August 2019 Archives by thread
Starting: Thu Aug 1 06:49:51 BST 2019
Ending: Sat Aug 31 23:10:38 BST 2019
Messages: 787
- [Git][security-tracker-team/security-tracker][master] Two subversion issues fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10213 as NFU (OpenShift)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1018{6,7}/moodle
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14378/{qemu,slirp4netns}
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14452/sigil
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track the new 13 vulnerabilities in u-boot
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-12970/squirrelmail: patch URL
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1868-1 for squirrelmail
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] dla: vim: remove misleading comment, as maintainer didn't upload to jessie after >1 month
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] dla: freeimage: status update
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] dla: claim vim
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] dla: frontdesk W40
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Sync linux CVEs with kernel-sec updates
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14465/schism
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1446{2,3}/libmodbus
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2014-8242/librsync
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1869-1 for firefox-esr
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1870-1 for thunderbird
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Four CVEs fixed for undertow in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Two jhead issues fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14459/nfdump
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1423{2,3,4,5}/python-django
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14459/nfdump
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug reference for CVE-2019-14378/qemu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2019-10207
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10088/tika
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10093/tika
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10094/tika
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-10088/tika
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-10093/tika
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-10094/tika
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Annotate further information on CVE-2018-20839
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14495/3proxy (itp'ed)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reassociate some ancient CVEs with 3proxy with itp bug (#718219)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add four CVEs affecting mariadb-10.1
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add five CVEs affecting MariaDB 10.3 upstream
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process some further NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1020014/golang-github-docker-docker-credential-helpers
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1018{8,9}/moodle
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-7614/elasticsearch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1871-1 for vim
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Remove no-dsa/postponed tags for issues which got an update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add additional Debian bug reference for libxslt issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-2598/mysql-workbench
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10156/ansible
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for gitlab issues unfixed in both experimental and unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14452/sigil
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Claim qbittorrent in data/dla-needed.txt
Jonas Meurer
- [Git][security-tracker-team/security-tracker][master] Mark qbittorrent in Jessie as not-affected by CVE-2019-13640
Jonas Meurer
- [Git][security-tracker-team/security-tracker][master] Adjust jessie entry for CVE-2019-13640
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-1020014
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Fix typo in source package name for MariaDB 10.3
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-1446{2,3}/libmodbus as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-1446{2,3}/libmodbus
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14524/schism
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14523/schism
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14465/schism
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14524
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14523
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync one temporary entry with status from kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14513/dnsmasq
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-14494/poppler
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14494/poppler
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 4 commits: follow security team with no-dsa for CVE-2019-14462 in Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Add tracking item for pump issue (#933674)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-20861/libopenmpt
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1010084
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-7616/kibana
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update note for CVE-2019-11068/libxslt
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Add note re subversion.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-13568/cimg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5459/vlc
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5460/vlc
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-0222,activemq: Fixed in unstable
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14271/docker.io
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1010238/pango1.0
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-1010238/pango1.0
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add four issues in GnuCOBOL for tracking
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Remove one TODO item
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5020/yara
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-1010238/pango1.0 via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] proftpd DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5057/SDL_image
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5058/SDL_image
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5059/SDL_image
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5060/SDL_image
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: this is still ongoing
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] Update status of openjdk7 and proftpd-dfsg in dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] gnucobol: no-dsa, bug filed, track old source package
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 14 commits: update note
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Adjust open-cobol source package name
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2017-18342/pyyaml
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process new NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 4 commits: bin/lts-cve-triage.py: Move to Python 3
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] bin/lts-cve-triage.py: Correct undefined reference to `colored` when stdout is not a TTY
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] new issues in solr, sleuthkit, milkytracker
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Info for CVE-2019-1010238 is now un-embargoed.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] tika, docker fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] mark CVE-2019-14452/sigil as fixed
Mattia Rizzolo
- [Git][security-tracker-team/security-tracker][master] Add fixed version for linux CVEs via unstable upload
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for three milkytracker issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] xpdf, binutils triage
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen
- [Git][security-tracker-team/security-tracker][master] Reassociate one cups issue with correct CVE id
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Expand todo for CVE-2019-14655
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-11249/kubernetes
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-11247/kubernetes
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-11247/kubernetes
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Cross reference CVE id information for CVE-2018-3977 and CVE-2019-5058
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add three new issues in src:brandy
