January 2021 Archives by thread
Starting: Fri Jan 1 06:57:56 GMT 2021
Ending: Sun Jan 31 22:05:15 GMT 2021
Messages: 675
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for p11-kit update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35507/binutils
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35496/binutils
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35920/rust-socket2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-3590{6,7}/rust-futures-task
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process more rust crate NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35904/rust-crossbeam-channel
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process more NFUs (rust crates)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35875
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35863/rust-hyper
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-35861/rust-bumpalo assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-25010
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-26247/ruby-nokogiri
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] chromium, influxdb DSAs
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Remove TODO from CVE-2019-25010/rust-failure
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-6097/atftp via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] cairo fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-2500{8,9}/rust-http
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-25001/rust-serde-cbor
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2017-3224: Track fix in frr
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Ignore CVE-2016-7964/dokuwiki for bullseye
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-8184/ruby-rack via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-10744/ansible
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] ruby-faye fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new pure-ftpd "issue", NFU
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add note for CVE-2020-35359
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dwarves-dfsg embeds libbpf
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Removed a note that has been clarified and hopefully clarified a note from Adrian.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-29562/glibc via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track fixed versions for f2fs-tools issues via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark f2fs-tools issues as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35964/ffmpeg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-26939/bouncycastle as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add libxstream-java for review
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-25638,libhibernate3-java: Fixed in unstable
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Claim snapd
Brian May
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: update note
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2513-1 for p11-kit
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2514-1 for flac
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] CVE-2017-6888: Remove no-dsa for stretch
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] Add note in dla-needed.txt
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-28052/bouncycastle
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] update notes
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35965/ffmpeg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2020-26247 in ruby-nokogiri for stretch LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim csync2.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-25713/raptor2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Take wavpack
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2019-12953/dropbear as postponed for stretch
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage cairo for stretch LTS (CVE-2020-35492).
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen
- [Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: Triage qemu for stretch LTS (CVE-2020-11947).
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] dovecot: Add CVE-2020-24386 and CVE-2020-25275
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add dovecot to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add upstream commits for dovecot issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: claim qemu
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for dovecot update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-29599/imagemagick: fix IM6 patch list
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] dla: update imagemagick status
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2515-1 for csync2
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2516-1 for gssproxy
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] CVE-2020-11947/qemu was fixed with 1:2.8+dfsg-6+deb9u10
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-25013/glibc
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-25013/glibc
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove note from CVE-2020-35194 (duplicate of CVE-2019-5021)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove note from CVE-2020-35188 (duplicate of CVE-2019-5021)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remote note from CVE-2020-29589 (duplicate of CVE-2019-5021)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Some updates on golang issues.
Ola Lundqvist
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35508/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-36158/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2019-25013/glibc via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new nodejs issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add references to upstream commits for 10.23.1 fixed for nodejs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] update on Intel Bluebooth firmware issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2020-8265 & CVE-2020-8287 in nodejs for stretch LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage python-autobahn for stretch LTS (CVE-2020-35678).
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-1751{8,9} as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim python-autobahn
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] remove obsolete TODO
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new linux issue, NFUs from Pixel advisory
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Sync version information for CVE-2021-0342 with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync stretch status for CVE-2021-0342
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-0323
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2517-1 for dovecot
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2518-1 for cairo
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-12658/gssproxy as unimportant
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for dovecot issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for nodejs issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for regression update for minidlna
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35652/asterisk
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-35681: Correct temporary description missing word
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-35681: Add upstream commit to adress issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35681/python-django-channels
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] LTS: re-claim shiro in dla-needed.txt
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-35681/python-django-channels
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove note from CVE-2020-1674
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new libjboss-remoting-java (removed), concludes external check
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-35679 in opensmtpd for stretch LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-35680 in opensmtpd for stretch LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] new rust-kamadak-exif (might not affect stale Debian versions)
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track fix via experimental for CVE-2019-18900/libzypp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-16044/firefox{,-esr}
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Remove "check" item for libxstream-java, acked
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags from pacemaker/stretch.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-36177/wolfssl
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] nodejs security update
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Claim golang-websocket
Brian May
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2520-1 for golang-websocket
Brian May
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-16044/firefox via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2020-16044/firefox-esr
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new chromium CVEs from January 6, 2021 advisory (fixed in 87.0.4280.141)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fix for CVE-2019-18900/libzypp via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35509, NFU (Keycloak)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35512/dbus
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] stable triage
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2020-16598
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update some jackson-databind issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage firefox-esr for stretch LTS (CVE-2020-16044).
