Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b2839b3e by Salvatore Bonaccorso at 2020-07-09T23:09:53+02:00
Add Debian bug reference for CVE-2020-11935/aufs
- - - - -
d1f2a6b8 by Salvatore Bonaccorso at 2020-07-09T23:12:52+02:00
CVE-2020-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4914b78 by Salvatore Bonaccorso at 2020-07-09T23:00:45+02:00
Add Debian bug reference for CVE-2020-15503/libraw
- - - - -
1 changed file:
- data/CVE/list
Changes:
===
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a7275ed0 by Salvatore Bonaccorso at 2020-07-09T22:52:05+02:00
Adjust status for CVE-2020-15503/libraw
The missing check/validation for T.tlength is in src/libraw_cxx.cpp
where the malloc occurs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57e2b61e by Salvatore Bonaccorso at 2020-07-09T22:41:05+02:00
Add Debian bug reference for CVE-2020-15095/npm
- - - - -
1 changed file:
- data/CVE/list
Changes:
==
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
78bec8ff by Salvatore Bonaccorso at 2020-07-09T22:33:20+02:00
Add CVE-2020-15095/npm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6f635098 by Salvatore Bonaccorso at 2020-07-09T22:32:27+02:00
Process one NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
==
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
16f26708 by Salvatore Bonaccorso at 2020-07-09T22:24:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd8154e9 by security tracker role at 2020-07-09T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8b73ae4b by Salvatore Bonaccorso at 2020-07-09T21:26:41+02:00
Add CVE-2020-14315/bsdiff
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/l
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ade1808d by Salvatore Bonaccorso at 2020-07-09T21:06:55+02:00
Track jackson-databind update via stretch-pu
- - - - -
52c5d4f6 by Salvatore Bonaccorso at 2020-07-09T21:07:43+02:00
Indent items v
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa31a1d0 by Moritz Muehlenhoff at 2020-07-09T19:43:51+02:00
buster triage
mark Google Closure Library as NFU, if this were a security issue as bundled
in Chromium, it would get fixed via Chromiu
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c6ed981 by Markus Koschany at 2020-07-09T19:16:06+02:00
CVE-2020-10672,jackson-databind is also fixed in unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
=
@@ -122,14 +122,15 @@ puma
NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
--
python3.5 (Sylvain Beucler)
+ NOTE: 20200709: update is
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
88a6c1b3 by Salvatore Bonaccorso at 2020-07-09T17:40:32+02:00
Track proposed update for jackson-databind via buster-pu
- - - - -
1 changed file:
- data/next-point-update.txt
Changes:
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
62be6279 by Salvatore Bonaccorso at 2020-07-09T17:36:58+02:00
Track proposed updates for storebackup via {stretch,buster}-pu
- - - - -
2 changed files:
- data/next-oldstable-point-update.txt
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
858cff0b by Markus Koschany at 2020-07-09T14:44:04+02:00
jackson-databind: Several CVE are fixed in unstable now.