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for three brandy issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1866-2 for glib2.0
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim dnsmasq
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] 2 commits: flif was removed from experimental now as well (Cf. #933898 for reasoning)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] REJECTED status for CVE-2019-14655 confirmed and will be in next round of updates
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new binutils, u-boot, kfreebsd issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Three libxslt issues fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Triage u-boot for jessie LTS and add a note about other fixes.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Triage open-cobol for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add three additional u-boot issues (CVE-2019-1310{4,5,6})
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add oss-security reference for CVE-2019-13232 issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add bug number for recent Django CVEs.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage python-django for jessie.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] python-django in jessie LTS is not vulnerable to CVE-2019-14234
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1872-1 for python-django
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Four python-django issues fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove note for CVE-2019-12933, this was found to be a duplicate
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14664/enigmail
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process CVE-2019-14475 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14697/musl
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1469{1,2,3}/adplug issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: claim tomcat8 + more explanations + last CVE was not-affected
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Reassociate some NFUs for TeamPass to src:teampass and itp'ed
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1125/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5863/chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-3685/osc (mark for now as undetermined)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14433/nova
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14433/nova
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-14664 in enigmail as end-of-life in jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Triage (more) recent u-boot issues in jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-13456/freeradius
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add three more CVEs for adplug (CVE-2019-1473{2,3,4})
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new wpa issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new k8s, ansible issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: Cleanup some additional spaces
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add and claim django
Sebastien Delafond
- [Git][security-tracker-team/security-tracker][master] s/(?=django)/python-/
Sebastien Delafond
- [Git][security-tracker-team/security-tracker][master] Update references for CVE-2019-13377/wpa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-20961/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1873-1 for proftpd-dfsg
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-13377/wpa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-11248/kubernetes
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-1125/linux fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14745/radare2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14745/radare2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2019-13456 in freeradius for Jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14763/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-14763/linux as fixed with 4.16.5-1 upload to unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14769, CVE-2019-14770 and CVE-2019-14771 for backdrop
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: tomcat8 FTBFS fixed
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] add and claim gosa + fusiondirectory
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-11187/fusiondirectory
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14744/{kconfig,kde4libs}
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-11187/gosa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-1297{7,8}/imagemagick: no-dsa in jessie
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] sdl-image1.2 fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new postgres, clamav issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2019-12979/imagemagick: no-dsa in jessie
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add DLA-1874-1 postgresql-9.4 - security update
Christoph Berg
- [Git][security-tracker-team/security-tracker][master] various binutils fixes in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] also track postgres 9.4/9.6
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] better postgres reference
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] various spu/opsu updates
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Regroup mariadb-10.1 entries for stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add reference for clamav issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking items for postgresql-9.6 as not-affected
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Fix for CVE-2019-5058 will be included in buster-pu upload for libsdl2-image
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2019-1020014 as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] postgres DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Take linux from dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dsa-needed: add and take kconfig, drop a few entries for released DSAs
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for CVE-2019-14744/{kconfig,kde4libs}
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-1010238/pango1.0 as not-affected for stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-11042/php*
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-11041/php*
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13307/imagemagick: follow-up patches
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Mark yara not-affected in Jessie and Stretch
Brian May
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13306/imagemagick: patch reverted later
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2019-1010238 in pango1.0 for Jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13306/imagemagick: update commit links
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] dla-needed: update imagemagick
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13616: add commit links, also affects -image
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] dla-needed: update libsdl2 notes, probable CVE-2019-13626 fix
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13616/libsdl2-image,sdl-image1.2: postponed for jessie
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] qemu DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] dla-needed: update tika notes, probable commit link
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] kconfig DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new crypto++ issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] icedtea-web bugs
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] icedtea-web fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Remove duplicate entry for libsdl1.2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add upstream reference for CVE-2019-14318/libcrypto++
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14318/libcrypto++
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-14744/kconfig via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add pango1.0 to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark recent mariadb-10.3 issues as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed update for mariadb-10.3 via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track libxslt update for buster via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-12068/qemu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-12067/qemu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync state for CVE-2019-14763 with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync status for some CVEs for jessie with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1875-1 for fusiondirectory
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1876-1 for gosa
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2019-14697 for musl in jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage clamav for jessie.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] fusionforge/gosa spu/opsu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] dla-needed: update tika and hdf5 entries, claim clamav