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-26263 in tlslite-ng for stretch LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] dla: take firefox-esr
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Remove merge commit reference for CVE-2020-36177
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for new chromium round of CVEs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-36177/wolfssl
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-28208 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] firefox DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] xstream DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] For fixing CVE-2020-35678, python-autobahn need python-hyperlink
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-7071/php
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-36179 → CVE-2020-36189 in jackson-databind for stretch LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2521-1 for firefox-esr
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] lts: drop tzdata
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] 2 commits: lts: CVE-2020-27748/xdg-utils postponed on stretch
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] golang-github-buger-jsonparser fixed
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track embeded copy of libbpf in bpfcc
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track two gitlab CVEs from the Jan 7, 2021 release
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-15216 fixed in unstable with version 1.1.0-1
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] CVE-2017-12670/imagemagick: stretch ignored
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-2885{1,2}/golang-golang-x-text
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2017-14528/imagemagick: reference patch
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-21236/cairosvg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-26664/vlc
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-21236/cairosvg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes via unstable for CVE-2020-769{4,5}/python-uvicorn
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove TODO from vlc issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-29657/iotjs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-3681/osc
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-28468 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-36158 via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new nvidia issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for nvidia-graphics-drivers-tesla-450 issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for CVE‑2021‑1056/nvidia-graphics-drivers-tesla-440
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for CVE‑2021‑1056/nvidia-graphics-drivers-tesla-418
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for CVE-2021-1056/nvidia-graphics-drivers-legacy-390xx
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2021-1056/nvidia-graphics-drivers-legacy-390xx fixed n unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-1056/nvidia-graphics-drivers-legacy-390xx as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-1056 as no-dsa for buster packages
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for CVE-201-1056/nvidia-graphics-drivers-legacy-340xx
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-82{65,87}/nodejs via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track experimental fix for CVE-2018-11255/libpodofo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update list of commits for CVE-2020-35738
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Cleanup some trailing whitespaces
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2021-1056 in nvidia-graphics-drivers &...
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2020-7071 in php7.0 for stretch LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2020-26664 in vlc for stretch LTS.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] libetpan fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issues in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] libspring-java fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Update status of ansible in dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] record sid fixes for sane-backends
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] update CVE-2020-36067 CVE-2020-36066 CVE-2020-35380 with fixed version
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] update CVE-2020-25614 with fixed version
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2020-26262/coturn
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for coturn update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-27756/imagemagick: stretch not-affected
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] CVE-2020-29599/imagemagick: tidy patches
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-23{39,40}/sudo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add upstream reference for CVE-2021-23240
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Duplicate patch references. According to https://bugzilla.redhat.com/show_bug.cgi?id=1886359 ,
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Revert "Duplicate patch references. According to...
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35701/cacti
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2017-12670/imagemagick: reference fix
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-17977/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2021-232{39,40}/sudo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for two imagemagick issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-20178/ansible
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-20177/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35514 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2020-26262/coturn
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2522-1 for coturn
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] new rust-smallvec issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35458/hawk
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35459/crmsh
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add upstream reference for CVE-2021-20178
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2523-1 for imagemagick
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] libpodofo fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35701/cacti
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35965/ffmpeg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35964/ffmpeg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for golang-golang-x-text issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-28374/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-28374
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-28374/tcmu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2020-3596{4,5}/ffmpeg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-7071/php8.0 fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update snapd status
Brian May
- [Git][security-tracker-team/security-tracker][master] Claim ruby-actionpack-page-caching
Brian May
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-20177 with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2524-1 for spice-vdagent
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim f2fs-tools
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Remove no-dsa tag from spice-vdagent entry which got an update in DLA-2524-1
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-3565{3,4,5}/pillow
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-28374: add URL for tcmu-runner patch
Sebastien Delafond
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add reference for CVE-2020-28374
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2020-8842
