[Git][security-tracker-team/security-tracker][fix_987283] 466 commits: automatic update
Anton Gladky (@gladk)
gladk at debian.org
Tue Aug 16 21:59:46 BST 2022
Anton Gladky pushed to branch fix_987283 at Debian Security Tracker / security-tracker
Commits:
ea8c7130 by security tracker role at 2022-07-29T20:10:27+00:00
automatic update
- - - - -
f6fab6fc by Moritz Muehlenhoff at 2022-07-29T22:33:22+02:00
NFU
- - - - -
a7d4bb34 by Moritz Muehlenhoff at 2022-07-29T22:36:15+02:00
NFUs
- - - - -
a139145a by Moritz Muehlenhoff at 2022-07-30T00:13:58+02:00
buster/bullseye triage
- - - - -
1ceb9248 by Moritz Mühlenhoff at 2022-07-30T00:15:51+02:00
bugnums
- - - - -
0b346db6 by security tracker role at 2022-07-30T08:10:11+00:00
automatic update
- - - - -
681aaa44 by Moritz Muehlenhoff at 2022-07-30T19:56:52+02:00
one thunderbird issue n/a for buster/bullseye
- - - - -
1e166f04 by Moritz Mühlenhoff at 2022-07-30T20:05:18+02:00
thunderbird DSA
- - - - -
5ca88a70 by Moritz Mühlenhoff at 2022-07-30T20:15:40+02:00
asterisk fixed in sid
dovecot no-dsa
- - - - -
e8dd22c6 by security tracker role at 2022-07-30T20:10:16+00:00
automatic update
- - - - -
f3e3e34a by Salvatore Bonaccorso at 2022-07-31T10:00:36+02:00
Revert "Link to GitHub advisory search for CVEs"
This reverts commit 0f210141afc8bc4666084987ed9b52ae924b2a58.
Since !72 existed. We will merge that one instread.
- - - - -
4b514d07 by security tracker role at 2022-07-31T08:10:12+00:00
automatic update
- - - - -
7748301c by Salvatore Bonaccorso at 2022-07-31T10:43:12+02:00
Update information for CVE-2022-21505/linux
- - - - -
4c362427 by Salvatore Bonaccorso at 2022-07-31T10:44:19+02:00
Process some NFUs
- - - - -
ddf59a80 by Salvatore Bonaccorso at 2022-07-31T10:51:18+02:00
Reference upstream commits for CVE-2021-33655
- - - - -
dddb3f96 by Salvatore Bonaccorso at 2022-07-31T10:54:04+02:00
Mark CVE-2021-33656 as fixed in linux/5.10.127-1 for bullseye
- - - - -
a104a407 by Salvatore Bonaccorso at 2022-07-31T11:02:59+02:00
Update information for CVE-2020-36557/linux
- - - - -
f3aa373a by Salvatore Bonaccorso at 2022-07-31T11:05:19+02:00
Update information for CVE-2020-36558
- - - - -
c21d4984 by Salvatore Bonaccorso at 2022-07-31T11:21:41+02:00
Update information for CVE-2022-2327/linux
- - - - -
634c8514 by Salvatore Bonaccorso at 2022-07-31T11:27:02+02:00
Add upstream commit reference for CVE-2022-36946
- - - - -
65332e98 by Salvatore Bonaccorso at 2022-07-31T11:36:04+02:00
Track fixed version for CVE-2022-31081/libhttp-daemon-perl via unstable
- - - - -
40bec17b by Salvatore Bonaccorso at 2022-07-31T11:37:23+02:00
Remove notes from CVE-2021-3601
The CVE was withdrawn as it is not considered a security vulnerability.
As per rejection note:
OpenSSL does not class this issue as a security vulnerability.
The trusted CA store should not contain anything that the user
does not trust to issue other certificates.
- - - - -
7cf9332e by Salvatore Bonaccorso at 2022-07-31T11:55:04+02:00
Add upstream references for CVE-2021-3979
- - - - -
046d4c21 by Salvatore Bonaccorso at 2022-07-31T12:03:32+02:00
Mark CVE-2021-44647/lua5.4 as no-dsa for bullseye
- - - - -
d99444e1 by Salvatore Bonaccorso at 2022-07-31T12:04:51+02:00
Adjust source package name for dsa-needed package
- - - - -
762cfbf3 by Salvatore Bonaccorso at 2022-07-31T12:07:43+02:00
Fix typo in Debian revision for fixing version of CVE-2022-27419/rtl-433
- - - - -
4148f639 by Salvatore Bonaccorso at 2022-07-31T12:13:03+02:00
Add temporary description for CVE-2022-2255
- - - - -
aef1f02d by Salvatore Bonaccorso at 2022-07-31T12:13:24+02:00
Add upstream tag information for CVE-2022-2255
- - - - -
bf6fdfd3 by Salvatore Bonaccorso at 2022-07-31T12:19:20+02:00
Track fixed version for CVE-2021-38562/request-tracker5 via unstable
- - - - -
c1697a1a by Markus Koschany at 2022-07-31T13:16:26+02:00
Reserve DSA-5196-1
- - - - -
7e035a0c by Salvatore Bonaccorso at 2022-07-31T13:38:45+02:00
Associate CVE-2022-35861 with itp'ed bug
- - - - -
18d4893d by Salvatore Bonaccorso at 2022-07-31T13:40:30+02:00
CVE-2020-13692 only relevant for buster so workaround DSA tracking
- - - - -
079b4863 by Salvatore Bonaccorso at 2022-07-31T13:50:34+02:00
Record upstream tag for CVE-2022-2476
- - - - -
3a99acd0 by Salvatore Bonaccorso at 2022-07-31T13:51:07+02:00
Track fixed version via unstable for CVE-2022-2476/wavpack
- - - - -
598dce1d by Salvatore Bonaccorso at 2022-07-31T13:55:12+02:00
Update information on CVE-2022-3403{3,5}/htmldoc
The CVE description seems missleading at this point. The upstream commit
referenced are contained in 1.9.12 and included in the 1.9.12-1 upload.
- - - - -
9b34a886 by Salvatore Bonaccorso at 2022-07-31T14:04:47+02:00
Drop additional version tracking in buster
As the issue was CVE ified and added to data/DSA/list entry it can be
dropped here.
- - - - -
fa3632cb by Salvatore Bonaccorso at 2022-07-31T14:11:22+02:00
Update severity for CVE-2022-35737
For reviewers, please double check again as well. Cross-checked against
current version in unstable, bullseye and buster's builds.
- - - - -
8677418b by Moritz Muehlenhoff at 2022-07-31T14:17:45+02:00
booth fixed in sid
- - - - -
75dc883e by Moritz Muehlenhoff at 2022-07-31T14:21:02+02:00
new gnutls issue
- - - - -
873f76ce by Salvatore Bonaccorso at 2022-07-31T14:22:00+02:00
Add upstream tag information for upstream commit for CVE-2021-46828
- - - - -
ea3e63f6 by Salvatore Bonaccorso at 2022-07-31T14:36:02+02:00
Add upstream tag reference for CVE-2022-34502
- - - - -
53ad923e by Salvatore Bonaccorso at 2022-07-31T14:37:42+02:00
Add upstream commit for CVE-2022-32298/toybox
- - - - -
c3f73a2d by Salvatore Bonaccorso at 2022-07-31T14:40:19+02:00
Revert "Revert "Link to GitHub advisory search for CVEs""
This reverts commit f3e3e34a5ea5ac1e553b3aea371394812199e066.
Emilio did review the merge request so opt for this one and will close
!72.
- - - - -
2a9cac41 by Salvatore Bonaccorso at 2022-07-31T14:47:39+02:00
Remove one reference to only tag page as information recorded in following note
- - - - -
bc600704 by Salvatore Bonaccorso at 2022-07-31T14:49:06+02:00
Add upstream references for CVE-2022-24776
- - - - -
8ae4eb19 by Salvatore Bonaccorso at 2022-07-31T14:56:20+02:00
Mark 9.0.0 upstream version for qpdf as fixed for CVE-2022-34503
The values are guarded by toS trowing an exception. The version listed
has not been explicitly tested against the reproducer. A minimal fix is
proposed by SuSE at [1]. Given it leads only to a crash of a CLI tool it
is though already marked as unimportant.
