April 2018 Archives by thread
Starting: Sun Apr 1 06:22:22 BST 2018
Ending: Mon Apr 30 23:59:26 BST 2018
Messages: 608
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] tag graphite2 as no-DSA for wheezy
Abhijith PA
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] remctl DSA
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: Claim apache2 in dla-needed.txt
Roberto C. Sánchez
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Some triage result.
Ola Lundqvist
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] libevt DSA
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new imagemagick issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Triage results.
Ola Lundqvist
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: DSA-4160-1 python-django
Luciano Bello
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] irssi triage
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new ming issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] two exiv issues no-dsa
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] remctl fixed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 4 commits: jruby 1.5.6-5 vulnerable to CVE-2018-1000074
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] several web2py issue n/a, mark the existing no-dsa entries as <ignored>
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] thrift unimportant
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new HHVM issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] sam2p ignored
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] beep DSA
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new botan issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-0492/beep
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-0492/beep
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-11509/firebird*
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove mentioning of CVE-2017-1000116 for DLA-1331-1
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2018-9135 to upstream issue
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2017-18255: use common short url as per kernel-team patch origin schema
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add temporary description entry for CVE-2018-0493
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-0493: reference upstream advisory
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2018-0493/remctl
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reorder two entries per source package name
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mark for now CVE-2018-1000074
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Five CVEs for redmine fixed in unstable
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-9127/botan fixed in unstable
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Triage beep for LTS
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1338-1 for beep
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] openjdk fixed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs (remaining open issues are for webkit, which will probably have an advisory on it's own)
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Slightly reorder experimental tagged entries on top of respective source package
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-1302/apache2 as postponed for stretch
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add further commit for ruby-loofah
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Take apache2 from dsa-needed list
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Two asterisk issues fixed in unstable
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA number for apache2 update prepared by Stefan Fritsch (sf)
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-109{8, 9}/etcd
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new issue in mcmpc: #894724
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process three new NFUs
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] puppet modules unimportant
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] firebird postponed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2017-11509: Adjust source package name for jessie entry
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] exiv confirmed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove doubled entry in dsa-needed list
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1339-1 for openjdk-7
Emilio Pozuelo Monfort
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] DSA-4165-1 ldap-account-manager
Luciano Bello
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-8764 only affecting stretch
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-9240/ncmpc assigned
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add two new python issues
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference upstream commits for CVE-2018-106{0, 1}/python
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Take ldap-account-manager
Brian May
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-106{0, 1}/python3.6 fixed since 3.6.5~rc1-1 upload to unstable
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-106{0, 1}/python3.7 fixed via 3.7.0~b3-1
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2018-9240 (ncmpc) for wheezy.
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: Order suites list top-down
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9251/libxml2
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9252/jasper
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add preliminary information on new wireshark CVEs
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Cleanup trailing whitespaces
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-12627 as no-dsa as discussed with maintainer
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] jasper unimportant
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add clarifying note for CVE-2018-9251
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] reserve openjdk-7 DSA
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] python no-dsa
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new koji issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: Add bug reference for CVE-2018-1002150
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new webkit issues
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-8881/nasm
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new gpg issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-8883
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-8882
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18257/linux
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-9133/imagemagick: #894848
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process two new NFUs
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9275/yubico-pam
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new kfreebsd issues
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: Notes/fixed by for ruby's issues: CVE-2018-6914 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780
Santiago R.R.
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Mark some questionable Apple CVE assignments as NFU
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new webkit issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Follow stretch et al., for CVE-2018-9234 (gnupg2)
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Triage CVE-2018-1060 & CVE-2018-1061 for wheezy (python2.6, python2.7 & python3.2)
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Properly sort tagged entries
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add commit for CVE-2018-8778
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-2581 via unstable upload
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new gitlab issues
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process three new NFUs in Apache Hive
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-5382/bouncycastle
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Triage bouncycastle for LTS
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add two new moodle issues
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Start tracking four more exiv2 CVEs
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs posted to oss-sec
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] exiv n/a
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] DSA-4167-1 sharutils
Luciano Bello
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add missing epoch fuer sharutils version
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2018-9234
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] historic OBS issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-9244/gitlab assigned
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-9243/gitlab assigned
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixing version for CVE-2018-8768
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Two nvidia-graphics-drivers issues fixed in unstable
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Gitlab issues fixed in unstable
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-9234
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update entry for CVE-2015-1418, keep TODO until clarified with MITRE
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1000156/patch specifically assigned for GNU patch
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference upstream bug for patch issue
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Fixes for CVE-2018-8763 may be incomplete
Brian May
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mcollective fixed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] patch fixed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] claim sharutils in dla-needed.txt
Abhijith PA
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: new wordpress issues
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1000156/patch fixed version in unstable
László Böszörményi
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1340-1 for sam2p
Markus Koschany
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1341-1 for sdl-image1.2
Markus Koschany
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1342-1 for libslf4j-java
Markus Koschany
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] fix typo
Henri Salo
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove comment about possible incomplete fixes
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Revert DLA for libslf4j-java.
