January 2020 Archives by thread
Starting: Wed Jan 1 08:03:58 GMT 2020
Ending: Fri Jan 31 23:01:21 GMT 2020
Messages: 793
- [Git][security-tracker-team/security-tracker][master] Track NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20176/pure-ftpd
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-20176/pure-ftpd
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-1490{4,5}: Move status from undetermined to unfixed
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-1221{1,3}/freeimage
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2056-1 for libgcrypt20
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Return DLA-2056-1 to the pool; libgcrypt20 is a regression update.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-19921/runc
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2056-1 for waitress
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Correct version number in DLA-2056-1 to include +deb8u1 suffix.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Track fixed versions for waitress issues via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking for fixed version for CVE-2019-20176/pure-ftpd
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-20079,vim: Jessie is not affected
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-18898 as NFU
Salvatore Bonaccorso
- Processing fb98e4529ad15c351e0733e49327483e0d350845 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-17558/lucene-solr
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20218/sqlite3
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20208/gpac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20205/libsixel
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-20079/vim
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Fix list sort
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Make graphicsmagick needed for both buster and stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for xen issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2019-16774/kopano-webapp-plugin-files
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug tracking information for CVE-2019-134{45,65}/ros-ros-comm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug tracking information for CVE-2019-12422/shiro
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-1551/openssl
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-20205 as no-dsa for buster and stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Further update for CVE-2019-16774/kopano-webapp-plugin-files
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark several 389-ds-base issues as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2019-14858 as no-dsa for stretch and buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] buster/stretch triage
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add upstream commit reference for CVE-2019-16869/netty
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Revert two changes for kopano-webapp-plugin-files
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Take netty from dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2019-16774
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-16869/netty
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed versions for radare2 up to 3.9.0 upstream
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-6477/bind9
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20326/gthumb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] remove TODOs for rejected CVEs from 2019
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20330/jackson-databind
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-531{0,1,2,3}/pillow
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVe-2019-20326/gthumb: do not explicitly list not needed commit
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new gitlab issues (GitLab Security Release: 12.6.2, 12.5.6, and 12.4.7)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Fix spelling typos in TODO for CVE-2019-19601
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-19343/undertow
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for netty update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] mark nethack as <end-of-life> for jessie
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] remove nethack from dla-needed.txt as well
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Add CVE-2010-37822/open-build-service
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20149/node-kind-of
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10775/node-ecstatic
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-10774/php-shellcommand
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-6025/movabletype-opensource
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2013-5027/collabtive
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2013-4796/reviewboard
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-20149/node-kind-of
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] python3.7 spu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] libsixel bug
Moritz Muehlenhoff
- Processing 9efcb4f74bd8ae85bebd96e43e6f62a73b2aed60 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] fix syntax...
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track fixes for opensc via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reference upstream fix for CVE-2019-6502
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20334/nasm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-19959/sqlite3
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] check-new-issues: Cover upcoming decades for regular expression for issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-506{3,4}/opencv
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add "old" CVE-2019-5844 for chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add "old" CVE-2019-5845 for chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes for gitlab via experimental
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add "old" CVE-2019-5846 for chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-13765/chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-13766/chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-5496/fontforge
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-5395/fontforge
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update CVE-2019-16884
Shengjing Zhu
- [Git][security-tracker-team/security-tracker][master] CVE-2019-20176,pure-ftpd: Mark as no-dsa for Jessie
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add gthumb to dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add jackson-databind to dla-needed.txt with notes.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add bug number for opencv issues.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Adjust opencv bug number for unstable
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim gthumb
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-506{3,4}/opencv
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update commit references for CVE-2019-20326
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-20326/gthumb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-13465/ros-ros-comm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-13445/ros-ros-comm via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-19126/glibc via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information of CVE-2019-16774/kopano-webapp-plugin-files
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes for CVE-2019-13465 and CVE-2019-13445 via stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for linux CVEs via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2020-5310,pillow: Jessie is not affected
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add bug number for pillow issues.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track fixing commit for CVE-2019-20330/jackson-databind
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-5395 and CVE-2020-5496 as no-dsa for stretch and buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add note for python-django
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-19911/pillow
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track older pillow issue as well under #948224
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-5496,CVE-2020-5395,fontforge: Mark as no-dsa for Jessie
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] CVE-2013-5027,collabtive: Jessie is not affected.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-10219,hibernate-validator: Reference fixing commit
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add bug number for CVE-2019-10219.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] CVE-2019-12409,lucene-solr: Debian is not affected
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add missing status for CVE-2019-10219