[1] https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5
- - - - -
55a11e8c by Salvatore Bonaccorso at 2022-07-31T15:00:00+02:00
Isolate upstream commits for CVE-2022-31163/ruby-tzinfo
- - - - -
47d3225a by Salvatore Bonaccorso at 2022-07-31T15:05:11+02:00
Add upstream tag information for CVE-2022-31160
- - - - -
ee5d0233 by Salvatore Bonaccorso at 2022-07-31T15:12:05+02:00
Ignore DoS issue for liblivemedia in buster
- - - - -
323bc5b3 by Salvatore Bonaccorso at 2022-07-31T15:14:30+02:00
Add upstream tag references for CVE-2022-25858
- - - - -
9128841b by Salvatore Bonaccorso at 2022-07-31T15:19:19+02:00
Add tag reference for upstream commit for CVE-2018-21269
- - - - -
604c19ac by Salvatore Bonaccorso at 2022-07-31T15:26:00+02:00
Add upstream tag reference for CVE-2021-46829
- - - - -
e75ca8e3 by Salvatore Bonaccorso at 2022-07-31T15:31:45+02:00
Add upstream tag information for CVE-2022-2522
- - - - -
8f6c8b6f by Salvatore Bonaccorso at 2022-07-31T15:36:43+02:00
Add additional reference for CVE-2022-0670/ceph
- - - - -
28b7f03b by Salvatore Bonaccorso at 2022-07-31T15:42:47+02:00
Add note for CVE-2022-33745 to mention dependency of issue to XSA-401
- - - - -
0cbcbc97 by Salvatore Bonaccorso at 2022-07-31T15:44:04+02:00
Adjust separator in dsa-needed list
- - - - -
ad21719e by Salvatore Bonaccorso at 2022-07-31T15:47:54+02:00
Update information for CVE-2022-34749/mistune
- - - - -
f670ca02 by Salvatore Bonaccorso at 2022-07-31T15:51:11+02:00
Add upstream tag information for CVE-2020-7677
- - - - -
db6ceede by Salvatore Bonaccorso at 2022-07-31T16:03:06+02:00
Mark three samba issues as no-dsa for buster
- - - - -
fd68ec7c by Salvatore Bonaccorso at 2022-07-31T16:11:00+02:00
Track fixed version for net-snmp issues in unstable
- - - - -
6346eacd by Salvatore Bonaccorso at 2022-07-31T16:17:00+02:00
Add upstream commits for CVE-2022-32224
- - - - -
82d44473 by Salvatore Bonaccorso at 2022-07-31T16:24:45+02:00
Add upstream tag reference for CVE-2021-41556 upstream commit
- - - - -
0a500e56 by Salvatore Bonaccorso at 2022-07-31T16:28:12+02:00
Fix typo in bug number reference for CVE-2022-34568
- - - - -
e342c2ba by Salvatore Bonaccorso at 2022-07-31T16:30:49+02:00
Fix typo in Debian bug number reference
- - - - -
481dfb37 by Salvatore Bonaccorso at 2022-07-31T16:52:05+02:00
Add packages which vanished from every supported suite now
- - - - -
345cc992 by Moritz Muehlenhoff at 2022-07-31T17:43:05+02:00
add libxslt issue once discovered through Chromium
- - - - -
0b89b69e by Moritz Muehlenhoff at 2022-07-31T17:47:12+02:00
one more libxslt issue
- - - - -
95256bc8 by Salvatore Bonaccorso at 2022-07-31T19:11:02+02:00
Pinpoint upstream tag for CVE-2019-5815
- - - - -
193fda44 by Salvatore Bonaccorso at 2022-07-31T19:23:22+02:00
Process some NFUs
- - - - -
c0188463 by Salvatore Bonaccorso at 2022-07-31T19:29:08+02:00
Add CVE-2022-36123/linux
- - - - -
f273fb88 by Salvatore Bonaccorso at 2022-07-31T20:42:02+02:00
Update information for CVE-2022-36123/linux
- - - - -
80b19a36 by Salvatore Bonaccorso at 2022-07-31T20:50:09+02:00
Process some NFUs
- - - - -
54f4572f by Moritz Muehlenhoff at 2022-07-31T21:00:19+02:00
dovecot fixed in sid
- - - - -
f694f745 by Salvatore Bonaccorso at 2022-07-31T21:10:41+02:00
Add CVE-2022-34526/tiff
- - - - -
d1c49912 by Salvatore Bonaccorso at 2022-07-31T21:12:51+02:00
Process some NFUs
- - - - -
39a907b4 by Salvatore Bonaccorso at 2022-07-31T21:19:53+02:00
Add CVE-2016-3709/libxml2
- - - - -
eac11e7b by Salvatore Bonaccorso at 2022-07-31T21:36:25+02:00
Add temporary description for samba issues
- - - - -
af34593a by Moritz Muehlenhoff at 2022-07-31T21:42:55+02:00
bugnums
- - - - -
4b868257 by Salvatore Bonaccorso at 2022-07-31T21:47:25+02:00
Add Debian bug references for samba issues
- - - - -
36b13b9c by Salvatore Bonaccorso at 2022-07-31T21:51:47+02:00
Take libtirpc from dsa-needed list
- - - - -
7300ff75 by Salvatore Bonaccorso at 2022-07-31T22:04:38+02:00
Process some NFUs
- - - - -
1ac45186 by Salvatore Bonaccorso at 2022-07-31T22:05:57+02:00
Remove one additonal space in NOTE
- - - - -
7d7dab8c by security tracker role at 2022-07-31T20:10:28+00:00
automatic update
- - - - -
97eb1317 by Moritz Muehlenhoff at 2022-07-31T22:22:28+02:00
NFUs
- - - - -
8de2225b by Moritz Muehlenhoff at 2022-07-31T22:29:08+02:00
remove TODO, looks all fine
- - - - -
60de9787 by Moritz Muehlenhoff at 2022-07-31T23:08:48+02:00
buster/bullseye triage
- - - - -
7ad022cb by Salvatore Bonaccorso at 2022-08-01T06:39:39+02:00
add-dsa-needed: Only list packages for stable for dsa-needed list
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
4c34d7c7 by Salvatore Bonaccorso at 2022-08-01T06:39:39+02:00
DLA template: Switch to mention buster as the LTS release
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
01fd23e1 by Salvatore Bonaccorso at 2022-08-01T06:39:39+02:00
DSA template: Do not mention the oldstable distribution
Support by Debian security team for buster/oldstable is moving to the
LTS team and no further updates are issued for buster/oldstable via a
DSA.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
a049561b by Salvatore Bonaccorso at 2022-08-01T06:39:39+02:00
security-team overview: Do not mention buster-security anymore
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
b6d962a0 by Salvatore Bonaccorso at 2022-08-01T06:54:53+02:00
config.json: Reduce list of supported architectures for buster under LTS support
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
f68f19f5 by Salvatore Bonaccorso at 2022-08-01T06:54:53+02:00
distributions.json: Move support of buster to LTS team
distributions.json is used by reportbug to decide where to redirect
potential regression reports. Move support for buster to the LTS team.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
86c98a94 by Salvatore Bonaccorso at 2022-08-01T06:54:53+02:00
LTS templates: Replace use of Stretch with Buster
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
1210b3fe by Salvatore Bonaccorso at 2022-08-01T06:54:53+02:00
LTS: When checking for missing lts uploads use buster sources
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
3f0f63d9 by Moritz Muehlenhoff at 2022-08-01T08:32:32+02:00
cvelist.el: Default to bullseye
- - - - -
cf5505e3 by Salvatore Bonaccorso at 2022-08-01T09:08:16+02:00
Add reference to upstream commit for CVE-2018-21232/re2c
- - - - -
f1269d99 by security tracker role at 2022-08-01T08:10:14+00:00
automatic update
- - - - -
115ad3df by Salvatore Bonaccorso at 2022-08-01T10:12:08+02:00
Process one NFU
- - - - -
da38a515 by Salvatore Bonaccorso at 2022-08-01T13:38:00+02:00
Note that maintainer of gst-plugins-good1.0 is informed for an update
- - - - -
3a4acc24 by Salvatore Bonaccorso at 2022-08-01T13:42:36+02:00
Add Debian bug reference for CVE-2022-2255/mod-wsgi
- - - - -
1e39a8f9 by Salvatore Bonaccorso at 2022-08-01T13:55:50+02:00
Update information for CVE-2022-32298/toybox
- - - - -
ff62784b by Salvatore Bonaccorso at 2022-08-01T12:03:04+00:00
Merge branch 'end-of-life-security-support-buster' into 'master'
End of life security support buster
See merge request security-tracker-team/security-tracker!105
- - - - -
af277f3f by Salvatore Bonaccorso at 2022-08-01T14:04:59+02:00
dsa-needed: Drop note for 4.19.y linux updates
- - - - -
be6cb8b1 by Moritz Muehlenhoff at 2022-08-01T14:12:57+02:00
moe buster-specific entries out of dsa-needed and into dla-needed
- - - - -
fd093cf7 by Salvatore Bonaccorso at 2022-08-01T14:22:52+02:00
Track as well xwayland for CVE-2022-23{19,20}
- - - - -
925a8821 by Salvatore Bonaccorso at 2022-08-01T14:32:51+02:00
Track fixed version for samba issues fixed in unstable
- - - - -
8b6b2a24 by Salvatore Bonaccorso at 2022-08-01T14:33:45+02:00
Revert "Track as well xwayland for CVE-2022-23{19,20}"
Needs further investigation if it's actually a vulnerablity for wayland.
This reverts commit fd093cf74dde2df99d46ebe46e6ba945e331a82c.