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new redcarpet issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] dla: claim golang-1.7
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Track proposed update for libmaxminddb via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update notes on CVE-2020-28374/tcmu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for CVE-2020-26298/ruby-redcarpet
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-23240/sudo as unimportant
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] track CVE-2020-16044 for thunderbird
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-23239/sudo as no-dsa for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] one hylafax issue n/a in Debian
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] MITRE assigned separate CVE for tcmu issue (related to CVE-2020-28374)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-24027/liblivemedia
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Wrap note for CVE-2020-24027
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-26298/ruby-redcarpet via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-27827/lldpd
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-23926/xmlbeans
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new flatpak issue
Salvatore Bonaccorso
- Processing 6206ee83a4b18916a6f0a82d0c4f9e411838b4f3 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] shaarli back in the archive
Moritz Muehlenhoff
- Processing c3debb53429e8f1eeae490c13a773524a47c6ac7 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Remove shaarli from removed packages list since reintruduced in one suite
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dwarves-dfsg/1.18-1 used system provided libbpf
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track embedded copy of libbpf in v4l-utils
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] flatpak issue (GHSA-4ppf-fxf6-vxg2) fixed via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Strip no-dsa tags for wavpack for jessie
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] CVE-2020-29509,CVE-2020-29510,CVE-2020-29511/golang-1.7,golang-1.8: stretch ignored
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] CVE-2020-35701/cacti: stretch not-affected
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Sync list of commits for flatpak issues with maintainer
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] flatpak DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2021-21261/flatpak assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-27827: Add openvswitch as the CVE was assigned for both products
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-27827: Reference commit for ovs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add ruby-redcarpet to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] lldpd: Replace original project links with current location
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add openvswitch information for CVE-2015-8011
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-27827/openvswitch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] nvidida-graphics-drivers fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-27827/openvswitch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-22132/elasticsearch
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] hylafax fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: Strip no-dsa tags for wavpack for stretch
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] 3 commits: lts: CVE-2020-16044/thunderbird postponed in stretch
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2526-1 for ruby-redcarpet
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] CVE-2021-21236/cairosvg n/a in buster & stretch
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-4831-1 for ruby-redcarpet
Sebastien Delafond
- [Git][security-tracker-team/security-tracker][master] Add openvswitch for dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2013-1053 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-6572/chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-28928/musl via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add reference to upstream issue for CVE-2021-21241
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-21241/flask-security as not-affected for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-21241/flask-security
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35733/erlang
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update references for CVE-2020-14343/pyyaml
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35733/erlang
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-35733/erlang via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add temporary entry for php-laravel-framework issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-26247/ruby-nokogiri via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-24122/tomcat
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for chromium update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] thunderbird fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] dla-needed: Remove qemu, everything postponed
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2020-35652/asterisk
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-35652/asterisk as no-dsa for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] dla: update status
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2527-1 for snapd
Brian May
- [Git][security-tracker-team/security-tracker][master] Update status on two unimportant liblnk issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-35701/cacti via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-35701: Add information on fixing commit
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-20191/ansible
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-20180/ansible
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add gst-plugins-bad1.0 issue for tracking (CVE assignment pending)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-7071/php7.4 fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2021-21236/cairosvg
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] lts: reclaim ceph
Emilio Pozuelo Monfort
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-3139/tcmu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-35176/awstats: reference sanctioned patch
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] jackson-databind fixed in sid (first batch)
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2021-23239 as no-dsa for Stretch
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] add dbus
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] more jackson-databind fixes
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] vlc fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] reclaim opendmarc
Abhijith PA
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2021-20180/ansible
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2021-20191/ansible
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add gst-plugins-bad1.0 to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] pillow triage
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] take openvswitch, gst-plugins
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-26237 as no-dsa for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] gst-plugins-bad1.0 DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2528-1 for gst-plugins-bad1.0
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] gst-plugin-bad1.0: Add stretch version
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-36193/php-pear
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-29443/qemu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-16255/owncloud