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-12409: Remove TODO item.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add gpac to dla-needed.txt for future triaging.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Reference upstream issue for CVE-2019-10219
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-3881/bundler as no-dsa for stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-16774 as unimportant
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-17109/koji as no-dsa for stretch and buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-20149/node-kind-of as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-16981/libstb as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-10195 and CVE-2019-14867 as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark open CVEs for opencv as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: claim graphicsmagick
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim pillow.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] claiming tomcat8 in jessie, again
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Pillow issues fixed in unstable with 7.0.0 upload
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2057-1 for pillow
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reclaim ruby-excon
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] dla: retake unclaimed
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15601
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20352/nasm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-18792/suricata
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Two fig2dev issues in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2058-1 for nss
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2059-1 for git
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] LTS/claim squid3
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Add four new moodle issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2014-1850 as REJECTED
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-18625/suricata
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] add link to paper on SHA1 collisions for gpg
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] NFUs from Android advisories. Again there's a number of CVEs without references :-/
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Take python-django from dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-5188/e2fsprogs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14834/dnsmasq
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for python-django update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new firefox issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new firefox-esr issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14834/dnsmasq
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] firefox-esr issues for mfsa2020-02 fixed via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add additional hardening commit reference for CVE-2019-5188
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-4599-1 for wordpress
Sebastien Delafond
- [Git][security-tracker-team/security-tracker][master] firefox issues for mfsa2020-01 fixed via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS claim yara
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] dla: claim wordpress
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage firefox-esr for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-5188/e2fsprogs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: take firefox-esr and thunderbird
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Track fixes for CVE-2019-17023/nss
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2019-5188 in e2fsprogs for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add note regarding a possible regression in the handling of CVE-2015-1197 in cpio.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add upstream commit for CVE-2019-20160 and CVE-2019-20208
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add commits for CVE-2019-20170
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add upstream commit for CVE-2019-20170/gpac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Correct fixing version for CVE-2019-173{49,50}/xen
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixes for xen via unstable for issues tracked in #947944
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixing commit for CVE-2019-20169/gpac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track upstrema fixes for CVE-2019-2016{3,5,5,6,7,8}/gpac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track upstream commit for CVE-2019-20162/gpac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-14855/gnupg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixing commit for CVE-2019-20161/gpac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add upstream commit for CVE-2019-20159/gpac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-17670/wordpress as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-17026/firefox (mfsa2020-03)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-17026/firefox
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20367/libbsd
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-5202/apt-cacher-ng
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-1925 (NFU: Olingo)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add reference to commit for CVE-2020-5202/apt-cacher-ng
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 3 commits: Update old CVEs for phpmyadmin
William Desportes
- [Git][security-tracker-team/security-tracker][master] Revert "Update old CVEs for phpmyadmin"
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-5202 in apt-cacher-ng for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-17026/firefox-esr
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-17026/firefox
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-17023/nss
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-663{0,1}/gpac
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2020-6629/ming
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add some new CVEs for libredwg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] firefox DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] LTS claim transfig
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2061-1 for firefox-esr
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Track proposed update for fig2dev via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2062-1 for sa-exim
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-5188/e2fsprogs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] take xen
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Process one IBM specific NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-662{4,5}/jhead
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track CVE-2014-2686/ansible
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Expand TODO for CVE-2019-16773
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Expand TODO for CVE-2019-16788
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes for CVE-2019-1677{5,6,7}/npm via experimental
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] ldm DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add (not yet public) upstream issue for ldm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add reference to Debian BTS bug for ldm issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-6750/glib2.0
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug tracking information for CVE-2020-6750/glib2.0
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] ldm CVEfied
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new nginx issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] "new" thttpd issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-6750 in glib2.0 for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage ldm for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] e2fsprogs spu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2063-1 for debian-lan-config
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-20372/nginx
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2064-1 for ldm
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Update notes
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2019-20372 in nginx for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-1767/otrs2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Claim nss in dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-1766/otrs2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-1765/otrs2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-6162/bftpd (itp'ed)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-14834/dnsmasq as no-dsa for buster and stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2019-14834 in dnsmasq for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-1765, CVE-2020-1766 & CVE-2020-1767 in otrs2 in jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Revert "Triage CVE-2020-1765, CVE-2020-1766 & CVE-2020-1767 in otrs2 in jessie LTS."