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] new werkzeug issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2019-14806/python-werkzeug
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] add bug report for clamav zip dos
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13307/imagemagick: update notes
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] 2 commits: Update todo note for CVE-2018-20871
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla-needed: update clamav and faad2 entries
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-586{7,8}/chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-4495-1 for linux (buster only)
Ben Hutchings
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-1108/linux as ignored for stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update status for stretch for CVE-2018-20510
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-15889/libpodofo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-14744/kde4libs fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-20510/linux as postponed for stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2018-1002161 as no-dsa, as maintainer will go point release route
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2019-14806 in python-werkzeug for Jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for pango1.0 update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version via experimental for libcrypto++ for later merge
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes for gitlab via experimental
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] openldap spu/opsu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new yard issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-4497-1 for linux (stretch only)
Ben Hutchings
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14318/libcrypto++ fixed version in unstable
László Böszörményi
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1877-1 for otrs2
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Consider clamav still as unfixed for #934359
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Details of ruby-openid security vulnerability published
Brian May
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-4498-1 for python-django (CVE-2019-14232, CVE-2019-14233,...
Sebastien Delafond
- [Git][security-tracker-team/security-tracker][master] dla: claim php5
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Add epoch for version of python-django
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10216/ghostscript
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add and take ghostscript in dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-100{88,93,94}/tika: add commit links
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for ghostscript DSA
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS/claim jackson-databind
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1878-1 for php5
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] dla: claim ghostscript
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1879-1 for jackson-databind
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] CVE-2019-14439,CVE-2019-14379,jackson-databind: Fixed in unstable
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert
- [Git][security-tracker-team/security-tracker][master] Track fix for XSA-300 which will be included in DSA
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Correct release date for DSA 4497-1/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new CVE-2019-1494{2,3,4}/chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-100{88, 93}/tika: jessie not affected
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2017-18509/linux assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-10216/ghostscript
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla-needed: update tika entry
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1880-1 for ghostscript
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-10216/ghostscript via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: triage sqlite as no-dsa
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] dla: claim evince
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] CVE-2017-1000159/evince: remove no-dsa tag for jessie
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] dla: claim atril
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13304/imagemagick: additional commit link
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1881-1 for evince
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim slurm-llnl
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13307/imagemagick: no-dsa in jessie
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2017-1000159 also affects atril
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1882-1 for atril
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13300/imagemagick: no-dsa in jessie
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] parso fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2016-5388/tomcat: fix severity
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1883-1 for tomcat8
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-10744/node-lodash
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DLA-1884-1 for linux
Ben Hutchings
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-1494{2,4}/gitlab
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track version with fixed version for CVE-2017-1000159/atril
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entry for CVE-2018-8014/tomcat8 as DLA-1883-1 contains an update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] libebml, lodash spu/ospu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14939/node-mysql
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for CVE-2019-14939/node-mysql
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14934/pdfresurrect
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-14934/pdfresurrect fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS/claim subversion
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-14980/imagemagick
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-14378/slirp4netns via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2014-10375/libexosip2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2014-10375/libexosip2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] add note for slurm-llnl
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14973/tiff
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14973/tiff
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-12618/nomad
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-2386/mongodb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14973/tiff fixed version in unstable
László Böszörményi
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference or CVE-2019-2386/mongodb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add openldap maintained by Ryan Tandy to lts-do-call-me
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10199/Keycloak
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10201/Keycloak
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-11250/kubernetes
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new apache2 issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5477/ruby-nokogiri
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-11250/kubernetes
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-5477/ruby-nokogiri
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14809/golang
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking for golang-1.8 and golang-1.7 as well
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-951{2,4}/golang
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process one WordPress plugin issue as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1886-1 for openjdk-7
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add wpa to dsa-needed list (needs check)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15062/dolibarr
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10140/linux (not-affected)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-11733/firefox (mfsa2019-24)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-14274/mcpp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-14433/nova
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track for now a new sqlite3 issue (needs to be further checked)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes for three CVEs affecting golang-1.11
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add golang-golang-x-net-dev fo CVE-2019-951{2,4}
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] libreoffice DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-985{0,1,2}/libreoffice information
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1887-1 for freetype
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Add apache2 to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14975/mupdf