Markus Koschany
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-8088, libslf4j-java as ignored for all suites.
Markus Koschany
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Open issues in sam2p/Jessie will be fixed via point update.
Markus Koschany
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add links to patches for sam2p.
Markus Koschany
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-8088
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark sam2p as no-dsa
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new issue in ocaml
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove libslf4j-java from dsa-needed list
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark patch as no-dsa, can be fixed via point release
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixed version for two zsh issues
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add upstream bug reference for CVE-2018-0492
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update notes for CVE-2018-9838
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new libspring-java issues CVE-2018-127{0, 1, 2}
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Triage patch for LTS
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Replace final : with a full stop
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug references for new libspring-java issues: #895114
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9841/ffmpeg
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Cleanup CVE-2018-1000157
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Take squirrelmail from dsa-needed list
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add upstream bug reference for CVE-2018-8741
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add WIP patch for patch.
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA for squirrelmail
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Take squirrelmail
Thijs Kinkhorst
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2016-5397
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Undo take squirrelmail
Thijs Kinkhorst
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9846/roundcube
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2018-1002150 as not-affected for all Debian versions
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-9846/roundcube: #895184
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Record proposed fixed for sam2p via jessie-pu
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Associate CVE-2018-932{5, 6, 7} with etherpad-lite, itp'ed, #576998
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9845 for etherpad-lite
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update references for CVE-2018-633{2, 4}/hhvm
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-633{2, 4}/hvvm: #895194
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add tracking bug for CVE-2018-9251
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] wordpress fixed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add note on libevt
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] ffmpeg postponed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mark fixed webkit2gtk versions for WSA-2018-0003
Jeremy Bicha
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] one more webkit2gtk from WSA-2018-0003
Jeremy Bicha
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mark CVE-2017-7153 fixed in webkit2gtk 2.18.6-1~deb9u1
Jeremy Bicha
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Clarify status for CVE-2018-9251/libxml2
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Postpone CVE-2017-18258 for now
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Triage CVE-2018-9846 (roundcube) for wheezy.
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-18258/libxml2: #895245
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1308/lucene-solr
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1100/zsh
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-2767
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new issue in nmap
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1000164/gunicorn
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1000166/cfitsio
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] python-crypto / DLA-1283-2
Brian May
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] No csrf support in wheezy; not affected by CVE-2018-8764
Brian May
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1342-1 for ldap-account-manager
Brian May
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixing version for unstable upload for CVE-2018-1324/libcommons-compress-java
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new pcs issues
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Claim DLA-1343-1 for ming
Hugo Lefeuvre
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Fix ming version
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] The CVE was marked as no-dsa for Debian Security and there is no reason to…
Ola Lundqvist
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Removing package from dla-needed.txt as all issues are marked as either fixed or no-dsa/ignored.
Ola Lundqvist
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] The reasoning for not fixing ipython looks reasonable. Removing from dla-needed.txt.
Ola Lundqvist
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Record fix from release-1.3 branch for CVE-2018-9846/roundcube
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Low prio package and low prio vulnerability. In total not worth fixing.
Ola Lundqvist
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1079/pcs: #895314
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1086/pcs: #895313
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] allocate DSA for pcs
Yves-Alexis Perez
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mariadb/mysql postponed until next micro releases
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] pjproject DSA
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove doubled entry for cfitsio
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add information for CVE-2018-1275 and CVE-2018-1270
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Annotate CVE-2018-6594
Brian May
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Android issue actually affecting mainline
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Use shorter URL
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] dsa-needed.txt propose myself to prepare an upload for ruby2.1 and ruby2.3
Santiago R.R.
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9860/botan
László Böszörményi
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9860/botan fixed version in unstable
László Böszörményi
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2018-9860
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-998{8, 9}/mbedtls
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add references to mailing list posts for rubygems
Brian May
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process CVE-2018-9996
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add two dolibarr issues
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] dolibarr up for removal in jessie
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs (concludes external check)
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add ffmpeg issue
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10016/nasm
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10017/libopenmpt: #895406
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark nasm issue as no-dsa
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add nasm bug reference: #895408
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-983{8, 9}/dolibarr
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6182/mahara
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1344-1 for squirrelmail
Thijs Kinkhorst
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: triage nmap out of jessie and wheezy: vulnerable code introduced later
Antoine Beaupré
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new kfreebsd issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark qpdf issue as no-dsa
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-9918, add bug
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] openmpt fixed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] openmpt no-dsa
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add futher notes for CVE-2018-1000161
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] triage out more minor issues away from lts
Antoine Beaupré
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10021/linux
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: triage ipython as ignored in wheezy instead of just no-dsa
Antoine Beaupré
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: remove squirrelmail triaged as thijs reserved the DLA
Antoine Beaupré
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] clarify status of krb5 for lts
Antoine Beaupré
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference discussion on work for fix for CVE-2018-9838
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-9838 and mark as no-dsa
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] triage out libreoffice as both issues are marked unimportant
Antoine Beaupré
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] clarify status of firebird2.5
Antoine Beaupré
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: refer to other ruby packages in jruby
Antoine Beaupré
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process CVE-2017-1513{7, 8} as NFU
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark rubygems as minor in wheezy
Brian May
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] One tomcat issue Windows-specific
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Fix syntax error for CVE-2017-12617 entry
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA for poppler update
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add note for firebird2.5 re. mailing list thread.
Chris Lamb
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Take tomcat8 from dsa-needed
Sebastien Delafond
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Lucas Kanashiro proposed update for redmine (stretch)
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add three new cacti CVEs
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1000168/nghttp2
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: qemu fixed
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2018-1000168
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1084/corosync
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1000168/nghttp2: #895566
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new r-cran-readxl issues
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark some questionable Apple CVE assignments as NFU
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10074/linux
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Follow jessie.
Ola Lundqvist
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add tracking bug for CVE-2017-11592
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add source package information for CVE-2018-383{7, 8, 9}
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference fixing commits for CVE-2018-383{7, 8, 9}
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-383{7, 8, 9} already fixed in unstable via libsdl2-image/2.0.3+dfsg1-1
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Record fixed version for sdl-image1.2 issues via unstable
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Record CVE-2018-383{7, 8, 9} which were already fixed with the sdl-image1.2/1.2.12-2+deb7u2 upload
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove todo for CVE-2018-383{7, 8, 9}
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixed version for r-cran-readxl issues
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Two CVEs for pcs fixed in unstable upload via new upstream version
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2018-7456/tiff
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add and take corosync in dsa-needed
Sebastien Delafond
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Take redmine in dsa-needed
Sebastien Delafond
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add mosquitto to dsa-needed
Sebastien Delafond
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove link entry
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Cleanup CVE-2018-9329
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2016-2339: add two additional and required fixed-by refs
Santiago R.R.
