[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2019-16168,sqlite3: Mark as no-dsa for Jessie

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a99f2c5 by Markus Koschany at 2019-09-17T06:26:31Z CVE-2019-16168,sqlite3: Mark as no-dsa for Jessie Minor issue - - - - - cbae5074 by Markus Koschany at 2019-09-17T06:32:40Z Unclaim sqlite3 in dl

[Git][security-tracker-team/security-tracker][master] Add temporary entry for spip issues

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 07478e45 by Salvatore Bonaccorso at 2019-09-17T04:58:41Z Add temporary entry for spip issues - - - - - 1 changed file: - data/CVE/list Changes: = data/

[Git][security-tracker-team/security-tracker][master] opendmarc issue fixed in unstable

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bbb941fe by Salvatore Bonaccorso at 2019-09-17T04:37:57Z opendmarc issue fixed in unstable Thanks: Scott Kitterman - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Reject of CVE-2019-9457 confirmed and will be in next list update

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e6a3680 by Salvatore Bonaccorso at 2019-09-17T04:34:34Z Reject of CVE-2019-9457 confirmed and will be in next list update - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] CVE-2016-10937/imapfilter: Reference commit for hostname validation for older openssl versions

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31d78bc8 by Salvatore Bonaccorso at 2019-09-17T04:24:01Z CVE-2016-10937/imapfilter: Reference commit for hostname validation for older openssl versions Reference the additional commit wihch ad

[Git][security-tracker-team/security-tracker][master] add dino ref

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 84676619 by Moritz Muehlenhoff at 2019-09-16T20:55:10Z add dino ref - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ==

[Git][security-tracker-team/security-tracker][master] Reserve DLA-1924-1 for python3.4

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: c410fcde by Roberto C. Sánchez at 2019-09-16T20:31:09Z Reserve DLA-1924-1 for python3.4 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: ===

[Git][security-tracker-team/security-tracker][master] Reserve DLA-1925-1 for python2.7

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: c2c57dc6 by Roberto C. Sánchez at 2019-09-16T20:31:32Z Reserve DLA-1925-1 for python2.7 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: ===

[Git][security-tracker-team/security-tracker][master] AddCVE-2019-16197/dolibarr

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 669df538 by Salvatore Bonaccorso at 2019-09-16T20:18:44Z AddCVE-2019-16197/dolibarr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8567d6bb by Salvatore Bonaccorso at 2019-09-16T20:18:17Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ==

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: deea5fcb by Salvatore Bonaccorso at 2019-09-16T20:12:43Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa8c43c8 by security tracker role at 2019-09-16T20:10:23Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] Add cloned bug for CVE-2019-16159/bird2

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abfcce36 by Salvatore Bonaccorso at 2019-09-16T19:47:42Z Add cloned bug for CVE-2019-16159/bird2 - - - - - 1 changed file: - data/CVE/list Changes: = d

[Git][security-tracker-team/security-tracker][master] dino-im DSA

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c651cbb8 by Moritz Muehlenhoff at 2019-09-16T19:45:10Z dino-im DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list ===

[Git][security-tracker-team/security-tracker][master] Add as well src:bird2 for CVE-2019-16159 tracking

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 34db1f1b by Salvatore Bonaccorso at 2019-09-16T19:43:54Z Add as well src:bird2 for CVE-2019-16159 tracking - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Remove leftover TODO item

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fde8ebf1 by Salvatore Bonaccorso at 2019-09-16T19:39:26Z Remove leftover TODO item - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12175/bro (and respective fixed version)

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b234a1a9 by Salvatore Bonaccorso at 2019-09-16T19:37:39Z Add CVE-2019-12175/bro (and respective fixed version) The CVEs for Zeek Network Security Monitor might need careful investigation in fut

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1336{3,4}/piwigo

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8744012b by Salvatore Bonaccorso at 2019-09-16T19:37:11Z Add CVE-2019-1336{3,4}/piwigo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/li

[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5cba99b4 by Salvatore Bonaccorso at 2019-09-16T19:36:39Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ==

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9445/linux

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df669198 by Salvatore Bonaccorso at 2019-09-16T19:09:46Z Add CVE-2019-9445/linux For now mark it as undetermined. The Android bulleting eferences a full merge of various f2fs changes. This migh

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9454/linux

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ef7babd2 by Salvatore Bonaccorso at 2019-09-16T19:04:42Z Add CVE-2019-9454/linux This is most likely a duplicate of CVE-2017-18551 unless Android security team wanted to cover another angle of

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9456/linux

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 10a9d80d by Salvatore Bonaccorso at 2019-09-16T18:58:22Z Add CVE-2019-9456/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ===

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9457/linux

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e56003e2 by Salvatore Bonaccorso at 2019-09-16T18:51:48Z Add CVE-2019-9457/linux This is likely a duplicate of CVE-2018-14634 but maybe Android security team wanted to cover another angle. Aske

[Git][security-tracker-team/security-tracker][master] CVE-2019-2180/jessie: fixed prior CVE assignment

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 2d4ee2d3 by Sylvain Beucler at 2019-09-16T16:39:37Z CVE-2019-2180/jessie: fixed prior CVE assignment - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] dla: claim cups

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 586da80b by Sylvain Beucler at 2019-09-16T16:22:34Z dla: claim cups - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt =

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9458/linux

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a18915c by Salvatore Bonaccorso at 2019-09-16T16:10:04Z Add CVE-2019-9458/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ===