- - - - -
925d179f by Sylvain Beucler at 2022-08-01T16:23:29+02:00
dla: drop LTS inactivity note
- - - - -
73672b19 by Sylvain Beucler at 2022-08-01T16:25:03+02:00
dla: claim slurm-llnl (for EOL)
- - - - -
0f3dd7e4 by Moritz Mühlenhoff at 2022-08-01T16:37:09+02:00
libhttp-daemon-perl spu
- - - - -
a9380a6d by Moritz Muehlenhoff at 2022-08-01T17:59:20+02:00
gimp fixed in sid
- - - - -
97bb7ba0 by Markus Koschany at 2022-08-01T18:09:50+02:00
Claim jetty9 in dsa-needed.txt
- - - - -
9c9dc856 by Markus Koschany at 2022-08-01T18:17:48+02:00
Reserve DSA-5197-1
- - - - -
7a6e3aeb by Markus Koschany at 2022-08-01T20:08:40+02:00
CVE-2022-2047,CVE-2022-2048,jetty9: Link to pull requests
- - - - -
63165f53 by Salvatore Bonaccorso at 2022-08-01T21:15:16+02:00
dsa-needed file: replace name with uid
- - - - -
3cd22762 by Salvatore Bonaccorso at 2022-08-01T21:44:34+02:00
Add CVE-2022-3069{8,9}/unbound
- - - - -
01155f56 by Salvatore Bonaccorso at 2022-08-01T21:50:04+02:00
Add Debian bug reference for unbound issues
- - - - -
192d8a79 by security tracker role at 2022-08-01T20:10:23+00:00
automatic update
- - - - -
b985e3f7 by Salvatore Bonaccorso at 2022-08-01T22:17:06+02:00
Process several NFUs
- - - - -
1047a316 by Salvatore Bonaccorso at 2022-08-01T22:22:24+02:00
Add some new CVEs for vim
- - - - -
5f2067d1 by Salvatore Bonaccorso at 2022-08-01T22:23:11+02:00
Process two more NFUs
- - - - -
f6b8f939 by Salvatore Bonaccorso at 2022-08-01T22:24:06+02:00
Add CVE-2022-2596/node-fetch
- - - - -
475ff884 by Salvatore Bonaccorso at 2022-08-01T22:28:02+02:00
Update information for CVE-2022-2596/node-fetch
- - - - -
270f691d by Salvatore Bonaccorso at 2022-08-01T22:41:59+02:00
Track fixed version via unstable for CVE-2022-34568/libsdl1.2
- - - - -
a9b71dbe by Salvatore Bonaccorso at 2022-08-01T22:56:23+02:00
Process some NFUs
- - - - -
d120185c by Sylvain Beucler at 2022-08-02T08:42:34+02:00
dla: drop slurm-llnl (EOL'd)
- - - - -
507cfa04 by Salvatore Bonaccorso at 2022-08-02T09:13:26+02:00
Correct triage of CVE-2022-2589 and associate with src:fava
Thanks: Alex Murray
- - - - -
677aa0da by Salvatore Bonaccorso at 2022-08-02T09:15:36+02:00
Adjust two more CVEs and associate them with src:fava
- - - - -
bd2b3e45 by Moritz Muehlenhoff at 2022-08-02T09:55:31+02:00
bullseye triage
- - - - -
78ced217 by Moritz Muehlenhoff at 2022-08-02T09:57:52+02:00
add qemu to dla-needed
- - - - -
be9b0c9e by security tracker role at 2022-08-02T08:10:19+00:00
automatic update
- - - - -
472bbb5e by Moritz Muehlenhoff at 2022-08-02T11:07:56+02:00
NFUs
- - - - -
e70c37bb by Moritz Muehlenhoff at 2022-08-02T11:35:47+02:00
NFUs
- - - - -
fe5fde0d by Markus Koschany at 2022-08-02T12:51:30+02:00
Claim librecad in dsa-needed.txt
- - - - -
e8660125 by Markus Koschany at 2022-08-02T12:56:01+02:00
Reserve DSA-5198-1
- - - - -
a6bf2df6 by Neil Williams at 2022-08-02T12:01:26+01:00
Process some NFUs
- - - - -
167de486 by Markus Koschany at 2022-08-02T13:05:53+02:00
Add curl, jetty9 and librecad to dla-needed.txt
- - - - -
508ebd2d by Neil Williams at 2022-08-02T12:20:14+01:00
Process some NFUs
- - - - -
a4a469a4 by Salvatore Bonaccorso at 2022-08-02T13:32:37+02:00
Track experimental fixes for two zabbix issues
- - - - -
0629492f by Salvatore Bonaccorso at 2022-08-02T14:51:55+02:00
Track fixed issues in zabbix after upload to unstable
- - - - -
4118faa7 by Salvatore Bonaccorso at 2022-08-02T14:58:35+02:00
More zabbix issues fixed with unstable upload
- - - - -
0357ac07 by Salvatore Bonaccorso at 2022-08-02T18:00:18+02:00
Add CVE-2022-29154/rsync
- - - - -
05787e6a by Salvatore Bonaccorso at 2022-08-02T19:07:17+02:00
Add some more related commits for CVE-2022-29154/rsync
- - - - -
ca88c060 by Markus Koschany at 2022-08-02T19:12:33+02:00
CVE-2021-3597,undertow: fixed in unstable in 2.2.10-1
according to Red Hat the first version which contained the fix was 2.2.9.
Marking 2.2.10-1 as the first fixed version in Debian. No further details are
available
- - - - -
21f97979 by Salvatore Bonaccorso at 2022-08-02T19:13:32+02:00
Mark CVE-2022-29154/rsync as no-dsa
- - - - -
29c2cd19 by Salvatore Bonaccorso at 2022-08-02T19:23:15+02:00
Add Debian bug reference for CVE-2022-29154/rsync
- - - - -
02c98452 by Markus Koschany at 2022-08-02T19:28:46+02:00
CVE-2019-19343,undertow: fixed in unstable
in version 2.0.25-1. According to Red Hat version 2.0.25 fixed the problem. The fix
"was a change in remoting however, it manifested in an Undertow use case". No
further details are available.
- - - - -
310cf129 by Salvatore Bonaccorso at 2022-08-02T19:34:38+02:00
Track fixed version for unzip issues via unstable
- - - - -
97ec6f0f by Markus Koschany at 2022-08-02T19:46:51+02:00
CVE-2021-3629,undertow: fixed in unstable
according to Red Hat this issue was fixed in version 2.2.11. The first fixing
version in Debian was 2.2.12. No further details are available
See https://bugzilla.redhat.com/show_bug.cgi?id=1977362
- - - - -
e06d1892 by Markus Koschany at 2022-08-02T19:46:52+02:00
CVE-2022-1319,undertow: fixed in unstable
fixed in 2.2.17-1
See https://access.redhat.com/errata/RHSA-2022:4918
and the original Red Hat bug report
https://bugzilla.redhat.com/show_bug.cgi?id=2073890
No further details are available
- - - - -
1a9b8812 by Markus Koschany at 2022-08-02T21:37:26+02:00
CVE-2021-3859,undertow: fixed in unstable
fixed upstream in 2.2.15. First Debian version was 2.2.16-1
- - - - -
5a7c2039 by Markus Koschany at 2022-08-02T22:02:54+02:00
CVE-2022-2053,undertow: fixed in unstable
with 2.2.18-1
- - - - -
65634a1d by security tracker role at 2022-08-02T20:10:20+00:00
automatic update
- - - - -
c5719971 by Salvatore Bonaccorso at 2022-08-02T22:29:51+02:00
Process some NFUs
- - - - -
ff25574f by Salvatore Bonaccorso at 2022-08-02T22:31:56+02:00
Add CVE-2022-31177/flask-appbuilder
- - - - -
11ae4b76 by Salvatore Bonaccorso at 2022-08-02T22:42:09+02:00
Add CVE-2021-23385/flask-security
- - - - -
6a565fff by Moritz Mühlenhoff at 2022-08-02T23:44:02+02:00
new chromium issues
- - - - -
7ae1079f by security tracker role at 2022-08-03T08:10:11+00:00
automatic update
- - - - -
28e66470 by Salvatore Bonaccorso at 2022-08-03T10:23:20+02:00
Add CVE-2022-37035/frr
- - - - -
669f382a by Salvatore Bonaccorso at 2022-08-03T10:31:25+02:00
Process some NFUs
- - - - -
732dbf14 by Neil Williams at 2022-08-03T09:51:33+01:00
Process some NFUs
- - - - -
459da6f0 by Salvatore Bonaccorso at 2022-08-03T11:26:44+02:00
Process some NFUs
- - - - -
53345ef4 by Neil Williams at 2022-08-03T11:12:38+01:00
Process some NFUs
- - - - -
b28111bd by Emilio Pozuelo Monfort at 2022-08-03T12:17:10+02:00
Remove lts-auto-eol script
It has little use, is written in perl and not using our current
parsers, and hardcodes stuff making it LTS specific when it
could be more generic.
- - - - -
9d9778ff by Neil Williams at 2022-08-03T11:25:07+01:00
Process some NFUs
- - - - -
ae8439b7 by Neil Williams at 2022-08-03T11:43:21+01:00
CVE-2022-34927/milkytracker unfixed bug 1016578
- - - - -
e199a6b2 by Neil Williams at 2022-08-03T12:01:02+01:00
Process 2 NFUs
- - - - -
edad6879 by Salvatore Bonaccorso at 2022-08-03T13:05:10+02:00
Add CVE-2022-20158/linux
- - - - -
bd72788e by Salvatore Bonaccorso at 2022-08-03T13:11:03+02:00
Add CVE-2022-20368/linux
- - - - -
a4930c90 by Salvatore Bonaccorso at 2022-08-03T13:16:06+02:00
Add CVE-2022-20369/linux
- - - - -
390d7079 by Salvatore Bonaccorso at 2022-08-03T14:07:58+02:00
Record upstream commits for net-snmp issues
- - - - -
3989d365 by Neil Williams at 2022-08-03T15:00:19+01:00
Process 3 NFUs
- - - - -
b4b33215 by Sylvain Beucler at 2022-08-03T16:55:06+02:00
dla: claim qemu
- - - - -
7aed0753 by Sylvain Beucler at 2022-08-03T17:37:20+02:00
CVE-2021-21897/librecad not-affected
cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010349 for rationale,
no feedback/rebutal after 2 months
- - - - -
0b832270 by Salvatore Bonaccorso at 2022-08-03T20:01:04+02:00
Add CVE-2022-36359/python-django
- - - - -
4bc77255 by Sylvain Beucler at 2022-08-03T20:48:10+02:00
CVE-2021-21897/librecad: leave unfixed but mark unimportant
following input from jmm and carnil in #1010349
- - - - -
898f935b by security tracker role at 2022-08-03T20:10:29+00:00
automatic update
- - - - -
232aad20 by Salvatore Bonaccorso at 2022-08-03T22:16:47+02:00
Add CVE-2022-37394/nova
- - - - -
7ce6f0b7 by Salvatore Bonaccorso at 2022-08-03T22:20:01+02:00
Process some NFUs
- - - - -
d58f8ac5 by Salvatore Bonaccorso at 2022-08-03T22:25:06+02:00
Add CVE-2022-3229{2,3}/connman
- - - - -
aa226698 by Moritz Mühlenhoff at 2022-08-03T23:49:00+02:00
new jspwiki issues (removed)
- - - - -
f79bd720 by Salvatore Bonaccorso at 2022-08-04T06:30:34+02:00
Several vim issues fixed in unstable upload
- - - - -
