claims that gallery2 version 2.1.2-2.0.etch.1 fixes
CVE-2007-4650 for etch.
The DSA page [2] seems to confirm this.
However the CVE page [3] tells a different story: it states that version
37 matches
Mail list logo
