[Git][security-tracker-team/security-tracker][master] Add CVE-2020-706{4,5,6}/php* issues

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: af0ec8bb by Salvatore Bonaccorso at 2020-04-01T08:45:01+02:00 Add CVE-2020-706{4,5,6}/php* issues - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-1069{7,8} as NFU

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 469b9df2 by Salvatore Bonaccorso at 2020-04-01T08:36:55+02:00 Mark CVE-2020-1069{7,8} as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-11939/thrift

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e289aef7 by Salvatore Bonaccorso at 2020-04-01T08:35:31+02:00 Add CVE-2019-11939/thrift - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/l

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-11254/kubernetes

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c40b7ed by Salvatore Bonaccorso at 2020-04-01T08:30:22+02:00 Add CVE-2019-11254/kubernetes Mark it as undetermined as not further checked. - - - - - 1 changed file: - data/CVE/list Chang

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-645{0,1,2}/chromium

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fb1121cd by Salvatore Bonaccorso at 2020-04-01T08:23:55+02:00 Add CVE-2020-645{0,1,2}/chromium - - - - - 1 changed file: - data/CVE/list Changes: = dat

[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-10648/u-boot as no-dsa

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83cb1a7e by Salvatore Bonaccorso at 2020-04-01T06:48:28+02:00 Mark CVE-2020-10648/u-boot as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: =

[Git][security-tracker-team/security-tracker][master] Slightly reorganize notes for CVE-2014-2875

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06aef80b by Salvatore Bonaccorso at 2020-03-31T23:11:50+02:00 Slightly reorganize notes for CVE-2014-2875 Add the original CVE bug to the source package and expand explanation why the issue is

[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed versions for CVE-2020-10188

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 249c1de1 by Salvatore Bonaccorso at 2020-03-31T23:01:50+02:00 Track fixed versions for CVE-2020-10188 snapshot.d.o does not provide all versions, but those are the earlies avaiable which contai

[Git][security-tracker-team/security-tracker][master] 3 commits: Demote CVE-2014-2875 to unimportant

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d905c4d0 by Salvatore Bonaccorso at 2020-03-31T22:41:38+02:00 Demote CVE-2014-2875 to unimportant Reasoning: as per previous commit the issue is present, but due to the code beeing broken the i

[Git][security-tracker-team/security-tracker][master] lua-cgi - code is broken and cannot be exploited

2020-03-31 Thread Brian May
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: ce8d060f by Brian May at 2020-04-01T07:34:56+11:00 lua-cgi - code is broken and cannot be exploited As per bug #954300, the session.close function is broken. This means it is not possible to save session d

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11441/phpmyadmin

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3aa71ebb by Salvatore Bonaccorso at 2020-03-31T22:33:25+02:00 Add CVE-2020-11441/phpmyadmin - - - - - 1 changed file: - data/CVE/list Changes: = data/C

[Git][security-tracker-team/security-tracker][master] new csync2 issue

2020-03-31 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b00c4135 by Moritz Muehlenhoff at 2020-03-31T22:27:39+02:00 new csync2 issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] 2 commits: Remove reference with only CVE request information

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cfe8eda3 by Salvatore Bonaccorso at 2020-03-31T22:20:59+02:00 Remove reference with only CVE request information - - - - - a8effa00 by Salvatore Bonaccorso at 2020-03-31T22:23:03+02:00 Process

[Git][security-tracker-team/security-tracker][master] LTS: claim python-bleach in dla-needed.txt

2020-03-31 Thread Roberto C . Sánchez
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 28dec9e5 by Roberto C. Sánchez at 2020-03-31T16:18:17-04:00 LTS: claim python-bleach in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: =

[Git][security-tracker-team/security-tracker][master] add additional QT commit reference

2020-03-31 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4936750c by Moritz Muehlenhoff at 2020-03-31T22:15:28+02:00 add additional QT commit reference - - - - - 1 changed file: - data/CVE/list Changes: = data/

[Git][security-tracker-team/security-tracker][master] automatic update

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c5efe88 by security tracker role at 2020-03-31T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Python bleach need to be fixed in jessie.

2020-03-31 Thread Ola Lundqvist
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b7298aa by Ola Lundqvist at 2020-03-31T22:08:30+02:00 Python bleach need to be fixed in jessie. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===

[Git][security-tracker-team/security-tracker][master] Marked CVE-2020-5274 and CVE-2020-5275 as not affected following security team...

2020-03-31 Thread Ola Lundqvist
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: df7c7817 by Ola Lundqvist at 2020-03-31T21:44:53+02:00 Marked CVE-2020-5274 and CVE-2020-5275 as not affected following security team decision. Code inspection confirms this. - - - - - 1 changed fi

[Git][security-tracker-team/security-tracker][master] 2 commits: Add reference to commit for bubblewrap issue

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 72f68c64 by Salvatore Bonaccorso at 2020-03-31T21:06:50+02:00 Add reference to commit for bubblewrap issue - - - - - c9321b01 by Salvatore Bonaccorso at 2020-03-31T21:07:17+02:00 Track assigned

[Git][security-tracker-team/security-tracker][master] 2 commits: not fixed by a point release but a LTS upload

2020-03-31 Thread Thorsten Alteholz
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 90e03e1e by Thorsten Alteholz at 2020-03-31T19:34:16+02:00 not fixed by a point release but a LTS upload - - - - - 3018d1e5 by Thorsten Alteholz at 2020-03-31T19:34:16+02:00 Reserve DLA-2165-1 for

[Git][security-tracker-team/security-tracker][master] pam-krb5 DSA

2020-03-31 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 19fe26b6 by Moritz Muehlenhoff at 2020-03-31T19:32:42+02:00 pam-krb5 DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list =

[Git][security-tracker-team/security-tracker][master] 2 commits: not fixed by a point release but a LTS upload

2020-03-31 Thread Thorsten Alteholz
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ee75b45 by Thorsten Alteholz at 2020-03-31T19:22:03+02:00 not fixed by a point release but a LTS upload - - - - - c872b012 by Thorsten Alteholz at 2020-03-31T19:28:12+02:00 Reserve DLA-2164-1 for

[Git][security-tracker-team/security-tracker][master] data/CVE/list: Switch CVE-2019-17177/jessie from to ....