- - - - -
1 changed file:
- data/CVE/list
Changes:
===
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d5c6261 by Sylvain Beucler at 2020-07-09T14:16:42+02:00
CVE-2019-9740/python*: reference regression fix
- - - - -
1 changed file:
- data/CVE/list
Changes:
/msg00033.html
- NOTE: 20200709: #954664 is a stretch-pu update for CVE-2020-5267 (bunk)
+ NOTE: 20200709: this deb9u3 includes/supersedes stretch-pu deb9u2
--
ruby-rack (Utkarsh Gupta)
NOTE: probably not affected (parse_cookies_header() is not available in
Jessie, but code might hide somewhere
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2c45588 by Salvatore Bonaccorso at 2020-07-09T12:40:10+02:00
Remove no-dsa tagged entry, got at same time a DLA
Still the best solution is not only to cherry-pick the commit as fwupd
is not fu
:
=
data/dla-needed.txt
=
@@ -68,6 +68,7 @@ freerdp
glib-networking (Emilio)
--
gosa (Chris Lamb)
+ NOTE: 20200709: #958850 is a stretch-pu update for CVE-2019-14466 (bunk)
--
gupnp
--
@@ -129,6 +130,7 @@ rails (Sylvain Beucler)
NOTE: 20200706: https
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
092a9201 by Chris Lamb at 2020-07-09T10:53:58+01:00
Triage CVE-2020-15503 in libraw for stretch LTS (thumbnailing code added later)
- - - - -
20fee37f by Chris Lamb at 2020-07-09T10:54:02+01:00
data/dla-n
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
389b61df by Chris Lamb at 2020-07-09T10:54:19+01:00
data/dla-needed.txt: Claim gosa.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.tx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2dc55faf by Salvatore Bonaccorso at 2020-07-09T11:45:47+02:00
Track fixes for fwupd via {stretch,buster}-pu
- - - - -
2 changed files:
- data/next-oldstable-point-update.txt
- data/next-poin
-needed.txt
=
@@ -21,7 +21,7 @@ ansible
NOTE: 20200508: bam: Upstream fix was reverted -
https://github.com/ansible/ansible/pull/68983
NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794
--
-atril
+atril (Emilio)
NOTE: 20200709
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e9018b51 by Salvatore Bonaccorso at 2020-07-09T11:37:05+02:00
Mark fwupd as no-dsa (will be fixed via point release)
- - - - -
1b137102 by Salvatore Bonaccorso at 2020-07-09T11:39:11+02:00
Merg
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad984a7a by Chris Lamb at 2020-07-09T10:34:18+01:00
Reserve DLA-2274-1 for fwupd
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/
:
=
data/dla-needed.txt
=
@@ -36,6 +36,11 @@ ceph
NOTE: 20200707: Vulnerable to at least CVE-2018-14662. (lamby)
NOTE: 20200707: Some discussion regarding removal
<https://lists.debian.org/debian-lts/2020/04/msg00019.html> (lamby)
--
+cimg
+ NOTE: 20
:
=
data/dla-needed.txt
=
@@ -73,6 +73,9 @@ jruby
NOTE: 20200706: all open CVEs were fixed in jessie (Beuc)
--
json-c
+ NOTE: 20200709: Not all of the patches as part of CVE-2020-12762 do not apply
+ NOTE: 20200709: directly/cleanly to the version in
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
98af1799 by Chris Lamb at 2020-07-09T10:21:51+01:00
data/dla-needed.txt: Triage json-c for stretch LTS.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44179a62 by Chris Lamb at 2020-07-09T10:18:48+01:00
data/dla-needed.txt: Triage mailman for stretch LTS.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d391dce1 by Emilio Pozuelo Monfort at 2020-07-09T11:15:44+02:00
CVE-2020-11736/file-roller will be fixed via ospu
- - - - -
64192f4a by Emilio Pozuelo Monfort at 2020-07-09T11:15:44+02:00
CVE
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
98d6f349 by Chris Lamb at 2020-07-09T10:16:28+01:00
data/dla-needed.txt: Triage transmission for stretch LTS.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
===
:
=
data/dla-needed.txt
=
@@ -21,6 +21,9 @@ ansible
NOTE: 20200508: bam: Upstream fix was reverted -
https://github.com/ansible/ansible/pull/68983
NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794
--
+atril
+ NOTE: 20200709: Previously
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20470ba4 by Chris Lamb at 2020-07-09T10:10:54+01:00
data/dla-needed.txt: Triage libopenmpt for stretch LTS.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
84372ef9 by Salvatore Bonaccorso at 2020-07-09T10:31:15+02:00
Track CVE-202-1507{2,3}/phplist
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73cbb8c7 by security tracker role at 2020-07-09T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7297383c by Moritz Muehlenhoff at 2020-07-09T09:51:45+02:00
Juniper NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
37 matches
Mail list logo