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9245/linux

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 842ca6c5 by Salvatore Bonaccorso at 2019-09-16T16:02:57Z Add CVE-2019-9245/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ===

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9453/linux

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9fbbfe2 by Salvatore Bonaccorso at 2019-09-16T15:54:31Z Add CVE-2019-9453/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ===

[Git][security-tracker-team/security-tracker][master] Track CVE-2019-915{3,4,5} with node-openpgp RFP/ITP

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 86c6d750 by Salvatore Bonaccorso at 2019-09-16T15:49:39Z Track CVE-2019-915{3,4,5} with node-openpgp RFP/ITP - - - - - 1 changed file: - data/CVE/list Changes: ===

[Git][security-tracker-team/security-tracker][master] Correct tracking of source package in CVE-2015-8013

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 024ea980 by Salvatore Bonaccorso at 2019-09-16T15:48:29Z Correct tracking of source package in CVE-2015-8013 - - - - - 1 changed file: - data/CVE/list Changes: ===

[Git][security-tracker-team/security-tracker][master] 2 commits: Remove trailing whitespaces

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80206c5c by Salvatore Bonaccorso at 2019-09-16T15:46:30Z Remove trailing whitespaces - - - - - cae659af by Salvatore Bonaccorso at 2019-09-16T15:46:30Z Reference upstream commit for CVE-2019-21

[Git][security-tracker-team/security-tracker][master] add earlier bird fix

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 39e3a038 by Moritz Muehlenhoff at 2019-09-16T15:44:23Z add earlier bird fix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ==

[Git][security-tracker-team/security-tracker][master] bird fixed

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b27309e by Moritz Muehlenhoff at 2019-09-16T15:42:17Z bird fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] new linux issue

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ee93f0a by Moritz Muehlenhoff at 2019-09-16T15:36:18Z new linux issue cups CVE assigned NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/C

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9455/linux

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 649fe011 by Salvatore Bonaccorso at 2019-09-16T15:26:32Z Add CVE-2019-9455/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ===

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-2182/linux information according to kernel-sec

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d43c4361 by Salvatore Bonaccorso at 2019-09-16T15:18:54Z Add CVE-2019-2182/linux information according to kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===

[Git][security-tracker-team/security-tracker][master] add note for ampache issues

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: de89d35b by Thorsten Alteholz at 2019-09-16T14:14:59Z add note for ampache issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] 2 commits: follow security team and mark adplug CVEs as no-dsa

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: eefebce9 by Thorsten Alteholz at 2019-09-16T14:04:28Z follow security team and mark adplug CVEs as no-dsa - - - - - b905e78c by Thorsten Alteholz at 2019-09-16T14:04:49Z only no-dsa issues for adp

[Git][security-tracker-team/security-tracker][master] Add Debian tracking bug for CVE-2019-14540 and CVE-2019-16335

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c276f89 by Salvatore Bonaccorso at 2019-09-16T13:31:17Z Add Debian tracking bug for CVE-2019-14540 and CVE-2019-16335 - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity

Holger Levsen pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e40b454 by Holger Levsen at 2019-09-16T13:16:55Z semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Holger Levsen - - - - - 1 changed file: - data/dla-neede

[Git][security-tracker-team/security-tracker][master] Reference commit for CVE-2019-14540

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ec1de3a by Salvatore Bonaccorso at 2019-09-16T13:14:40Z Reference commit for CVE-2019-14540 - - - - - 1 changed file: - data/CVE/list Changes: = data/

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-14540/jackson-databind

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b062af15 by Salvatore Bonaccorso at 2019-09-16T13:11:18Z Add CVE-2019-14540/jackson-databind - - - - - 1 changed file: - data/CVE/list Changes: = data/

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-16335/jackson-databind

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d021ba38 by Salvatore Bonaccorso at 2019-09-16T13:06:18Z Add CVE-2019-16335/jackson-databind - - - - - 1 changed file: - data/CVE/list Changes: = data/

[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries for ansible which got an update in DLA-1923-1

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 21e25131 by Salvatore Bonaccorso at 2019-09-16T12:50:20Z Remove no-dsa tagged entries for ansible which got an update in DLA-1923-1 - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-15031/linux in stretch and jessie

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 26719de3 by Salvatore Bonaccorso at 2019-09-16T12:47:56Z Update status for CVE-2019-15031/linux in stretch and jessie - - - - - 1 changed file: - data/CVE/list Changes: ==

[Git][security-tracker-team/security-tracker][master] Triage open CVE for libsixel/Jessie.

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 480184ed by Markus Koschany at 2019-09-16T12:44:58Z Triage open CVE for libsixel/Jessie. Most issues do not affect Jessie because the vulnerable code does not exist or only exist when the fsanitize

[Git][security-tracker-team/security-tracker][master] Reserve DLA-1923-1 for ansible

for testing to debian-lts@; intend to upload on 20190916 (roberto) --- cimg (Thorsten Alteholz) NOTE: inline function load_network_external is affected, variable filename NOTE: 20190916: also taking care of no-dsa View it on GitLab: https://salsa.debian.org/security-tracker-team

[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4edd7587 by Moritz Muehlenhoff at 2019-09-16T09:52:52Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ==

[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 095823b9 by security tracker role at 2019-09-16T08:10:26Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] claim poppler

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2407fd97 by Thorsten Alteholz at 2019-09-16T07:35:20Z claim poppler - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt ===