[Git][security-tracker-team/security-tracker][master] 2 commits: Slightly reorder entries

Salvatore Bonaccorso carnil at debian.org
Thu May 3 19:56:27 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be0dc539 by Salvatore Bonaccorso at 2018-05-03T20:29:27+02:00
Slightly reorder entries

- - - - -
c5113c7a by Salvatore Bonaccorso at 2018-05-03T20:55:55+02:00
Add lucene-solr as candiate for dsa, need check

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -14571,8 +14571,8 @@ CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
 	NOT-FOR-US: flatCore-CMS
 CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does ...)
 	- redmine 3.4.4-1 (bug #887307)
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/issues/27516 (private)
 	NOTE: https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd
 	NOTE: https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678
@@ -30311,8 +30311,8 @@ CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...)
 	NOT-FOR-US: MISP
 CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...)
 	- redmine 3.4.2-1
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/issues/25713 (private)
 	NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0
 	NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc
@@ -33842,79 +33842,79 @@ CVE-2017-15514
 	RESERVED
 CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
 	- redmine 3.4.4-1 (bug #882544)
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/27186 (private)
 	NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3
 	NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448
 CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
 	- redmine 3.4.4-1 (bug #882545)
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/27186 (private)
 	NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508
 CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
 	- redmine 3.4.4-1 (bug #882547)
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/27186 (private)
 	NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b
 CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
 	- redmine 3.4.4-1 (bug #882548)
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/27186 (private)
 	NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa
 CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because ...)
 	- redmine 3.4.2-1
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/25503 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can ...)
 	- redmine 3.4.2-1
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/24416 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a ...)
 	- redmine 3.4.2-1
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/24307 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...)
 	- redmine 3.4.2-1
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/24199 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry ...)
 	- redmine 3.4.2-1
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/23803 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15577 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of ...)
 	- redmine 3.4.2-1
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/23793 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2016-10515 (In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting ...)
 	- redmine 3.2.3-1
-	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
+	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: upstream fixed in 3.2.3
 CVE-2017-15537 (The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before ...)


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -49,6 +49,9 @@ libmad
 linux (carnil)
   Wait until more issues have piled up
 --
+lucene-solr
+  Markus Koschany proposed to do an update, submitted debdiff
+--
 mercurial
 --
 mosquitto (seb)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/cdc83138daa63949b577cfa32fa984fdd22e3718...c5113c7add5443257943e45aa01fbe8a00fccfdd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/cdc83138daa63949b577cfa32fa984fdd22e3718...c5113c7add5443257943e45aa01fbe8a00fccfdd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180503/17984db6/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list