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove two TODOs from now REJECTED gitlab duplicates
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla-needed: update notes on my claimed packages
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-6835/bftpd, itp'ed
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage otrs2 for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2019-19922/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-20372/nginx via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-68{38,39,40}/mruby, futher checks pending
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-2037{8,9}/gangla-web
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update severity for CVE-2019-20378 and CVE-2019-20379 in ganglia-web
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for ganglia-web issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] ldm removed from unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-17571,apache-log4j1.2: Remove EOL tag, link to patch
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add new thunderbird issues from mfsa2020-04
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add thunderbird to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed updates for nginx via {stretch,buster}-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-20367/libbsd as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-18609/librabbitmq via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-13508/freetds
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2019-20367 in libbsd for jessie LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Update old phpMyAdmin CVE entries
William Desportes
- [Git][security-tracker-team/security-tracker][master] Update status on CVE-2019-19242/sqlite3
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Revert "Update status on CVE-2019-19242/sqlite3"
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-19242/sqlite3
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19244/sqlite3 as no-dsa for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19603 as no-dsa for buster and stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2019-17571/apache-log4j1.2 via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19645/sqlite3 as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Fix formatting in dla-needed.txt
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-20218/sqlite3 as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-19880/sqlite3
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19923/sqlite3 as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19924/sqlite3 as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19925 as no-dsa for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19959/sqlite3 as no-dsa for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-5504/phpmyadmin as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-5504/phpmyadmin
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-16723/cacti: add followup patches
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-10094/tika as no-dsa for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-16723/cacti: one more followup patch...
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Fix typoed source package for mruby
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2065-1 for apache-log4j1.2
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] 4 commits: Update status for CVE-2019-19927/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2066-1 for gthumb
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Sync status for CVE-2019-19447/linux with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Correct version for gthumb (missing epoch)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-6860/libmysofa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-6851/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process one new NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim otrs2
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] new linux/ashmem issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Associate CVE-2019-14607 with change from 2019-11-15 microcode release
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-5390/python-pysaml2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] axtls entered the archive, move from itp status to unfixed for further checks
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Three CVEs for axtls fixed before initial upload to archive
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2019-20043, CVE-2019-20042, CVE-2019-20041, CVE-2019-17674, CVE-2019-17672, CVE...
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-6832/gitlab
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19336 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14868/ksh
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] fix status of two CVE IDs for buster
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2067-1 for wordpress
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Disassociate one CVE ID with src:xen
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add one ancient CVE for Mozilla Firefox
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed fix for CVE-2019-14062/libidn
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14615/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] add one more CVE ID to Xen DSA 4201
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-12399/kafka
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] TUF is ITPd
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new Java issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new virtualbox issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new mysql issues, mariadb TBD
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track fixes for openjdk-11 via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add additional advisory reference for MySQL issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7053/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: take openjdk-7
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-7053/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] vbox fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-14868/ksh
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] mesa fixed in sid a while ago
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2019-5068/mesa was already fixed in earlier version based on 19.2.x
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: claim tomcat7
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-14868/ksh via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2016-10894/xtrlock as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: apo tells me he's working on tomcat7, transfering
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Process many Oracle specific CVEs as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2015-1850 was REJECTED and withdrawn by the assigning CNA
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-2224 was REJECTED (duplicate of CVE-2019-15140)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track one ancient CVE for linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Move two NFUs to src:systrace
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7058/cacti
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Correct status on CVE-2019-12111/miniupnpd for stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-11751/puppet
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove information from CVE-2016-1000022 (duplicate of CVE-2016-10539)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: claim gpac
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] puppet confirmed/no-dsa
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-17570/libxmlrpc3-java
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7039/libslirp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS/update note and disclaim squid3
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] LTS/claim tigervnc
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] LTS/remove tigervnc; it does not exist in jessie; not sure why it was added in the first place
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-7039/libslirp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-7039/slirp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-17570/libxmlrpc3-java
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] gpac: precise triage
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7045/wireshark
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7044/wireshark
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Update information on CVE-2019-20159
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-18282/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reorganize next-point-update file
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-20164
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Claim libxmlrpc3-java in dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Reference correct commit for CVE-2019-20168
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 4 commits: Update to unaliased entry for reference
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed fixes for xtrlock via {stretch,buster}-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed update for node-kind-of via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add fixed versions via unstable for CVE-2019-1972{7,8}/slurm-llnl
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-1701 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add a reference to upstream commit in CVE-2020-7107 for cacti.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] openjdk-13 fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2020-7039/libslirp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2068-1 for linux
Ben Hutchings
- [Git][security-tracker-team/security-tracker][master] gpac: more triaging
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Drop one CVE from DLA-2068-1
Ben Hutchings
- [Git][security-tracker-team/security-tracker][master] Sync CVE-2019-18675/linux with kernel-sec triage
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync CVE-2019-18282 with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync CVE-2019-14615 with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: Tag CVE-2018-11751 to be ignord for puppet/jessie. Too invasive...
