[Git][security-tracker-team/security-tracker][master] Replace dropbear repository reference with working URL

Salvatore Bonaccorso carnil at debian.org
Thu Dec 31 20:11:11 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c7893e4 by Salvatore Bonaccorso at 2020-12-31T21:10:57+01:00
Replace dropbear repository reference with working URL

Apparently repository moved from https://secure.ucc.asn.au/hg/dropbear
to https://hg.ucc.asn.au/dropbear and so replace previous references.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -149732,7 +149732,7 @@ CVE-2018-15599 (The recv_msg_userauth_request function in svr-auth.c in Dropbear
 	- dropbear 2018.76-4 (bug #906890)
 	[stretch] - dropbear 2016.74-5+deb9u1
 	NOTE: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
-	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
+	NOTE: https://hg.ucc.asn.au/dropbear/rev/5d2d1021ca00
 CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the ...)
 	NOT-FOR-US: Traefik
 CVE-2018-15597
@@ -218445,12 +218445,12 @@ CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the
 CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files  ...)
 	{DSA-3859-1 DLA-948-1}
 	- dropbear 2016.74-5 (bug #862970)
-	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
+	NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/0d889b068123
 CVE-2017-9078 (The server in Dropbear before 2017.75 might allow post-authentication  ...)
 	{DSA-3859-1}
 	- dropbear 2016.74-5 (bug #862970)
 	[wheezy] - dropbear <not-affected> (Vulnerable code not present)
-	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
+	NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/c8114a48837c
 CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux  ...)
 	{DSA-3886-1 DLA-993-1}
 	- linux 4.9.30-1
@@ -238493,7 +238493,7 @@ CVE-2017-2660
 	REJECTED
 CVE-2017-2659 (It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...)
 	- dropbear 2013.60-1
-	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86
+	NOTE: https://hg.ucc.asn.au/dropbear/rev/d7784616409a#l1.86
 CVE-2017-2658 (It was discovered that the Dashbuilder login page as used in Red Hat J ...)
 	NOT-FOR-US: JBoss BPMS
 CVE-2017-2657
@@ -251377,24 +251377,24 @@ CVE-2016-7410 (The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 2
 	NOTE: Introduced by (as confirmed by upstream): https://sourceforge.net/p/libdwarf/code/ci/b446e23dc21704ccd3b76d8945aaf39e4aca8c27
 CVE-2016-7409 (The dbclient and server in Dropbear SSH before 2016.74, when compiled  ...)
 	- dropbear 2016.74-1 (unimportant)
-	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
+	NOTE: https://hg.ucc.asn.au/dropbear/rev/6a14b1f6dc04
 	NOTE: Not an issue for the the Debian binary package since we do not
 	NOTE: compile with DEBUG_TRACE.
 CVE-2016-7408 (The dbclient in Dropbear SSH before 2016.74 allows remote attackers to ...)
 	- dropbear 2016.74-1
 	[jessie] - dropbear 2014.65-1+deb8u1
 	[wheezy] - dropbear <not-affected> (Vulnerable code not present)
-	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
+	NOTE: https://hg.ucc.asn.au/dropbear/rev/eed9376a4ad6
 CVE-2016-7407 (The dropbearconvert command in Dropbear SSH before 2016.74 allows atta ...)
 	{DLA-634-1}
 	- dropbear 2016.74-1
 	[jessie] - dropbear 2014.65-1+deb8u1
-	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
+	NOTE: https://hg.ucc.asn.au/dropbear/rev/34e6127ef02e
 CVE-2016-7406 (Format string vulnerability in Dropbear SSH before 2016.74 allows remo ...)
 	{DLA-634-1}
 	- dropbear 2016.74-1
 	[jessie] - dropbear 2014.65-1+deb8u1
-	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
+	NOTE: https://hg.ucc.asn.au/dropbear/rev/b66a483f3dcb
 CVE-2016-7404 (OpenStack Magnum passes OpenStack credentials into the Heat templates  ...)
 	- magnum 3.1.1-5 (bug #863547)
 	NOTE: https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
@@ -333465,7 +333465,7 @@ CVE-2013-4421 (The buf_decompress function in packet.c in Dropbear SSH Server be
 	- dropbear 2012.55-1.4 (low; bug #726019)
 	[squeeze] - dropbear <no-dsa> (Minor issue)
 	[wheezy] - dropbear <no-dsa> (Minor issue)
-	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
+	NOTE: https://hg.ucc.asn.au/dropbear/rev/0bf76f54de6f
 CVE-2013-4420 (Multiple directory traversal vulnerabilities in the (1) tar_extract_gl ...)
 	{DSA-2863-1}
 	- libtar 1.2.20-2 (bug #731860)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c7893e4c0836d81a7ad78df1b8f72fa3a865739

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c7893e4c0836d81a7ad78df1b8f72fa3a865739
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201231/1ae06652/attachment.html>

More information about the debian-security-tracker-commits mailing list