66d3f43a by Salvatore Bonaccorso at 2022-08-04T06:35:56+02:00
Track fixed version for seveal CVEs for vim fixed with unstable upload
- - - - -
6e75d9c6 by Salvatore Bonaccorso at 2022-08-04T07:10:17+02:00
Add CVE entries for nvidia-graphics-drivers, #1016614
- - - - -
1d4383d2 by Salvatore Bonaccorso at 2022-08-04T07:23:04+02:00
Add CVE entries for nvidia-graphics-drivers-legacy-340xx, #1016615
- - - - -
76b5f3b3 by Salvatore Bonaccorso at 2022-08-04T07:32:56+02:00
Add CVE entries for nvidia-graphics-drivers-legacy-390xx, #1016616
- - - - -
784615e5 by Salvatore Bonaccorso at 2022-08-04T07:34:52+02:00
Add CVE entries for nvidia-graphics-drivers-tesla-418, #1016617
- - - - -
daf433de by Salvatore Bonaccorso at 2022-08-04T07:41:58+02:00
Add CVE entries for nvidia-graphics-drivers-tesla-450, #1016618
- - - - -
2ff5b81f by Salvatore Bonaccorso at 2022-08-04T07:45:54+02:00
Add CVE entries for nvidia-graphics-drivers-tesla-460, #1016619
- - - - -
8e0be3cd by Salvatore Bonaccorso at 2022-08-04T07:48:30+02:00
Add CVE entries for nvidia-graphics-drivers-tesla-470, #1016620
- - - - -
08358427 by Salvatore Bonaccorso at 2022-08-04T08:01:59+02:00
Add CVE entries for nvidia-graphics-drivers-tesla-510, #1016621
- - - - -
82f9a4ad by Salvatore Bonaccorso at 2022-08-04T08:10:04+02:00
Add CVE-2022-32189/go
- - - - -
cb89f286 by Emilio Pozuelo Monfort at 2022-08-04T10:01:20+02:00
lts: take xorg-server
- - - - -
0abb00eb by security tracker role at 2022-08-04T08:10:18+00:00
automatic update
- - - - -
753e3938 by Moritz Mühlenhoff at 2022-08-04T10:27:35+02:00
NFUs
- - - - -
bda90df6 by Salvatore Bonaccorso at 2022-08-04T13:06:08+02:00
Add CVE-2022-2639/linux
- - - - -
2c75fdd2 by Emilio Pozuelo Monfort at 2022-08-04T17:50:55+02:00
Reserve DLA-3068-1 for xorg-server
- - - - -
e8de473f by Emilio Pozuelo Monfort at 2022-08-04T17:51:50+02:00
Add missing unfixed tags
- - - - -
6d2d15e9 by Salvatore Bonaccorso at 2022-08-04T18:41:16+02:00
Add CVE-2022-37030 as NFU
- - - - -
6c485919 by Salvatore Bonaccorso at 2022-08-04T20:46:07+02:00
Track fixed version via unstable for some CVEs affecting nvidia-graphics-drivers-legacy-390xx
- - - - -
53b4e904 by security tracker role at 2022-08-04T20:10:22+00:00
automatic update
- - - - -
04fcf8ef by Salvatore Bonaccorso at 2022-08-04T22:18:17+02:00
Process some NFUs
- - - - -
03ba3f66 by Salvatore Bonaccorso at 2022-08-04T22:25:50+02:00
Process some NFUs
- - - - -
b1ed0022 by Salvatore Bonaccorso at 2022-08-04T22:26:42+02:00
Add two CVEs for nextcloud-server, itp'ed, #941708
- - - - -
ca895695 by Salvatore Bonaccorso at 2022-08-04T22:30:01+02:00
Add CVE-2022-31197/libpgjava
- - - - -
e37e3c63 by Salvatore Bonaccorso at 2022-08-04T22:42:37+02:00
Add Debian bug reference for CVE-2022-31197/libpgjava
- - - - -
b120d927 by Salvatore Bonaccorso at 2022-08-04T22:54:02+02:00
Add CVE-2022-25168/hadoop
- - - - -
fd291db8 by Salvatore Bonaccorso at 2022-08-05T07:00:48+02:00
Track fixed version for chromium in unstable
- - - - -
dc85352f by Salvatore Bonaccorso at 2022-08-05T08:56:06+02:00
Add CVE-2022-2256 as NFU
- - - - -
4c09b151 by Salvatore Bonaccorso at 2022-08-05T09:25:59+02:00
Track proposed update for dbus-broker via bullseye-pu
- - - - -
5ea3ba10 by security tracker role at 2022-08-05T08:10:25+00:00
automatic update
- - - - -
3dd620a0 by Emilio Pozuelo Monfort at 2022-08-05T10:15:48+02:00
Track xwayland for CVE-2022-23{19,20}
- - - - -
6849485a by Salvatore Bonaccorso at 2022-08-05T10:18:05+02:00
Note that Emilio prepared a debdiff for xorg-server
- - - - -
8914180a by Salvatore Bonaccorso at 2022-08-05T10:24:12+02:00
Process some NFUs
- - - - -
524fe19f by Neil Williams at 2022-08-05T09:26:41+01:00
Process 2 NFUs
- - - - -
9d9f9912 by Neil Williams at 2022-08-05T09:34:05+01:00
CVE-2022-2652/v4l2loopback already fixed in sid
- - - - -
6ad6fb6d by Neil Williams at 2022-08-05T09:48:05+01:00
CVE-2022-2652 v4l2loopback unfixed in 0.12.7-1 bug 1016685
- - - - -
a509869d by Neil Williams at 2022-08-05T10:02:46+01:00
Process some NFUs
- - - - -
45176ee7 by Neil Williams at 2022-08-05T10:05:19+01:00
Process 2 NFUs
- - - - -
83a81e98 by Neil Williams at 2022-08-05T10:29:24+01:00
Process some NFUs
- - - - -
c345ecb2 by Neil Williams at 2022-08-05T10:53:35+01:00
Process some NFUs
- - - - -
cebf6065 by Salvatore Bonaccorso at 2022-08-05T13:06:36+02:00
Update information for CVE-2022-2652/v4l2loopback
- - - - -
24d4b934 by Emilio Pozuelo Monfort at 2022-08-05T13:32:34+02:00
CVE-2022-36359/python-django: add introducing commit
And triage as n/a on buster.
- - - - -
368f2483 by Salvatore Bonaccorso at 2022-08-05T14:08:36+02:00
Add information for CVE-2020-8287/http-parser
- - - - -
04a9edff by Salvatore Bonaccorso at 2022-08-05T21:12:13+02:00
Track proposed grub2 update via bullseye-pu
- - - - -
6892e989 by Salvatore Bonaccorso at 2022-08-05T21:13:20+02:00
Track proposed grub2 update via buster-pu
- - - - -
c245e8cb by Salvatore Bonaccorso at 2022-08-05T21:22:41+02:00
Add CVE-2022-37434/zlib
- - - - -
0386d3ba by Salvatore Bonaccorso at 2022-08-05T21:33:08+02:00
Add Debian bug reference for CVE-2022-37434/zlib
- - - - -
2b629b1b by security tracker role at 2022-08-05T20:10:34+00:00
automatic update
- - - - -
e3a98e54 by Moritz Mühlenhoff at 2022-08-05T23:09:46+02:00
libtirpc fixed in sid
- - - - -
dcf356ff by Moritz Mühlenhoff at 2022-08-05T23:22:27+02:00
http-parser fixed in sid
- - - - -
0ddbe86b by Moritz Mühlenhoff at 2022-08-05T23:28:29+02:00
NFUs
- - - - -
398200a5 by Moritz Mühlenhoff at 2022-08-05T23:33:41+02:00
take unzip, chromium
- - - - -
68520eac by Salvatore Bonaccorso at 2022-08-06T09:32:53+02:00
Process CVE-2022-2668 as NFU
- - - - -
3b1f94a5 by security tracker role at 2022-08-06T08:10:20+00:00
automatic update
- - - - -
eccbb5c4 by Salvatore Bonaccorso at 2022-08-06T10:23:35+02:00
Add CVE-2022-37450/golang-github-go-ethereum
- - - - -
d16f96a6 by Salvatore Bonaccorso at 2022-08-06T10:24:49+02:00
Process some NFUs
- - - - -
4c4fed1d by Salvatore Bonaccorso at 2022-08-06T10:32:00+02:00
Process some NFUs
- - - - -
faa668bb by Salvatore Bonaccorso at 2022-08-06T14:33:12+02:00
Take care of xorg-server in DSA needed list
- - - - -
a8e458bf by Salvatore Bonaccorso at 2022-08-06T14:59:44+02:00
Track fixed version via unstable for CVE-2022-32189/golang-1.18
- - - - -
a742aaaf by Salvatore Bonaccorso at 2022-08-06T17:07:18+02:00
Reserve DSA number for xorg-server update
- - - - -
7ba9c004 by Salvatore Bonaccorso at 2022-08-06T17:16:34+02:00
Track fixed version for CVE-2022-34526/tiff via unstable
- - - - -
760a0165 by Salvatore Bonaccorso at 2022-08-06T21:41:46+02:00
Add CVE-2022-37451/exim4
- - - - -
8ba1d086 by security tracker role at 2022-08-06T20:10:24+00:00
automatic update
- - - - -
c9c204ad by Salvatore Bonaccorso at 2022-08-06T22:30:33+02:00
Process some new NFUs
- - - - -
2eb460f1 by Salvatore Bonaccorso at 2022-08-06T22:41:36+02:00
Track proposed nvidia-graphics-drivers-legacy-390xx through {buster,bullseye}-pu
- - - - -
0424c5b0 by Salvatore Bonaccorso at 2022-08-07T09:49:44+02:00
Track fixed version for CVE-2022-2255/mod-wsgi via unstable
- - - - -
a0d58edb by Salvatore Bonaccorso at 2022-08-07T09:51:14+02:00
Track fixed version for nvidia-graphics-drivers-tesla-450 issues via unstable
- - - - -
beb88d66 by security tracker role at 2022-08-07T08:10:20+00:00
automatic update
- - - - -
2a6f0d20 by Salvatore Bonaccorso at 2022-08-07T10:25:49+02:00
Process two NFUs
- - - - -
8774c16e by Salvatore Bonaccorso at 2022-08-07T10:28:37+02:00
Reserve DSA number for libtirpc update
- - - - -
898cb05c by Moritz Mühlenhoff at 2022-08-07T10:48:54+02:00
chromium DSA
- - - - -
67802b0a by Salvatore Bonaccorso at 2022-08-07T15:28:36+02:00
Take samba from dsa-needed list for DSA release
- - - - -
15c6c974 by Salvatore Bonaccorso at 2022-08-07T15:30:13+02:00
Take gnutls28 from dsa-needed list
- - - - -
cbe728aa by Salvatore Bonaccorso at 2022-08-07T15:50:34+02:00
CVE-2022-2509: Directly link to GNUTLS-SA-2022-07-07
- - - - -
10ab8c97 by Salvatore Bonaccorso at 2022-08-07T20:00:07+02:00
Add webkit2gtk/wpewebkit issues from WSA-2022-0007
- - - - -
d6d0ce48 by Moritz Muehlenhoff at 2022-08-07T21:18:40+02:00
NFU
- - - - -
12c23ef8 by Salvatore Bonaccorso at 2022-08-07T21:46:12+02:00
Add CVE-2022-37452/exim4
- - - - -
e63ddf74 by Salvatore Bonaccorso at 2022-08-08T08:39:51+02:00
Add CVE-2022-34943/php-laravel-framework
- - - - -
6226e001 by security tracker role at 2022-08-08T08:10:27+00:00
automatic update
- - - - -
b7c80100 by Salvatore Bonaccorso at 2022-08-08T10:20:52+02:00
Process two NFUs
- - - - -
4a3851d0 by Emilio Pozuelo Monfort at 2022-08-08T10:27:02+02:00
lts-cve-triage: don't use the release number
This is much harder to catch when a release becomes EOL, as we
grep for e.g. stretch.