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Revert "Track for now a new sqlite3 issue (needs to be further checked)"
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2016-10894/xtrlock
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15090/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15098/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15099/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new nginx issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] nodejs also affected by HTTP2 issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] track h2o, ATS for HTTP2 issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-20969/patch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2018-20968/patch as well fixed in DLA-1864-1
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15107/webmin
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for trafficserver as reported by jmm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for h2o issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for nodejs issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-13619 as not-affected for Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-13590 as ignored for Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] add nghttp2 for HTTP2 issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Slightly reorder source package entries
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add references to apache upstream notes on CVEs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Claim kde4libs in dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add apache2 to dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] CVE-2019-14939, nodejs-mysql: The nodejs ecosystem is not supported in Jessie.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] mark parso as non-issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2019-14934,pdfresurrect: Mark as no-dsa for Jessie
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Triage HTTP2 issues in nginx as not-affected for Jessie
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add mongodb to dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1888-1 for imagemagick
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] zip4j now in the archive
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] imagemagick triage for jessie
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage xtrlock for jessie.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim xtrlock.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim mongodb
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] CVE-2019-14433,nova: Mark as no-dsa for Jessie.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] libv8-3.14 removed from unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15117/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15118/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-1010083, flask: Link to fixing commit
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] drop one ffmpeg entry, fixed in new release
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] ffmpeg DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-3881,bundler: Jessie is not affected
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim flask
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14809/golang-1.13
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-951{2,4} for golang-1.13
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Fixes for four glib2.0 CVEs in stretch proposed via stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-{8675,8696}/cups issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10224/389-ds-base
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for cups issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-10224/389-ds-base was fixed with the 1.4.1.5-1 upload to unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] claim cups
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Associate CVE-2018-1000050 with libstb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add various new CVEs for libstb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking of libstb itself for CVE-2018-16981/libstb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for libstb issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15058/libstb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-15058/libstb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1889-1 for python3.4
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-86{75,96}/cups
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10086/commons-beanutils (relates to CVE-2014-0114)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add note on fixes for CVE-2015-464{5,6}/squashfs-tools
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-9512 and CVE-2019-9514 fixed for golang-golang-x-net-dev
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15133/giflib
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information for (ancient) CVE-2016-3177 (issue fixed)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-15133/giflib as no-dsa for buster and stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15132/zabbix
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add reference to commit for CVE-2019-10098/apache2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-15132/zabbix
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2019-10097/apache2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add reference to upstream commit for CVE-2019-10092/apache2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for golang-1.13 in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-14459/nfdump
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla-needed: add 389-ds-base, claim it
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2019-136{26,36}/libsdl{1.2,2}: jessie triage
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add upstream commit references for nginx issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-15099
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for nginx issues (CVE-2019-9511 CVE-2019-9513 CVE-2019-9516)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-10224: stretch/jessie not affected, affects python-lib389
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2018-203{58,61}/faad2: fixed jessie/unstable
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2018-19502/faad2: add upstream bug report
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1890-1 for kde4libs
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: openldap: Remove no-dsa tags
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] CVE-2019-15133, giflib: Mark as no-dsa for Jessie
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] golang 1.11 DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2019-10217,ansible: Mark as no-dsa for Jessie
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] CVE-2019-15132,zabbix: Mark as postponed for Jessie
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] CVE-2019-1010259, salt: Mark as not-affected for Jessie
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] libstb no-dsa
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Process three CVEs as NFU for gpmf-parser
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15145/djvulibre
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15144/djvulibre
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15143/djvulibre
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15142/djvulibre
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add information on CVE-2019-15141/imagemagick
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add some sort of initial tracking for CVE-2019-9506
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-9506/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-20976/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18552/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18551/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18550/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18549/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2016-10907/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2016-10906/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2016-10905/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] nginx fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] dla-needed: claim xymon
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] 2 commits: Sync status for some linux CVE with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: update notes
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] CVE-2018-{20196,19502}: add commit links
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2018-19504/faad2: dup, fixed in jessie+testing
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2018-19504/faad2: dup, fixed in 2.8.8-2 and jessie
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] dla-needed: update faad2 entry
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add nginx to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new vlc issues fixed in 3.0.8 upstream