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Fix version for CVE-2017-0359
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new smplayer issues (sid only)
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove no-dsa tag for CVE-2017-2887
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add libsdl2-image and sdl-image1.2 (Felix Geyer working on updates)
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add further note for corosync issue
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10087/linux
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new zabbix issue
Moritz Muehlenhoff
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA number for ruby-loofah
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add tracking bug for CVE-2018-1084
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1000159
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixing version for CVE-2018-7187/golang-1.10
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference(s) for CVE-2018-7187
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add fixing version for CVE-2018-7187/golang-1.10
Salvatore Bonaccorso
- [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mialing list migration has happened, commits to debian-security-tracker-commits list
Salvatore Bonaccorso
- [Secure-testing-commits] Commit mailing list renamed during alioth lists migration
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add perl to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new perl issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Correct bug reference for CVE-2018-6913
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for perl update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add status for wheezy for CVE-2018-6798
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Three perl issues fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVEs for wordpress
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixing commits for CVE-2018-88{08,09,10}
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixing version for CVE-2018-9846
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: take perl
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1345-1 for perl
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] CVE-2018-6797: mark as ignored on wheezy too
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Add new gegl issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add more references for CVE-2018-1000159
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1000159/tlslite-ng
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2018-1084/corosync n/a on wheezy
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10254/nasm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-10254/nasm issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1108/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Claim gunicorn in data/dla-needed.txt
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10289/mupdf
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-10289/mupdf: #896545
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1000164
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update todo item for CVE-2018-10126
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add allocated DLA number for gunicorn DLA
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Assign DSA for linux-tools/jessie
Ben Hutchings
- [Git][security-tracker-team/security-tracker][master] mark mupdf as unimportant, no security impact
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2018-10254,nasm: Mark as no-dsa in Wheezy.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add lucene-solr to dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Update CVE-2017-11509 information
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1358-1 for ruby1.9.1
Santiago R.R.
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1359-1 for ruby1.8
Santiago R.R.
- [Git][security-tracker-team/security-tracker][master] add gunicorn to dsa-needed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1110/knot-resolver
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for knot-resolver issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add phpliteadmin issue, #896682
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1059/dpdk
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2018-1059/dpdk fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1059/dpdk for stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reference fix for phpliteadmin issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7602
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] psensor, yubico-pam, kodi no-dsa
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add drupal7 to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1106/packagekit
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1106/packagekit status for jessie
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1106/packagekit
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Recording fixing version for CVE-2018-1106/packagekit
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Claim lucene-solr in data/dla-needed.txt
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-8781/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1032{2,3}/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10329/phpipam, itp'ed, #731713
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10316/nasm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7751/ffmpeg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Adjust note for CVE-2018-10316/nasm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update release date
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] ruby2.1, ruby2.3: add git repo branches for work-in-progress
Santiago R.R.
- [Git][security-tracker-team/security-tracker][master] new ktexteditor issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new openslp issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new eclipse issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] postpone two ffmpeg issues until next 3.2.x release
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1360-1 for lucene-solr
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] 3 commits: add ruby1.9.1 to dla-needed.txt
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Add bug reference for ktexteditor issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2018-0737
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1361-1 for psensor
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9060/r-base
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1000200/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Replace indentation spaces with tabs
Paul Wise
- [Git][security-tracker-team/security-tracker][master] zodbpickle embeds Python 3 stdlib modules: pickle, cpickle
Paul Wise
- [Git][security-tracker-team/security-tracker][master] zodbpickle is a fork not an embed
Paul Wise
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1112 and expand notes for CVE-2018-1088
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1113
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update phpliteadmin entry: CVE assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2018-10361/ktexteditor assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-1210{8,9}/r-cran-readxl
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2017-1210{8,9} were adressed in 1.0.0-2 upload
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2018-8831 as no-dsa for Wheezy
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] CVE-2018-1000097does not affect sharutils in Wheezy
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] claim drupal7 in dla-needed.txt
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1362-1 for gcc-4.9-backport
Ben Hutchings
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-1088/glusterfs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1363-1 for ghostscript
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Claim wordpress in dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add patch for CVE-2018-7602
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2007-6752
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update status for various linux CVEs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2017-18261
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] one tika issue n/a
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new tika issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add another tika issue (CVE-2018-1335)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add two new quassel issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add note clarifying that gwolf is preparing updates for drupal7
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Take drupal7 from dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug references for quassel
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA for drupal7
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1364-1 for openslp-dfsg
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10373/binutils
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10372
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-8043
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Unmark CVE-2018-1093 as fixed, needs more complete work avoiding regressions
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Take roundcube from dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-12086 tracking
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add information for CVE-2017-12086/blender
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Record new blender issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-1210{2,3,4}/blender
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-10393/libvorbis
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1365-1 for drupal7
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] dla-needed: Additional note about cacti
Paul Gevers
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: tag CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000079 for ruby1.9.1
Santiago R.R.
- [Git][security-tracker-team/security-tracker][master] Sort entries per source package name
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: openslp no-dsa
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new uimaj issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Update CVE-2017-18257/linux for jessie
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-18208 as ignored for older suites
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add todo for CVE-2018-1067
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10195/lrzsz
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-15691/uimaj
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Start tracking source package name for CVE-2017-7893
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-2908/blender
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track more blender CVEs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-2901 additional commit
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-6888/flac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove one forgotten TODO after blender CVE entry update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-1000071 as unimportant
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1000071
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-6888/flac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixing version for CVE-2018-0492
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add XSA-25{8,9}/xen, CVEs requested
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Prefix all lines with date.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reserve DSA for roundcube update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] tiff non-issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2018-10101,wordpress: Wheezy and Jessie are not affected
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1366-1 for wordpress
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] two unimportant qemu issues fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] chromium fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] openjdk-8 fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt add note on ruby1.9.1
Santiago R.R.
- [Git][security-tracker-team/security-tracker][master] xerces-c spu/opsu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] psensor ospu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add introducing commit for CVE-2018-10101
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVEs for xen XSA-258 and XSA-259 assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Resync CVE-2018-1093 with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert
- [Git][security-tracker-team/security-tracker][master] Bump date for roundcube DSA
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-1102 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add item to be checked for tiff
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for tor update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add link to oss-security post for quassel issues
Felix Geyer
- [Git][security-tracker-team/security-tracker][master] LTS: annotate apache2 CVEs as not affecting wheezy
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] remove my phpmyadmin test instance URL
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] up to now nobody wanted to have this week
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Take care of releasing debfx's sdl-image1.2 upload
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Claim imagemagick in dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1367-1 for slurm-llnl
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Update CVE-2018-1094/linux information for stretch and jessie
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for sdl-image1.2 update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] gunicorn, openjdk-8 DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] fix one Jave CVE ID
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] drop stale entry, sqlite doesn't need a DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2018-9060 as no-dsa for Wheezy
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] claim krb5
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] mark CVE-2018-5710 as not-affected for Wheezy, all strlen() parameters are checked for NULL
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] RH says CVE-2018-5710 is not a bug
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] exiv2 bug
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Remove unneeded aliased reference to Red Hat bug
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Clarify status for wordpress
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add two new libraw issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug references for CVE-2018-1052{8,9}/libraw
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6118/chromium-browser
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Demote CVE-2018-5709 to unimportant
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2018-1000073, CVE-2018-1000079, jruby: Jessie is not affected.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Update note for CVE-2018-5710 after clarification with Benjamin Kaduk
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2018-10194 as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove ghostscript from dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new wavpack issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new binutils issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] rewrite two older phpliteadmin NFUs now that it's in the archive
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] zabbix ignored
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1368-1 for libvorbis
Antoine Beaupré
- [Git][security-tracker-team/security-tracker][master] Add reference to fix for CVE-2018-10534
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add reference to fix for CVE-2018-10535
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1000101/mingw-w64
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Record CVE fixed in linux/4.16.5-1 upload
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Record upstream commit for CVE-2018-6192
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Record upstream fix for CVE-2018-6187
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Record upstream fix for CVE-2018-5686
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Three mupdf issues fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2017-17866/mupdf already fixed in 1.11.1 upstream and included in 1.12.0+ds1-1
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add packagekit to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove tiff, will be updated via *-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1114/undertow
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10549/php
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10548/php
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10547/php
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10546/php
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-10545/php
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1369-1 for linux
Ben Hutchings
- [Git][security-tracker-team/security-tracker][master] Don't record CVE-2017-5753 (Spectre variant 1) as fixed in 3.2.101-1
Ben Hutchings
- [Git][security-tracker-team/security-tracker][master] Remove ignored tag for CVE-2017-0861
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove 'wait for' annotation for php5 and php7.0
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add commit reference for CVE-2018-1114
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1114
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add glusterfs to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add forgotten bug reference for CVE-2018-10195
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] there is always something for linux
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] add wavpack to dsa-needed, n/a for jessie
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] r-base non issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] add knot-resolver to dsa-needed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] mark libmad dupe, seems like an error at MITRE
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] jakarta-jmeter bug
Moritz Muehlenhoff
Last message date:
Mon Apr 30 23:59:26 BST 2018
Archived on: Mon Apr 30 23:59:31 BST 2018
This archive was generated by
Pipermail 0.09 (Mailman edition).