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Update entries for CVE-2019-20168 and CVE-2019-20169
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-1699/ceph
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-1699/ceph
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Update note for xerces-c.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reference commit for CVE-2019-9278/libexif
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-17361/salt
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-17361
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add openconnect to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2069-1 for cacti
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-4604-1 for cacti
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Add openjpeg and claim it.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Fix src:pkg name (openjpeg -> openjpeg2).
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add suricata and claim it.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Add hiredis.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Add ksh; to tell if affected, it needs someone to look into it in more detail.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add qemu.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add salt, maybe affected, needs testing
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: Mark wireshark/jessie as <not-affected> by CVE-2020-7045.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Drop x2goclient, see DLA 2038-2.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add wordpress (for deeper triaging)
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] DSA-4604-1: Do not list CVE-2019-16723 and CVE-2019-17357
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-1699/ceph
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2070-1 for ruby-excon
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Mark tigervnc issues as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-7227 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-16779/ruby-excon via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Claim qemu
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim python-pysaml2
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Several CVEs for chromium fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim hiredis.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Claim ruby-rack-cors
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Sync CVEs for linux with kernel-sec for fixes via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Submitted upstream patch for CVE-2020-7105 in hiredis.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-7044/wireshark via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-7106/cacti: add followup patch
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add note for qemu
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-5390/python-pysaml2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-6860/libmysofa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Concluded that the mentioned code is in place for jessie but the vulnerability...
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Update note for yara
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] Noted that all open CVEs on ansible are marked as no-dsa for Buster and...
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] CVE--2019-1020001/yard fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] openjdk-11 DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Remove one uneeded note, this was already covered in the bug
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Update note for transfig
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] Mark jessie as not-affected for some CVE of transfig
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] Add https://github.com/redis/hiredis/issues/751 as an additional reference for CVE-2020-7105.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Update CVE-2019-14868/ksh
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Revert "Mark jessie as not-affected for some CVE of transfig"
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2017-11107/phpldapadmin via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync DSA release date
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2071-1 for thunderbird
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert
- [Git][security-tracker-team/security-tracker][master] CVE-2020-6630,CVE-2020-6631/gpac: jessie triage
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2072-1 for gpac
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] new python-apt issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] wpa ospu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] DLA-2072-1: fix fixed CVEs
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] add python-apt
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reference commits for CVE-2019-1579{5,6}/python-apt
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2019-5477/rexical
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7040/storebackup
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-7040/storebackup
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7211/libslirp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add and claim storebackup
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-18899/apt-cacher-ng
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] still working on tomcat8 in jessie
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for openconnect update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Added information about the squid3 patch analysis made.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] Reference commit for CVE-2017-11692 as applied upstream
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-16239/openconnect
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track pending CVEs for linux via stretch-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-18932/sarg
Henri Salo
- [Git][security-tracker-team/security-tracker][master] Some more CVE fixes were cherry-picked for 4.9.210-1 upload
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14888/undertow
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add note on sarg-reports using mktemp in own Debian shipped version
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7237/cacti
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20386/systemd
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-19344/samba
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14907/samba
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-14902/samba
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-18848/ruby-json-jwt via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark samba issues as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add (temporary) note for CVE-2018-16301
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-19886/modsecurity
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add samba and cacti
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] npm uploaded to unstable as 6.13.4+ds-2 (fixing CVE-2019-1677{5,6,7})
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] mesa spu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2073-1 for transig
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] dla-needed: Remove transfig, see DLA-2073-1