- - - - -
44cd31ff by Sylvain Beucler at 2022-08-08T11:08:00+02:00
dla: update qemu status following abhijith contact
- - - - -
c8390bac by Salvatore Bonaccorso at 2022-08-08T11:24:07+02:00
Add CVE-2022-2590/linux
- - - - -
8afde184 by Salvatore Bonaccorso at 2022-08-08T12:12:28+02:00
Add oss-security reference for CVE-2022-2590/linux
- - - - -
0924c71f by Salvatore Bonaccorso at 2022-08-08T13:24:53+02:00
Add reference for CVE-2022-29582/linux
- - - - -
4adbd74a by Salvatore Bonaccorso at 2022-08-08T16:13:53+02:00
Track fixed verison for CVE-2022-27650/crun via unstable
- - - - -
f8f1d9d1 by Salvatore Bonaccorso at 2022-08-08T16:15:21+02:00
Track fixed version for CVE-2022-31197/libpgjava via unstable
- - - - -
a56d322e by Salvatore Bonaccorso at 2022-08-08T16:16:35+02:00
Track fixed version for nvidia-graphics-drivers issues via unstable
- - - - -
f06fd428 by Salvatore Bonaccorso at 2022-08-08T17:10:41+02:00
Update tracking for CVE-2022-1184/linux
The correct fix only landed recently in mainline and is not yet
backported to oder releases.
- - - - -
6d165bc1 by Moritz Mühlenhoff at 2022-08-08T17:26:53+02:00
unzip DSA
- - - - -
cf68903e by Moritz Mühlenhoff at 2022-08-08T17:34:32+02:00
avahi spu
- - - - -
6c9b4afe by Emilio Pozuelo Monfort at 2022-08-08T18:01:35+02:00
rustc toolchain updated in bullseye/buster
Minor issues pending, but no need to track it here anymore.
- - - - -
99815548 by Abhijith PA at 2022-08-08T22:42:38+05:30
Claim qemu from beuc
- - - - -
d7872265 by Salvatore Bonaccorso at 2022-08-08T19:59:20+02:00
Track fixed version for nvidia-graphics-drivers-tesla-470 issues via unstable
- - - - -
c3d33a48 by Salvatore Bonaccorso at 2022-08-08T21:09:10+02:00
Reserve DSA number for gnutls28 update
- - - - -
5e94d45b by security tracker role at 2022-08-08T20:10:35+00:00
automatic update
- - - - -
50b28d26 by Salvatore Bonaccorso at 2022-08-08T22:21:26+02:00
Process some NFUs
- - - - -
ffb81929 by Moritz Muehlenhoff at 2022-08-08T22:23:23+02:00
NFUs
- - - - -
71658853 by Salvatore Bonaccorso at 2022-08-08T22:25:52+02:00
Process some NFUs
- - - - -
502a8b9e by Salvatore Bonaccorso at 2022-08-08T22:25:54+02:00
Add new zammad CVEs, itp'ed
- - - - -
be4c2264 by Salvatore Bonaccorso at 2022-08-08T22:25:55+02:00
Add CVE-2022-34293/wolfssl
- - - - -
db3406d7 by Salvatore Bonaccorso at 2022-08-09T08:28:10+02:00
Add CVE-2022-2719/imagemagick
- - - - -
f53aa481 by Salvatore Bonaccorso at 2022-08-09T08:31:21+02:00
Add followup commit for CVE-2022-37434/zlib
- - - - -
9e0bd5e1 by Neil Williams at 2022-08-09T09:02:45+01:00
CVE-2020-23914/5 salmon fixed in sid, retroarch unaffected in Debian
- - - - -
f89f3f31 by security tracker role at 2022-08-09T08:10:19+00:00
automatic update
- - - - -
33d3b882 by Salvatore Bonaccorso at 2022-08-09T10:32:25+02:00
Process some NFUs
- - - - -
5a7c85ff by Neil Williams at 2022-08-09T09:38:34+01:00
Process 2 NFUs
- - - - -
7fc98e7a by Neil Williams at 2022-08-09T09:51:25+01:00
Update version information for salmon
- - - - -
69608770 by Neil Williams at 2022-08-09T09:58:25+01:00
Update information for salmon in stretch
- - - - -
767e7cef by Salvatore Bonaccorso at 2022-08-09T11:02:58+02:00
Mark CVE-2022-2391{4,5} as unimportant
- - - - -
cfd780de by Salvatore Bonaccorso at 2022-08-09T11:03:33+02:00
Update CVE-2022-2391{4,5}/salmon: Vulnerable code newer in a released Debian version but fixed before inclusion
- - - - -
752718c2 by Salvatore Bonaccorso at 2022-08-09T14:00:33+02:00
Add gst-plugins-good1.0 (as uploaded by maintainer and needs a DLA)
- - - - -
5813033a by Sylvain Beucler at 2022-08-09T14:39:59+02:00
Reserve DLA-3069-1 for gst-plugins-good1.0
- - - - -
f90019da by Salvatore Bonaccorso at 2022-08-09T19:14:12+02:00
Add CVE-2022-26373/linux
- - - - -
c6fb5b06 by Salvatore Bonaccorso at 2022-08-09T19:14:50+02:00
Add CVE-2022-2586/linux
- - - - -
003bb64e by Salvatore Bonaccorso at 2022-08-09T19:25:49+02:00
Add oss-security reference CVE-2022-2586
- - - - -
8e58f3e9 by Salvatore Bonaccorso at 2022-08-09T19:26:24+02:00
Add CVE-2022-2585/linux
- - - - -
a70b8eb2 by Salvatore Bonaccorso at 2022-08-09T19:28:39+02:00
Add CVE-2022-2588/linux
- - - - -
cf570656 by Moritz Mühlenhoff at 2022-08-09T21:15:45+02:00
gst-plugins-good1.0 DSA
- - - - -
2e1dbe45 by Salvatore Bonaccorso at 2022-08-09T22:07:05+02:00
Update information for CVE-2022-1921/gst-plugins-good1.0
- - - - -
e3c9e889 by Salvatore Bonaccorso at 2022-08-09T22:09:37+02:00
Update information for CVE-2022-192{2,3,4,5}
- - - - -
42f1fc6d by Salvatore Bonaccorso at 2022-08-09T22:11:37+02:00
Update information for CVE-2022-2122
- - - - -
2d7ee22c by Salvatore Bonaccorso at 2022-08-09T22:13:19+02:00
Update information for CVE-2022-1920
- - - - -
b38106f7 by Roberto C. Sánchez at 2022-08-09T17:02:58-04:00
LTS: update notes on apache2
- - - - -
310eca2d by Salvatore Bonaccorso at 2022-08-10T07:04:44+02:00
Track fixed version for two u-boot issues with unstable upload
- - - - -
ec9eb67c by Salvatore Bonaccorso at 2022-08-10T07:06:46+02:00
Track fixed version for CVE-2022-30767/u-boot via unstable
- - - - -
da44ba16 by Salvatore Bonaccorso at 2022-08-10T07:07:56+02:00
Fix referenced upstream tag for CVE-2022-30790 commit
- - - - -
270b1084 by Salvatore Bonaccorso at 2022-08-10T07:10:10+02:00
Add upstream tag information for CVE-2022-33967
- - - - -
690631ad by Salvatore Bonaccorso at 2022-08-10T07:10:48+02:00
Track fixed version via unstable for CVE-2022-33967/u-boot
- - - - -
d5d47f53 by Salvatore Bonaccorso at 2022-08-10T07:38:46+02:00
Track fixed version via unstable for CVE-2022-34835/u-boot
- - - - -
6cd2cdfe by Salvatore Bonaccorso at 2022-08-10T07:39:57+02:00
Reference upstream tag for CVE-2022-34835
- - - - -
507648d6 by Salvatore Bonaccorso at 2022-08-10T09:08:02+02:00
Sync CVE-2022-2585 with kernel-sec
- - - - -
2973e102 by Salvatore Bonaccorso at 2022-08-10T09:38:33+02:00
Add CVE-2021-46778 as NFU
- - - - -
f0ecb82f by Salvatore Bonaccorso at 2022-08-10T09:41:07+02:00
Process CVE-2022-245{7,8} as NFUs
- - - - -
c84f2b60 by security tracker role at 2022-08-10T08:10:16+00:00
automatic update
- - - - -
d0e87b73 by Salvatore Bonaccorso at 2022-08-10T10:11:30+02:00
Process some NFUs
- - - - -
edfb437a by Salvatore Bonaccorso at 2022-08-10T10:13:17+02:00
Process some NFUs
- - - - -
3959a996 by Salvatore Bonaccorso at 2022-08-10T10:18:23+02:00
Process NFUs
- - - - -
28f413a9 by Salvatore Bonaccorso at 2022-08-10T10:22:06+02:00
Process some NFUs
- - - - -
9767620d by Salvatore Bonaccorso at 2022-08-10T10:23:51+02:00
Track fixes for nvidia-graphics-drivers-tesla-510 via unstable
- - - - -
934beb79 by Moritz Muehlenhoff at 2022-08-10T11:03:07+02:00
golang-1.17 fixed in sid
- - - - -
47825e8f by Alberto Garcia at 2022-08-10T12:06:03+02:00
webkit2gtk and wpewebkit don't have LIBWEBRTC in Debian
- - - - -
56950bd2 by Salvatore Bonaccorso at 2022-08-10T12:25:36+02:00
Add CVE-2022-21233/intel-microcode
- - - - -
36be4e16 by Emilio Pozuelo Monfort at 2022-08-10T13:15:04+02:00
lts: take gnutls28
- - - - -
c2e802ae by Moritz Muehlenhoff at 2022-08-10T14:50:37+02:00
python3.10 fixed in sid
new ATS issues
- - - - -
26b830f6 by Emilio Pozuelo Monfort at 2022-08-10T15:15:17+02:00
lts: take libtirpc