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15160
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15151/adplug
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] xymon no-dsa
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2018-15889 confirmed REJECTED by MITRE
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1892-1 for flask
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15211/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15212/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15239/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2018-19502/faad2: fixed in 2.8.8-3
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2018-20195/faad2: same as CVE-2018-20362
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15213/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15214/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2018-20359/faad2: same as CVE-2018-20194
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15215/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2018-20357/faad2: same as CVE-2018-20194
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15216/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark webmin as removed
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new nltk issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Mark another CVE fixed in vlc 3.0.8
Sebastian Ramacher
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15217/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync CVE-2019-15213 status with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15218/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15219/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15220/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15221/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15222/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15223/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1529{0,1}/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add vlc to dsa-needed list (will be taken care of by jmm)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark cups issues as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug information for CVE-2019-14751/nltk
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] asterisk spu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] vlc DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Remove tracking of potential mruby upload, no maintainer reaction
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-15222 as not affected for any released src:linux version
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-15223 as not affected.
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-95{12,14,15}/h2o as fixed with unstable upload
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15237/roundcube
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15232/liblivemedia
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-15232/liblivemedia: postponed in jessie
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Don't track mips in sid, it's gone
Raphaël Hertzog
- [Git][security-tracker-team/security-tracker][master] Another place where mips needs to be dropped
Raphaël Hertzog
- [Git][security-tracker-team/security-tracker][master] Drop mips from bullseye architectures
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15292/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] ATS affected by one more of the recent HTTP2 issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] faad2 CVEfied
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] mark liblivemedia postponed, only affects the server which is mostly a test tool,
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] add commit reference to h2o
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] cups spu/opsu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1886-2 for openjdk-7
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add additional bug reference efor CVE-2019-9518/trafficserver
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed versions for CVE-2019-10142/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove one doubled entry for tracking of glib2.0
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed update for fig2dev via stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2019-12269 as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes for linux via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Take apache2 from dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track assigned CVE for clamav issue (CVE-2019-12625)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add reference to VLC VideoLAN-SB-VLC-308 bulletin
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] pump removed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] ruby-rest-client n/a
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] bro fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] binutils fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 3 commits: mark vlc as EOL in Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Add note for xtrlock.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] CVE-2019-384{3,4}/systemd fixed with the upload to unstable of v242
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Adjust fixed version for CVE-2019-14444/binutils
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] nginx DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] dla-needed: update clamav entry
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] CVE-2019-6956/faad2: add upstream bug report
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Cleanup one REJECTED entry
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15314/tikiwiki
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1238{5,6}/ampache
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1893-1 for cups
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 3 commits: add djvulibre
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] sox opsu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track some more CVE fixes for src:linux with stretch-pu upload
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] xymon spu/ospu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2019-14751 as no-dsa for Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] dla-needed: update faad2, tika and xymon notes
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Correct ordering
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] add packages
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15505/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15504/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process several NFUs for WordPress plugins
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add nghttp2 to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-10071 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-12400/libxml-security-java as not affected for stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-12400
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1894-1 for libapache2-mod-auth-openidc
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1895-1 for libmspack
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] add nghttp2
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15531/libextractor
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Replace some redirected commit references for libextractor
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-15531/libextractor
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for squid update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed update for libxslt for stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove teeworlds from dsa-needed as it will not get a DSA and agreed with games team
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] nltk no-dsa
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] h2o DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1896-1 for commons-beanutils
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] nltk fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] ATS fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-12400 as not-affected
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Track proposed update for slirp4netns via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla-needed: update xymon notes
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15538/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] kde4libs removed from unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] kde-runtime removed from unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] qtwebkit removed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: Clarify state for CVE-2018-1000656 and CVE-2019-1010083 in flask
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] clamav fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-15540 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1897-1 for tiff