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-20190/jackson-databind
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] NFU, concludes external check
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3178/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new dnsmasq issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-3178/linux as unimportant
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add upstream commits for CVE-2020-2568{1,2,3,4,5,6,7}/dnsmasq
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] pillow: stretch triage
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] apache-log4j2 fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] golang-golang-x-text fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] CVE-2021-1056 spu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3181/mutt
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add mutt to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-20193/tar
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35518/389-ds-base
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-1725 and CVE-2020-14359 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-20193/tar
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2021-21263/php-laravel-framework assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-11997
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] tar non issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-144{09,10}/tar
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new chromium issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new node-socket.io-parser, git-big-picture, gitlab issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new virtualbox, phpmyadmin issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new mysql issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: add dnsmasq
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Take dnsmasq
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] CVE-2021-3185/gst-plugins-bad1.0 assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for chromium
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2020-28374
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new bottle issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2529-1 for mutt
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3177/python
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2021-3177/python3.9 addressed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3188/phplist
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process some Cisco specific NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] add oss-sec reference for CVE-2021-3185
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] NFU (Concludes external check)
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add dnsmasq to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new golang-gogoprotobuf issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Associate CVE-2020-35239 with cakephp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new xen issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] dla: drop php-horde-trean
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: claim spotweb
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Claim drupal7 in dla-needed.txt
Gunnar Wolf
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2530-1 for drupal7
Gunnar Wolf
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track drupal7 for CVE-2020-36193 (sa-core-2021-001)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3195/bitcoin
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-2123{8,9}/python-pysaml2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-21239/python-pysaml2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-21238/python-pysaml2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-35701/cacti as no-dsa
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add flatpak to dsa needed list for regression update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] add reference for CVE-2021-21261
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track fixed version for chromium via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3114/go tracking
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-35518/389-ds-base
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add note for CVE-2020-35518/389-ds-base
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] spring no longer embeds squish
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2020-0487 (now rejected by its CNA)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] nvidia-graphics-drivers-tesla-418 fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new qemu issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: drop reel (support-ended, cf. debian-lts@)
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] openvswitch, vlc, tomcat9 DSAs
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add patch data for CVE-2021-21252 - phpMyadmin
William Desportes
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-35518/389-ds-base
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update affected status for CVE-2020-35517
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add temporary description for CVE-2020-35517
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35517/qemu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2021-25900/rust-smallvec assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2021-3114/golang-1.15
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2020-13867/targetcli-fb
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA for flatpak regression update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-35239/cakephp
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 6 commits: add python-pysaml2
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] 4 commits: add xmlbeans
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] nothing todo for Stretch
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] LTS: claim xmlbeans and ffmpeg in dla-needed.txt
Roberto C. Sánchez
- Processing 9b275115675627a925e6f08f72bc67020e775258 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] guix entered the archive, move from itp status to unfixed for further checks
László Böszörményi
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3115/golang*
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-18192/guix via unstable
László Böszörményi
- Processing edb5621f4e891b24df446a0f3a0d1cf4a57528e8 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2017-1000455/guix
Salvatore Bonaccorso
- Processing 6aed66f4cd92e8641b5a01fdfa8e19154214b295 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] 3 commits: Reference upstream commit for CVE-2019-18192
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Sync status for CVE-2020-27825 with kernel-sec
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: add python-bottle
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Track proposed update for cacti via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: add crmsh
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Take python-bottle
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Track proposed update for highlight.js via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-21252/phpmyadmin
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-21252 also affects civicrm and otrs2
David Prévot
- [Git][security-tracker-team/security-tracker][master] Update fixed version for CVE-2021-21263/php-laravel-framework (upstream messed...
David Prévot
- [Git][security-tracker-team/security-tracker][master] Revert "Update fixed version for CVE-2021-21263/php-laravel-framework...
David Prévot
- [Git][security-tracker-team/security-tracker][master] Add upstream commit for CVE-2020-28473
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim crmsh.