- - - - -
20752774 by Alberto Garcia at 2022-08-10T17:33:47+02:00
Add package versions for WebKitGTK CVEs
- - - - -
84311d39 by Markus Koschany at 2022-08-10T18:15:52+02:00
Remove librecad from dsa-needed.txt
Apparently this one is no longer relevant because the only open CVE was marked
"unimportant"
- - - - -
d65b84bf by Markus Koschany at 2022-08-10T18:17:56+02:00
Remove librecad from dla-needed.txt
- - - - -
80e20e38 by Markus Koschany at 2022-08-10T18:18:48+02:00
Claim asterisk and mediawiki in dla-needed.txt
- - - - -
a8d1f7fe by Markus Koschany at 2022-08-10T18:19:16+02:00
Claim asterisk in dsa-needed.txt
- - - - -
25641183 by Salvatore Bonaccorso at 2022-08-10T19:58:50+02:00
dsa-needed: Update entry with uid for consistency
- - - - -
535072a1 by Salvatore Bonaccorso at 2022-08-10T20:09:34+02:00
Reference v2 patch for CVE-2022-2590/linux
- - - - -
2d3599a5 by Salvatore Bonaccorso at 2022-08-10T20:18:38+02:00
Track CVE fixes for linux via unstable
- - - - -
88eeaa02 by Moritz Muehlenhoff at 2022-08-10T22:20:49+02:00
bugnums
- - - - -
7ed50094 by Moritz Muehlenhoff at 2022-08-10T22:24:52+02:00
imagemagick n/a
- - - - -
d58ad793 by Moritz Muehlenhoff at 2022-08-10T22:25:56+02:00
bugnum
- - - - -
0726f7d0 by Anton Gladky at 2022-08-11T06:36:44+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
3b294f6e by Anton Gladky at 2022-08-11T06:46:17+02:00
LTS: add rsync
- - - - -
63d817aa by Anton Gladky at 2022-08-11T07:00:24+02:00
LTS: add some meta-info into dla-needed
- - - - -
bdf3a068 by Salvatore Bonaccorso at 2022-08-11T07:03:59+02:00
Add CVE-2022-38150/varnish
- - - - -
c7fcae9e by Neil Williams at 2022-08-11T08:39:50+01:00
Process some NFUs
- - - - -
de018a28 by Neil Williams at 2022-08-11T09:01:47+01:00
Process some NFUs
- - - - -
9370d219 by security tracker role at 2022-08-11T08:10:17+00:00
automatic update
- - - - -
ac62305c by Salvatore Bonaccorso at 2022-08-11T10:19:40+02:00
Process some NFUs
- - - - -
9080df85 by Salvatore Bonaccorso at 2022-08-11T10:22:32+02:00
Process some NFUs
- - - - -
747ac9df by Salvatore Bonaccorso at 2022-08-11T10:26:01+02:00
Add CVE-2022-3177{8,9}/trafficserver
- - - - -
69354781 by Salvatore Bonaccorso at 2022-08-11T10:27:40+02:00
Add references for trafficserver advisory
- - - - -
3567264e by Neil Williams at 2022-08-11T09:34:41+01:00
CVE-2022-31031/asterisk & ring - both pkgs provide STUN support via PJSIP
- - - - -
b30bdb20 by Salvatore Bonaccorso at 2022-08-11T10:40:15+02:00
Process some NFUs
- - - - -
29010636 by Neil Williams at 2022-08-11T09:50:59+01:00
Process some NFUs
- - - - -
6533052b by Neil Williams at 2022-08-11T10:04:49+01:00
Process some NFUs
- - - - -
98bf5cef by Neil Williams at 2022-08-11T10:13:40+01:00
Process some NFUs
- - - - -
d06745f6 by Salvatore Bonaccorso at 2022-08-11T11:16:54+02:00
Track fixes for mysql-8.0 via unstable
- - - - -
f11651e7 by Neil Williams at 2022-08-11T10:22:29+01:00
Process 2 NFUs
- - - - -
c99c5a1a by Emilio Pozuelo Monfort at 2022-08-11T12:46:27+02:00
Reserve DLA-3070-1 for gnutls28
- - - - -
a7fd4a05 by Emilio Pozuelo Monfort at 2022-08-11T12:58:33+02:00
Reserve DLA-3071-1 for libtirpc
- - - - -
233bf106 by Stefano Rivera at 2022-08-11T14:14:20+02:00
Pick up rsync
- - - - -
1d998e6e by Emilio Pozuelo Monfort at 2022-08-11T14:23:53+02:00
lts: gpac is EOL on buster
- - - - -
9a3c63d9 by Emilio Pozuelo Monfort at 2022-08-11T14:23:53+02:00
lts: libspring-java is EOL on buster
- - - - -
1af0be2a by Emilio Pozuelo Monfort at 2022-08-11T14:23:53+02:00
lts: ckeditor3 is EOL on buster
- - - - -
8dfe1f68 by Andreas Rönnquist at 2022-08-11T17:04:12+02:00
Claim kopanocore
- - - - -
9b0cf418 by Emilio Pozuelo Monfort at 2022-08-11T17:55:21+02:00
Add information for CVE-2022-2625/postgresql
- - - - -
8d02c2ff by Emilio Pozuelo Monfort at 2022-08-11T17:57:08+02:00
CVE-2022-2625/postgresql: replace link with CVE-specific one
- - - - -
c84aab0a by Emilio Pozuelo Monfort at 2022-08-11T18:17:19+02:00
Revert "CVE-2022-2625/postgresql: replace link with CVE-specific one"
This reverts commit 8d02c2ffbebc5e1dc9229a9acb14c0cea5eebf86.
- - - - -
9b5df4cc by Emilio Pozuelo Monfort at 2022-08-11T18:17:55+02:00
CVE-2022-2625/postgresql: replace link with CVE-specific one
- - - - -
153865ba by Emilio Pozuelo Monfort at 2022-08-11T18:18:35+02:00
Reserve DLA-3072-1 for postgresql-11
- - - - -
e14a2735 by Salvatore Bonaccorso at 2022-08-11T21:10:31+02:00
Reserve DSA number for samba update
- - - - -
755aa767 by Salvatore Bonaccorso at 2022-08-11T21:23:29+02:00
Add trafficserver to dsa-needed list
- - - - -
eb5282fc by Anton Gladky at 2022-08-11T21:49:59+02:00
LTS: add epiphany-browser
- - - - -
c4e446e7 by Anton Gladky at 2022-08-11T21:49:59+02:00
LTS: add kicad
- - - - -
a5fc868e by security tracker role at 2022-08-11T20:10:18+00:00
automatic update
- - - - -
4d1b7901 by Salvatore Bonaccorso at 2022-08-11T22:11:27+02:00
Process some NFUs
- - - - -
4c3e99d6 by Salvatore Bonaccorso at 2022-08-11T22:16:10+02:00
Process NFUs
- - - - -
ac054100 by Salvatore Bonaccorso at 2022-08-11T22:18:52+02:00
Process some more NFUs
- - - - -
95d31930 by Moritz Muehlenhoff at 2022-08-11T23:41:25+02:00
bullseye triage
- - - - -
64ca1660 by Moritz Muehlenhoff at 2022-08-11T23:47:21+02:00
more Linux refs
- - - - -
1fb5242a by Moritz Muehlenhoff at 2022-08-12T00:16:58+02:00
bullseye triage
- - - - -
9a8af819 by Moritz Muehlenhoff at 2022-08-12T09:33:58+02:00
bullseye triage
- - - - -
9f984716 by security tracker role at 2022-08-12T08:10:13+00:00
automatic update
- - - - -
1be9d904 by Emilio Pozuelo Monfort at 2022-08-12T11:54:44+02:00
lts: take ephy
- - - - -
a5fd6baa by Salvatore Bonaccorso at 2022-08-12T13:24:05+02:00
Take zlib from dsa-needed list
- - - - -
224114ba by Salvatore Bonaccorso at 2022-08-12T13:27:47+02:00
Track fixed version via unstable for unbound issues
- - - - -
74984388 by Salvatore Bonaccorso at 2022-08-12T14:20:00+02:00
Process some NFUs
- - - - -
45b8349a by Moritz Mühlenhoff at 2022-08-12T16:59:43+02:00
ATS DSA
- - - - -
17933c19 by Moritz Muehlenhoff at 2022-08-12T17:28:18+02:00
tomcat9 fixed in sid
- - - - -
07095be5 by Moritz Muehlenhoff at 2022-08-12T17:28:59+02:00
varnish fixed in sid
- - - - -
d394a483 by Salvatore Bonaccorso at 2022-08-12T20:53:52+02:00
CVE-2021-46829: Reference upstream commit (replacing merge commit)
- - - - -
3a1fb57c by Salvatore Bonaccorso at 2022-08-12T20:58:53+02:00
Track upstream fixes for CVE-2021-44648
- - - - -
56fd0842 by security tracker role at 2022-08-12T20:10:21+00:00
automatic update
- - - - -
e13fdf68 by Salvatore Bonaccorso at 2022-08-12T22:18:14+02:00
Process some NFUs
- - - - -
8f035d24 by Salvatore Bonaccorso at 2022-08-12T23:03:01+02:00
Add CVE-2022-2787 and update dsa-needed list
- - - - -
8e48f103 by Henri Salo at 2022-08-13T09:38:37+03:00
NFU
- - - - -
bc8bbd01 by Anton Gladky at 2022-08-13T09:43:25+02:00
Remove `Added` field
- - - - -
c24bb079 by Anton Gladky at 2022-08-13T09:46:55+02:00
LTS: add zlib to dla-needed
- - - - -
13a33704 by Anton Gladky at 2022-08-13T09:48:51+02:00
LTS: add schroot to dla-needed
- - - - -
f32b2c8a by security tracker role at 2022-08-13T08:10:14+00:00
automatic update
- - - - -
43a82394 by Salvatore Bonaccorso at 2022-08-13T10:31:35+02:00