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] tiff DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed: unclaim yara for now
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] first steps at libstb triage
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Further libstb triage
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2019-14939/node-mysql fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track two ancient Mozilla Firefox issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7595/libxml2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20388/libxml2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug reference for CVE-2020-7595/libxml2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Take over claim of src:cacti in dla-needed.txt
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] u-boot fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] more u-boot fixes
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] icedtea-web commit refs
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20387/libsolv
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-12290/libidn2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-20387/libsolv
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla-needed: claim python-apt
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-16792/waitress
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Correct name for transfig
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] Add note on libidn2 in dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] netkit-telnet not affected by CVE-2019-0053, code is different
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19601/texlive-bin as unimprtant
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-7106/cacti: postponed in stretch & buster
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add new libyang issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Update note for hiredis.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2019-16792 as no-dsa for jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 3 commits: Update PR link for CVE-2020-7105 in hiredis.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2020-0001
Alberto Garcia
- [Git][security-tracker-team/security-tracker][master] CVE-2010-3295 got REJECTED (not a security issue)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for modsecurity issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-18222/mbedtls
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2014-2680/xmind
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2074-1 for python-apt
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] LTS/claim samba in dla-needed.txt
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] python-apt DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-9278/libexif via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] more bugs for stb code copies
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2020-6851/openjpeg2: add upstream fix
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] dla-needed: claim xerces-c
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add ancient CVE-2016-4761
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-1711/qemu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-1711/qemu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2018-20505 as not affected for Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] CVE-2019-17627/python-reportlab: add upstream fix
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Two CVEs initially for vlc were REJECTED (no security issue)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2014-3606 was withdrawn because there is no security impact
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-522{5,6}/simplesamlphp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] mark CVE-2019-9937 as not-affected for Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2020-5225 as no-dsa for Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-7039/slirp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2019-17570/libxmlrpc3-java
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-20386/systemd as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-3686/openqa (itp'ed)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-5217/ruby-secure-headers
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-5216/ruby-secure-headers
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-16791/postfix-mta-sts-resolver
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-0542/node-xterm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2012-5340/mupdf
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2015-8549/pyamf
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] inetutils fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] various spu/opsu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] remove reference to rejected ID
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Revert "remove reference to rejected ID"
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7981/ruby-geocoder
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-7981/ruby-geocoder
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Resort entries for linux down the list for the next commit
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 3 commits: update note
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2076-1 for slirp
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2019-19344 does not affect samba in jessie
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-4303 will be fixed
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2077-1 for tomcat7
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: Update status of nss in dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2079-1 for otrs2
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Add tracking of CVE-2019-18277/haproxy update via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-799{4,5,6}/dolibarr
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20422/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-20218 CVE-2019-19645 CVE-2019-19603 as no-dsa for Jessie
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2019-18932/sarg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla-needed: update notes for clamav, python-reportlab and xcftools
Hugo Lefeuvre
- [Git][security-tracker-team/security-tracker][master] Add a missing timestamp
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] The followup patches to cacti are not applicable to the version of cacti in...
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] libapache2-mod-auth-mellon fixed in sid
Thijs Kinkhorst
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-8003/virglrenderer
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-8002/virglrenderer
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-800{2,3}/virglrenderer
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-19921/runc
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-13508/freetds as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed fix for freetds via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Otrs2 is in non-free and not in packages to support list, marking the CVEs as unsupported.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] Revert "Otrs2 is in non-free and not in packages to support list, marking the CVEs as unsupported."
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: claim libsolv.