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for salt
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve followup DSA number for gst-plugins-bad1.0
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed update for atftp via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track proposed update for CVE-2021-1056/nvidia-graphics-drivers via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Cleanup additional whitespace
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2531-1 for python-bottle
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] CVE-2020-28362 not affected golang-1.11
Shengjing Zhu
- Processing aa6460056cc2aa9bf65dc8e302605c806329fdfc failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Fix typo in last commit
Shengjing Zhu
- [Git][security-tracker-team/security-tracker][master] CVE-2021-3181/mutt fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-28362
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2021-3286 assigned for incomplete fix for CVE-2020-35545
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] Track proposed intel-microcode update via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-20196/qemu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-25014 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes for mysql-8.0 via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Claim dnsmasq
Sebastien Delafond
- [Git][security-tracker-team/security-tracker][master] new python-clickhouse-driver issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add new openldap issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add clarifying note why three CVEs are related but got different CVEs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add openldap to dsa-needed list
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2532-1 for debian-security-support
Holger Levsen
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2533-1 for crmsh
Chris Lamb
- [Git][security-tracker-team/security-tracker][master] Track fixed version for nvidia-graphics-drivers-tesla-450 issues in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on xen issue XSA-360
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-23901 as NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for xen issue (XSA-360)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-17522
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-35513/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for mutt update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed issues for dovecot via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2021-0308/gdisk
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-0256/gdisk
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2020-27782
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new firefox-esr issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new firefox issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: Triage firefox-esr for stretch
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Triage openldap for stretch
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] 2 commits: Triage libdatetime-timezone-perl for stretch
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-21252/phpmyadmin as no-dsa for stretch
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-20196/qemu as postponed for stretch
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-9492/hadoop
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2021-3156/sudo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DSA for sudo
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add reference for CVE-2021-3156
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA number for sudo update
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2021-3156/sudo via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Qualys report from oss-security
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2020-0256 and CVE-2021-0308 fixed in unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-20196/qemu as no-dsa/postponed for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Process two NFUs
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE assigned for xen (XSA-360)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixes from mfsa2021-04 for firefox-esr via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track firefox fixes via unstable for mfsa2021-03
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-20197/binutils
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fix for CVE-2021-20197 via experimental
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new ckeditor, rust-xcb issues
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] new glibc issue
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: spotweb: postponed
Sylvain Beucler
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for glibc issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for mysql-5.7 issues from January 2021 CPU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for glibc issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-12973/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-15389/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-27814
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-27823/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-27824/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-27841/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-27844/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-27845/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-6851/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-8112/openjpeg2
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Correct status of CVE-2019-14864 and CVE-2019-14858,ansible,stretch.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] CVE-2020-10684,ansible: Stretch is not affected
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] remove some no-dsa entries which will be fixed in a DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2535-1 for ansible
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: Readd ansible to dla-needed.txt
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] firefox, slurm DSAs
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] gogoprotobuf fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-2531{1,2}/condor
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2021-3326/glibc assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Fix data/DLA/list. CVE-2019-10206 has not been fixed yet.
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2020-36177/wolfssl
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-8295
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-3326/glibc as no-dsa for stretch
Utkarsh Gupta
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-23361/phplist
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] docker.io n/a
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Track proposed update for python-bottle via buster-pu
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] cairo spu
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-26118
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-26117/activemq
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add new moodle issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-24025/node-node-sass
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3336/wolfssl
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-25016/doas (itp'ed)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add some new mantis issues
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3347/linux
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] new libgcrypt issue (experimental only)
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] one libonig issue was retracted
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Add references for libgcrypt20 issue
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update version for CVE-2019-15132
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] CVE-2021-3345/libgcrypt20 assigned
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixing commit for CVE-2021-3345
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-3298/collabtive
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] give back openjpeg2
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] dla: claim openjpeg2
Adrian Bunk
- [Git][security-tracker-team/security-tracker][master] Track Debian BTS bug for CVE-2021-3345
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add fixed version for thunderbird via unstable (mfsa2021-05)
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Track fixed version via experimental for CVE-2021-3345
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-25646/druid
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Update fixed version for CVE-2020-29652
Shengjing Zhu
- [Git][security-tracker-team/security-tracker][master] CVE-2020-29652 not affected in buster
Shengjing Zhu
- [Git][security-tracker-team/security-tracker][master] Track fixed CVEs for linux/5.10.12-1 via unstable
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2431-2 for libonig
Markus Koschany
- [Git][security-tracker-team/security-tracker][master] 2 commits: several CVEs fixed for libsdl2 in recent upload
Thorsten Alteholz
- [Git][security-tracker-team/security-tracker][master] LTS: CVE-2019-17539/ffmpeg remove <postponed> tag, will be fixed
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] LTS: CVE-2020-35964/ffmpeg mark as <not-affected> for stretch
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2537-1 for ffmpeg
Roberto C. Sánchez
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-24027 as no-dsa for buster
Salvatore Bonaccorso
- [Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] tika fixed in sid
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] rust-linked-hash-map fixed in sid
Moritz Muehlenhoff
- Processing 8762cf9e8cdeeae9e5b33e2887a0a6a98841196f failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] fix entry
Moritz Muehlenhoff
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-2538-1 for mariadb-10.1
Adrian Bunk
Last message date:
Sun Jan 31 22:05:15 GMT 2021
Archived on: Sun Jan 31 22:05:18 GMT 2021
This archive was generated by
Pipermail 0.09 (Mailman edition).