2020-03-31 Thread Mike Gabriel
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: d9dc4813 by Mike Gabriel at 2020-03-31T15:53:09+02:00 data/CVE/list: Switch CVE-2019-17177/jessie from to . Patching this old version of FreeRDP would be very invasive, the old freer

[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable vor x11vnc issue

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a6686417 by Salvatore Bonaccorso at 2020-03-31T15:51:16+02:00 Track fixed version via unstable vor x11vnc issue - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] Revert "data/CVE/list: Drop stretch's line for...

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15128b4e by Salvatore Bonaccorso at 2020-03-31T15:08:05+02:00 Revert "data/CVE/list: Drop stretch's line for CVE-2017-11747/tinyproxy. Issue will get fixed via a pu upload." This reve

[Git][security-tracker-team/security-tracker][master] data/CVE/list: Drop stretch's line for CVE-2017-11747/tinyproxy....

2020-03-31 Thread Mike Gabriel
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 98a0b5a0 by Mike Gabriel at 2020-03-31T13:36:08+02:00 data/CVE/list: Drop stretch's line for CVE-2017-11747/tinyproxy. Issue will get fixed via a pu upload. - - - - - 1 changed file: - dat

[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entry which will get an update

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c6899671 by Salvatore Bonaccorso at 2020-03-31T13:29:32+02:00 Remove no-dsa tagged entry which will get an update - - - - - 1 changed file: - data/CVE/list Changes: ==

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2163-1 for tinyproxy

2020-03-31 Thread Mike Gabriel
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: afe1b011 by Mike Gabriel at 2020-03-31T12:44:49+02:00 Reserve DLA-2163-1 for tinyproxy - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list =

[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Drop qtbase-opensource-src (see 69c0ae16).

2020-03-31 Thread Mike Gabriel
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: a833f55a by Mike Gabriel at 2020-03-31T12:04:15+02:00 data/dla-needed.txt: Drop qtbase-opensource-src (see 69c0ae16). - - - - - 1 changed file: - data/dla-needed.txt Changes:

[Git][security-tracker-team/security-tracker][master] 2 commits: data/CVE/list: Update CVE-2020-5255/symfony for jessie ( tag).

2020-03-31 Thread Mike Gabriel
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: f4028753 by Mike Gabriel at 2020-03-31T12:02:27+02:00 data/CVE/list: Update CVE-2020-5255/symfony for jessie ( tag). - - - - - 69c0ae16 by Mike Gabriel at 2020-03-31T12:02:29+02:00 data/

[Git][security-tracker-team/security-tracker][master] NFUs

2020-03-31 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a222e639 by Moritz Muehlenhoff at 2020-03-31T11:58:10+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] otrs2 fixed in sid

2020-03-31 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a8b70759 by Moritz Muehlenhoff at 2020-03-31T11:56:23+02:00 otrs2 fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ===

[Git][security-tracker-team/security-tracker][master] new bubblewrap issue

2020-03-31 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 92f1460d by Moritz Muehlenhoff at 2020-03-31T11:35:45+02:00 new bubblewrap issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] libvncserver fixed

2020-03-31 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 620aa1d9 by Moritz Muehlenhoff at 2020-03-31T11:32:29+02:00 libvncserver fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list ===

[Git][security-tracker-team/security-tracker][master] Process more NFUs

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4305cdf7 by Salvatore Bonaccorso at 2020-03-31T10:56:07+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1111{1,2,3}/jackson-databind

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 554d06c6 by Salvatore Bonaccorso at 2020-03-31T10:49:24+02:00 Add CVE-2020-{1,2,3}/jackson-databind - - - - - 1 changed file: - data/CVE/list Changes:

[Git][security-tracker-team/security-tracker][master] NFUs

2020-03-31 Thread Moritz Muehlenhoff
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f11225a1 by Moritz Muehlenhoff at 2020-03-31T10:44:10+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list =

[Git][security-tracker-team/security-tracker][master] Process some NFUs

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a5e82ce8 by Salvatore Bonaccorso at 2020-03-31T10:40:51+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add libpam-krb5 and claim it (in coordination with ola@lts-frontdesk).

2020-03-31 Thread Mike Gabriel
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a6d507d by Mike Gabriel at 2020-03-31T10:27:09+02:00 data/dla-needed.txt: add libpam-krb5 and claim it (in coordination with ola@lts-frontdesk). - - - - - 1 changed file: - data/dla-needed.txt C

[Git][security-tracker-team/security-tracker][master] automatic update

2020-03-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f12f7024 by security tracker role at 2020-03-31T08:10:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list

[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim shiro.

2020-03-31 Thread Chris Lamb
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e9061d7 by Chris Lamb at 2020-03-31T08:30:01+01:00 data/dla-needed.txt: Claim shiro. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.t