Process some NFUs
- - - - -
020968c6 by Salvatore Bonaccorso at 2022-08-13T10:32:29+02:00
Remove notes from CVE-2022-36408 (rejected, duplicate of CVE-2022-31181)
- - - - -
0354d002 by Salvatore Bonaccorso at 2022-08-13T10:37:16+02:00
Drop notes from now rejected CVEs for laravel
- - - - -
027eba2a by Salvatore Bonaccorso at 2022-08-13T10:39:50+02:00
Remove TODO from CVE-2022-20359 (withdrawn by its CNA)
- - - - -
e048876a by Salvatore Bonaccorso at 2022-08-13T13:57:40+02:00
Add CVE-2022-35949/node-undici
- - - - -
90e5a2fb by Salvatore Bonaccorso at 2022-08-13T14:00:26+02:00
Add CVE-2022-38183/gitea
- - - - -
23ee41d0 by Salvatore Bonaccorso at 2022-08-13T14:14:55+02:00
Process several NFUs
- - - - -
d71c1947 by Salvatore Bonaccorso at 2022-08-13T14:15:30+02:00
Add CVE-2022-35943/codeigniter
- - - - -
fbc2a2a7 by Salvatore Bonaccorso at 2022-08-13T16:50:13+02:00
Track fixed version for sofia-sip issues fixed via unstable
- - - - -
5772161b by Moritz Mühlenhoff at 2022-08-13T21:00:48+02:00
iotjs removed
- - - - -
7ab03065 by Moritz Mühlenhoff at 2022-08-13T21:06:12+02:00
dojo fixed in sid
- - - - -
f737e65e by security tracker role at 2022-08-13T20:10:21+00:00
automatic update
- - - - -
0f390561 by Salvatore Bonaccorso at 2022-08-14T06:24:05+02:00
Add CVE-2022-35948/node-undici
- - - - -
98264ee4 by Abhijith PA at 2022-08-14T12:20:17+05:30
data/dla-needed.txt: claim puma
- - - - -
41d943ba by Anton Gladky at 2022-08-14T10:02:09+02:00
LTS: assign schroot
- - - - -
7991580b by security tracker role at 2022-08-14T08:10:11+00:00
automatic update
- - - - -
f62af8c8 by Salvatore Bonaccorso at 2022-08-14T17:40:36+02:00
Process some NFUs
- - - - -
72bcf724 by Salvatore Bonaccorso at 2022-08-14T20:00:10+02:00
Process some NFUs
- - - - -
458c7c3b by Salvatore Bonaccorso at 2022-08-14T20:04:09+02:00
Add CVE-2022-2587
- - - - -
c652740e by security tracker role at 2022-08-14T20:10:16+00:00
automatic update
- - - - -
32e2ff0e by Anton Gladky at 2022-08-14T22:36:06+02:00
LTS: add maven-shared-utils
- - - - -
9bee9630 by Anton Gladky at 2022-08-14T22:50:11+02:00
LTS: add salt package
- - - - -
1cf1b0ed by Moritz Mühlenhoff at 2022-08-14T23:43:55+02:00
NFUs
- - - - -
4c629532 by Moritz Mühlenhoff at 2022-08-15T00:24:59+02:00
NFUs
- - - - -
e3488498 by security tracker role at 2022-08-15T08:10:11+00:00
automatic update
- - - - -
059c45d6 by Salvatore Bonaccorso at 2022-08-15T10:14:57+02:00
Add CVE-2022-38223/w3m
- - - - -
e1ce9ecb by Salvatore Bonaccorso at 2022-08-15T10:16:27+02:00
Process two NFUs
- - - - -
d30ce7bf by Alberto Garcia at 2022-08-15T12:14:20+02:00
Track CVE-2022-2294 as unimportant for webkit2gtk/wpewebkit
- - - - -
d9c16928 by Emilio Pozuelo Monfort at 2022-08-15T13:27:15+02:00
lts: take zlib
- - - - -
f57cf061 by Salvatore Bonaccorso at 2022-08-15T16:29:45+02:00
Note work from Emilio on epiphany-browser
- - - - -
ceb08c6f by Chris Lamb at 2022-08-15T09:25:35-07:00
data/dla-needed.txt: Correct ordering
- - - - -
056ee9ff by Chris Lamb at 2022-08-15T09:26:58-07:00
data/dla-needed.txt: Triage freecad for buster LTS (CVE-2021-45844 & CVE-2021-45845)
- - - - -
a3d9fcad by Chris Lamb at 2022-08-15T09:30:47-07:00
Triage CVE-2021-46829 in gdk-pixbuf for buster LTS.
- - - - -
bbe08c52 by Salvatore Bonaccorso at 2022-08-15T20:04:42+02:00
Track fixed version for CVE-2022-21505/linux already (exceptionally)
It won't be named in the DSA. OTOH for unstable it is *not* unimportant
as we have CONFIG_IMA set. But for bullseye this is not the case yet.
Still it will be fixed at source level.
- - - - -
793a3463 by Salvatore Bonaccorso at 2022-08-15T20:19:25+02:00
Mark libengine-gost-openssl1.1 as removed
- - - - -
b6913e00 by Salvatore Bonaccorso at 2022-08-15T20:21:13+02:00
Mark ruby2.7 as removed from unstable
- - - - -
29004edc by Salvatore Bonaccorso at 2022-08-15T21:16:40+02:00
Reserve DSA number for linux update
- - - - -
008b11d9 by security tracker role at 2022-08-15T20:10:22+00:00
automatic update
- - - - -
24729270 by Salvatore Bonaccorso at 2022-08-15T22:12:12+02:00
Process some NFUs
- - - - -
d22de050 by Salvatore Bonaccorso at 2022-08-15T22:15:41+02:00
Process some NFUs
- - - - -
503e9bd4 by Salvatore Bonaccorso at 2022-08-15T22:16:33+02:00
Add CVE-2022-2822/octoprint
- - - - -
06d99555 by Salvatore Bonaccorso at 2022-08-15T22:18:04+02:00
Add reference for CVE-2022-2787
- - - - -
bdf84f11 by Salvatore Bonaccorso at 2022-08-15T22:19:36+02:00
Add CVE-2022-2819/vim
- - - - -
d4a95cda by Salvatore Bonaccorso at 2022-08-16T06:51:51+02:00
Mark w3m issue as no-dsa for bullseye
- - - - -
26797cd3 by security tracker role at 2022-08-16T08:10:14+00:00
automatic update
- - - - -
6fd70c0d by Salvatore Bonaccorso at 2022-08-16T10:26:39+02:00
Process NFUs
- - - - -
b220c9ca by Salvatore Bonaccorso at 2022-08-16T10:27:13+02:00
Add CVE-2022-2817/vim
- - - - -
40da2368 by Salvatore Bonaccorso at 2022-08-16T10:28:03+02:00
Add CVE-2022-2816/vim
- - - - -
a48e5a35 by Salvatore Bonaccorso at 2022-08-16T10:43:59+02:00
Process some NFUs
- - - - -
a3729572 by Salvatore Bonaccorso at 2022-08-16T10:44:25+02:00
Add CVE-2021-3323{5,6}/htmldoc
- - - - -
b60603f3 by Neil Williams at 2022-08-16T11:01:26+01:00
CVE-2020-21365/wkhtmltopdf 0.12.6-1
- - - - -
da6a56e0 by Neil Williams at 2022-08-16T11:14:41+01:00
Process some NFUs
- - - - -
3db43c5c by Salvatore Bonaccorso at 2022-08-16T12:43:00+02:00
Switch target source package name as used in the ITP
- - - - -
71737919 by Chris Lamb at 2022-08-16T08:09:29-07:00
data/dla-needed.txt: Triage net-snmp for buster LTS.
- - - - -
577c85d8 by Chris Lamb at 2022-08-16T08:10:20-07:00
data/dla-needed.txt: Triage netatalk for buster LTS.
- - - - -
fd0665f5 by Chris Lamb at 2022-08-16T08:11:53-07:00
data/dla-needed.txt: Triage php-horde-mime-viewer for buster LTS (CVE-2022-26874)
- - - - -
c4301580 by Chris Lamb at 2022-08-16T08:14:02-07:00
data/dla-needed.txt: Triage php-horde-turba for buster LTS (CVE-2022-30287)
- - - - -
7abf24a6 by Chris Lamb at 2022-08-16T08:15:16-07:00
Triage CVE-2022-34749 in mistune for buster LTS.
- - - - -
d1959f4d by Chris Lamb at 2022-08-16T08:15:41-07:00
Triage CVE-2022-37394 in nova for buster LTS.
- - - - -
a3a9e490 by Chris Lamb at 2022-08-16T08:16:41-07:00
Triage CVE-2022-2514, CVE-2022-2523 & CVE-2022-2589 in fava for buster LTS.
- - - - -
688aaa54 by Chris Lamb at 2022-08-16T08:16:56-07:00
data/dla-needed.txt: Add programming language.
- - - - -
fc43cf84 by Chris Lamb at 2022-08-16T08:17:34-07:00
Triage CVE-2020-8287 in http-parser for buster LTS.
- - - - -
913c5e79 by Chris Lamb at 2022-08-16T08:17:51-07:00
Triage CVE-2021-41556 in squirrel3 for buster LTS.
- - - - -
506f373e by Chris Lamb at 2022-08-16T08:18:14-07:00
Triage CVE-2022-38223 in w3m for buster LTS.
- - - - -
9ab01064 by Chris Lamb at 2022-08-16T08:18:45-07:00
Triage CVE-2021-23385 in flask-security for buster LTS.
- - - - -
ec45dbf5 by Chris Lamb at 2022-08-16T08:19:07-07:00
Triage CVE-2016-3709 in libxml2 for buster LTS.
- - - - -
a33c3609 by Anton Gladky at 2022-08-16T18:28:37+02:00
Merge remote-tracking branch 'origin/master' into fix_987283
- - - - -
f50b11cf by Anton Gladky at 2022-08-16T22:18:47+02:00
Use COALESCE for the querry.