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: socks4-server removed
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process CVE-2020-7952 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2081-1 for openjpeg2
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] exiv2 fixes
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] more exiv2 fixes
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-17626/python-reportlab
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process some IBM specific CVEs as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-8086/prosody-modules
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-8086/prosody-modules
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2082-1 for unzip
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-7039/slrip
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove one no-dsa tagged entry which got an update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new linux issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add upstream reference for CVE-2020-8315
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync status for CVE-2020-8428 with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7247/opensmtpd
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add opensmtpd to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reference commits/patches for CVE-2020-7247/opensmtpd
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-18222/mbedtls
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track MariaDB as well for CVE-2020-2574
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new nethack issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-4610-1
Alberto Garcia
- [Git][security-tracker-team/security-tracker][master] Update notes for CVE-2020-7105 in src:hiredis.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2083-1 for libhiredis
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Correct name of "hiredis" source package.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] CVE-2020-7105/hiredis fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] exiv2 fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] opensmtpd DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 3 commits: Mark nethack as eol.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] Java libxmlrpc3 needs to be updated.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] nethack bugs unimportant
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add prosody-modules to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-8432/u-boot
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-17361/salt fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add qemu to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-5215/tensorflow
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add references for gitlab release from 2019/09/30 (Some CVEs assigned)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Cleanup some trailing whitespaces
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-15590/gitlab
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-1940 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-20421/exiv2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2020-8112/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-20421/exiv2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-8112/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2084-1 for graphicsmagick
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 2 commits: Jessie only CVEs have been fixed
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 2 commits: Jessie only CVE has been fixed
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] update stretch version for opensmtpd
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] add stub entry for second opensmtpd issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add further note on CVE-2020-7247/opensmtpd
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for opensmtpd issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7238/netty
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-1930/spamassassin, CVE-2020-1931/spamassassin
Henri Salo
- [Git][security-tracker-team/security-tracker][master] Remove CVE-2019-17026 listing for DLA-2061-1
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 3 commits: Remove TODO item CVE-2020-1930 and CVE-2020-1931 (checked)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add spamassassin to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new ossec-hids issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-0569 initial tracking (more work needed)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2020-0570/qtbase-opensource-src
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Adjust tracking of CVE-2019-9143 and CVE-2019-9144
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-20421/exiv2 via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2018-19607/exiv2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2018-18915/exiv2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2018-5772/exiv2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update tracking for issues for exiv2 tracked in #868578
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2017-14858/exiv2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS/claim libxmlrpc3-java in dla-needed.txt
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] qt update
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2087-1 for suricata
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] Remove qtbase-opensource-src-gles from affected versions, thanks to lisandro
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-0569/qt4-x11 as well
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Revert "Add CVE-2020-0569/qt4-x11 as well"
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2088-1 for libsolv
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: re-add openjpeg2 and claim it
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-20387/libsolv
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-20387/libsolv as no-dsa for buster and stretch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-193{0,1}/spamassassin
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-193{0,1}/spamassassin
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-0569 and CVE-2020-0570
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-8492/python*
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add JetBrains specific NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-12290/libidn2 as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track some italc issues as not-affected as the incomplete fixes not applied
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-3016/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-18634/sudo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-05{69,70}/qtbase-opensource-src
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS/remove libxmlrpc3-java from dla-needed.txt; it has already been completed
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2089-1 for openjpeg2
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] Add upstream reference for CVE-2019-18634
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker] Pushed new branch users/roberto/rmadison_review-update-needed
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2090-1 for qemu
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Re-add qemu for CVE-2020-1711
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Safest to fix.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] To fix spamassassin.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] Reference commit for CVE-2019-19797
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] Just thunderbird was fixed it looks like.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] dla-needed: claim sudo
Dylan Aïssi
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim spamassassin
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: add qtbase-opensource-src and claim it
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: hiredis fixed in DLA-2083-1.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Take care of releasing DSA for spamassassin as prepared by noahm
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add sudo to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2018-17229 and CVE-2018-17230 in exiv2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2018-14046/exiv2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Four more CVEs for exiv2 were affecting only experimental
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: mark qtbase-opensource-src/jessie as not affected by CVE-2020-0570
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Add MR URL for qtbase-opensource-src.
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Update comments for spamassassin
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim salt
Mike Gabriel
- [Git][security-tracker-team/security-tracker][master] dla: take firefox-esr
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] storebackup no-dsa
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-18634/sudo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 4 commits: Tagged CVE-2020-8432 as ignored in jessie for u-boot following decision for stretch.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] CVE-2020-8492: Group entries by source packages
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-18634/sudo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Fix typo in NOTE
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2019-18634: Add additional note on the 1.8.26 change for sudo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7919/golang
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-18634/sudo as no-dsa for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2091-1 for libjackson-json-java
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] prosody-modules DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for libidn2 update
Salvatore Bonaccorso
Last message date:
Fri Jan 31 23:01:21 GMT 2020
Archived on: Fri Jan 31 23:01:25 GMT 2020
This archive was generated by
Pipermail 0.09 (Mailman edition).