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-1010083 as no-dsa for Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] faad2: add upstream commit links
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1898-1 for xymon
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Track clamav updates for stretch-pu and buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for apache2 update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-13640/qbittorrent via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-5477/ruby-nokogiri
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1564{1,2}/webmin
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15640/limesurvey
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process some Adobe specific NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15666/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15651/wolfssl
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track clamav as well under CVE-2019-12900
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] mercurial embeds python-zstandard embeds libzstd
Julien Cristau
- [Git][security-tracker-team/security-tracker][master] New upstream version for qemu to unstable fixing several CVEs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-1446{2,3}/libmodbus
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add note on trafficserver update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fix for CVE-2019-15538 via buster-pu (included in the followup 4.19.67-2)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-1481{4,5,6}/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Add ansible.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-12402/libcommons-compress-java
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-11500/dovecot
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for dovecot update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add four new ghostscript issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Try to clarify the ghostscript mitigation for recent versions in 9.28
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add upstream bug references for ghostscript
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reference commits for dovecot core and pigeonhole
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] faad2 issues fixed in 2.8.8-3.1
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1899-1 for faad2
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-9517,CVE-2019-10082,CVE-2019-10081,apache2: Jessie is not affected
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Claim icedtea-web in dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add ghostscript to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10222/ceph
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-11500/dovecot
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-10222/ceph: Track status for buster and stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-10222/ceph
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10051/suricata
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10052/suricata
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10219
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14819 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new non-issues in gnuchess, binaryen
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] node ospus
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-11500/dovecot via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-647{2,3,4}/isc-kea
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS/re-claim subversion
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Add Debian bug refport for isc-kea
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-5058/sdl-image1.2,libsdl2-image: fixed in jessie
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-13627/libgcrypt
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-1575{8,9}/binaryen fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Mark three nss issues as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fix for CVE-2019-9578/libu2f-host via stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed fixes for sdl-image1.2 via stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes for sdl-image1.2 in buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15717/irssi
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS/add dovecote to dla-needed.txt and claim it
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1901-1 for dovecot
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for irssi
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-15717/irssi
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15807
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track CVE-2019-15807 for stretch-pu and buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS/claim ansible
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] CVE-2015-3908/ansible add link to upstream commit
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1902-1 for djvulibre
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1903-1 for subversion
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] more rust crate triage
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track stretch-pu update including CVE-2019-15538
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15785/fontforge
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: Switch CVE-2019-13038 from <no-dsa> to <ignored> (see reason already given).
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add imagemagick
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: add ghostscript
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: Triage CVE-2019-10222/ceph/jessie (not-affected).
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add libgcrypt20 and claim it.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add pump.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add libcommons-compress-java.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add ruby-nokogiri.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: Triage suricata/jessie.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add yard (as triaging RFH)
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add note to pump about non-informing former maintainer.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add milkytracker.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: evaluate recent milkytracker CVEs as <no-dsa>.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Claim pump.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-13627/libgcrypt20
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Document no-dsa status for pump
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: Update gnutls28/CVE-2018-19869/jessie.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] 2 commits: bin/contact-maintainers: Provide mail template for LTS updates of minor issues.
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: re-claim libav
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: add detailled information to CVE-2019-14466(/gosa)
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] CVE-2019-14466: syntax fix, make description temporary.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] Annotate CVE-2017-7481/ansible as not affecting jessie
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] CVE-2018-10754 REJECTED by MITRE CNA
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add apache2 to dsa-needed for potential regression
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-13627/libgcrypt20 fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add rexical to CVE-2019-5477
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15043/grafana
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-10203/pdns fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1904-1 for libextractor
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] claim cimg
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim nghttp2
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Add gosa and claim it.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15784/srt
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-15784/srt
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1905-1 for gosa
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/DLA/list: Add CVE-2019-14466 to DLA-1905-1.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] gosa, libextractor fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track proposed fixes for koji issues via stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1906-1 for python2.7
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-1907-1 for libav
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: re-add libav and re-claim it
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: Mark irssie/jessie as not affected by CVE-2019-15717.
Mike Gabriel
Last message date:
Sat Aug 31 23:10:38 BST 2019
Archived on: Sat Aug 31 23:10:41 BST 2019
This archive was generated by
Pipermail 0.09 (Mailman edition).