Thanks to Florian for the tip
- - - - -
23 changed files:
- bin/add-dsa-needed.sh
- − bin/lts-auto-eol
- bin/lts-cve-triage.py
- bin/lts-missing-uploads
- bin/unsupported_packages.py
- conf/cvelist.el
- data/CVE/list
- data/DLA/list
- data/DSA/list
- data/config.json
- data/dla-needed.txt
- data/dsa-needed.txt
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
- data/packages/removed-packages
- doc/DLA.template
- doc/DSA.template
- doc/security-team.d.o/index
- lib/python/security_db.py
- static/distributions.json
- templates/lts-no-dsa.txt
- templates/lts-update-planned-minor.txt
- templates/lts-update-planned.txt
Changes:
=====================================
bin/add-dsa-needed.sh
=====================================
@@ -20,7 +20,7 @@
set -eu
-include_oldstable=true
+include_oldstable=false
turl="https://security-tracker.debian.org/tracker/status/release"
[ -f data/dsa-needed.txt ] || {
=====================================
bin/lts-auto-eol deleted
=====================================
@@ -1,68 +0,0 @@
-#!/usr/bin/perl
-use File::Copy;
-my $pkg = $ARGV[0];
-shift @ARGV;
-while (my $cve = shift @ARGV) {
- &addEol($pkg, $cve);
-}
-exit;
-
-sub addEol {
- my ($pkg, $cve) = @_;
-# print "Searching for $cve\n";
- # Mode
- # d - default
- # c - cve found
- # p - pkg found
- # e - eol printed, just continue to end of file as we are done
- my $mode = "d";
- open IF, "data/CVE/list";
- open OF, ">data/CVE/list.x";
- while (my $line = <IF>) {
- if ($mode eq "e") {
- print OF $line;
- next;
- }
- if ($mode eq "d") {
- if ($line =~ /$cve\s/) {
-# print " CVE $cve found\n";
- $mode = "c";
- print OF $line;
- next;
- }
- }
- if ($mode eq "c") {
- if ($line =~ /^\s+- $pkg\s/) {
- $mode = "p";
-# print " Package $pkg found\n";
- print OF $line;
- next;
- }
- }
- if ($mode eq "p") {
- if ($line =~ /^\s+\[buster\] - $pkg\s/) {
- $mode = "e";
- print "Existing LTS line found, skipping: $line";
- print OF $line;
- next;
- }
- if ($line =~ /^\s+\[bullseye\] - $pkg\s/ ||
- $line =~ /^\s+\[bookworm\] - $pkg\s/ ||
- $line =~ /^\s+\[trixie\] - $pkg\s/) {
- # skipping through other distribution info
- print OF $line;
- next;
- }
- # End of package entry add EOL
- print "EOL $cve for $pkg added.\n";
- print OF "\t[buster] - $pkg <end-of-life> (No longer supported in LTS buster)\n";
- print OF $line;
- $mode = "e";
- next;
- }
- print OF $line;
- }
- close IF;
- close OF;
- move ("data/CVE/list.x", "data/CVE/list");
-}
=====================================
bin/lts-cve-triage.py
=====================================
@@ -97,7 +97,7 @@ parser.add_argument('--exclude', nargs='+', choices=[x[0] for x in LIST_NAMES],
args = parser.parse_args()
tracker = TrackerData(update_cache=not args.skip_cache_update)
-unsupported = UnsupportedPackages(debian_version=10,
+unsupported = UnsupportedPackages(codename=RELEASES['lts'],
update_cache=not args.skip_cache_update)
limited = LimitedSupportPackages(update_cache=not args.skip_cache_update)
# unsupport/limited package names can be regexps
=====================================
bin/lts-missing-uploads
=====================================
@@ -28,7 +28,7 @@ from debian.debian_support import Version
class LTSMissingUploads(object):
MONTHS = 6
- SOURCES = ['http://security.debian.org/dists/stretch/updates/{}/source/Sources.gz'.format(component)
+ SOURCES = ['http://security.debian.org/dists/buster/updates/{}/source/Sources.gz'.format(component)
for component in ('main', 'contrib', 'non-free')]
re_line = re.compile(
=====================================
bin/unsupported_packages.py
=====================================
@@ -13,6 +13,9 @@
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <https://www.gnu.org/licenses/>.
+import setup_paths # noqa # pylint: disable=unused-import
+
+import config
import os
import re
import requests
@@ -49,8 +52,11 @@ class UnsupportedPackages(DebSecSupport):
URL = "https://salsa.debian.org/debian/debian-security-support/raw/master/security-support-ended.deb{}"
CACHED_DATA_PATH = "~/.cache/security-support-ended.deb{}"
- def __init__(self, debian_version, update_cache=True):
- self.debian_version = debian_version
+ def __init__(self, codename, update_cache=True):
+ # codename to version number
+ dists = list(config.get_config().keys())
+ self.debian_version = dists.index(codename) + 1
+
self.url = self.URL.format(self.debian_version)
self.cache = os.path.expanduser(self.CACHED_DATA_PATH).format(
=====================================
conf/cvelist.el
=====================================
@@ -18,6 +18,7 @@
(setq last-nfu "")
(setq bugnum "")
(setq newsrcpkg "")
+(setq default_distro "bullseye")
; TODO: Tab completion for existing NFUs
(defun debian-cvelist-insert-not-for-us ()
@@ -48,7 +49,7 @@
(setq srcpkg (thing-at-point 'filename))
(next-line)
(beginning-of-line)
- (insert (concat "\t[buster] - " srcpkg " <no-dsa> (" reason ")\n" )))
+ (insert (concat "\t[" default_distro "] - " srcpkg " <no-dsa> (" reason ")\n" )))
(defun debian-cvelist-insert-postponed ()
"Insert postponed comment based on the current source entry."
@@ -57,7 +58,7 @@
(setq srcpkg (thing-at-point 'filename))
(next-line)
(beginning-of-line)
- (insert (concat "\t[buster] - " srcpkg " <postponed> (" reason ")\n" )))
+ (insert (concat "\t[" default_distro "] - " srcpkg " <postponed> (" reason ")\n" )))
; TODO: Read supported distros from central config and prompt for applicable suites
(defun debian-cvelist-insert-not-affected ()
@@ -67,7 +68,7 @@
(setq srcpkg (thing-at-point 'filename))
(next-line)
(beginning-of-line)
- (insert (concat "\t[buster] - " srcpkg " <not-affected> (" reason ")\n" )))
+ (insert (concat "\t[" default_distro "] - " srcpkg " <not-affected> (" reason ")\n" )))
; TODO: Parse existing source entries for buffer tab completion
(defun debian-cvelist-insert-srcentry ()
=====================================
data/CVE/list
=====================================
The diff for this file was not included because it is too large.
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,18 @@
+[11 Aug 2022] DLA-3072-1 postgresql-11 - security update
+ {CVE-2022-2625}
+ [buster] - postgresql-11 11.17-0+deb10u1
+[11 Aug 2022] DLA-3071-1 libtirpc - security update
+ {CVE-2021-46828}
+ [buster] - libtirpc 1.1.4-0.4+deb10u1
+[11 Aug 2022] DLA-3070-1 gnutls28 - security update
+ {CVE-2021-4209 CVE-2022-2509}
+ [buster] - gnutls28 3.6.7-4+deb10u9
+[09 Aug 2022] DLA-3069-1 gst-plugins-good1.0 - security update
+ {CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122}
+ [buster] - gst-plugins-good1.0 1.14.4-1+deb10u2
+[04 Aug 2022] DLA-3068-1 xorg-server - security update
+ {CVE-2022-2319 CVE-2022-2320}
+ [buster] - xorg-server 2:1.20.4-1+deb10u5
[01 Jul 2022] DLA-3067-1 stretch-lts - end-of-life
NOTE: end of security support for stretch-lts
[01 Jul 2022] DLA-3066-1 isync - security update
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,44 @@
+[15 Aug 2022] DSA-5207-1 linux - security update
+ {CVE-2022-2585 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373 CVE-2022-29900 CVE-2022-29901 CVE-2022-36879 CVE-2022-36946}
+ [bullseye] - linux 5.10.136-1
+[12 Aug 2022] DSA-5206-1 trafficserver - security update
+ {CVE-2021-37150 CVE-2022-25763 CVE-2022-28129 CVE-2022-31778 CVE-2022-31779 CVE-2022-31780}
+ [bullseye] - trafficserver 8.1.5+ds-1~deb11u1
+[11 Aug 2022] DSA-5205-1 samba - security update
+ {CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746}
+ [bullseye] - samba 2:4.13.13+dfsg-1~deb11u5
+[09 Aug 2022] DSA-5204-1 gst-plugins-good1.0 - security update
+ {CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122}
+ [bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u1
+[08 Aug 2022] DSA-5203-1 gnutls28 - security update
+ {CVE-2022-2509}
+ [bullseye] - gnutls28 3.7.1-5+deb11u2
+[08 Aug 2022] DSA-5202-1 unzip - security update
+ {CVE-2022-0529 CVE-2022-0530}
+ [bullseye] - unzip 6.0-26+deb11u1
+[07 Aug 2022] DSA-5201-1 chromium - security update
+ {CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624}
+ [bullseye] - chromium 104.0.5112.79-1~deb11u1
+[07 Aug 2022] DSA-5200-1 libtirpc - security update
+ {CVE-2021-46828}
+ [bullseye] - libtirpc 1.3.1-1+deb11u1
+[06 Aug 2022] DSA-5199-1 xorg-server - security update
+ {CVE-2022-2319 CVE-2022-2320}
+ [bullseye] - xorg-server 2:1.20.11-1+deb11u2
+[02 Aug 2022] DSA-5198-1 jetty9 - security update
+ {CVE-2022-2047 CVE-2022-2048}
+ [bullseye] - jetty9 9.4.39-3+deb11u1
+[01 Aug 2022] DSA-5197-1 curl - security update
+ {CVE-2021-22898 CVE-2021-22924 CVE-2021-22945 CVE-2021-22946 CVE-2021-22947 CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208}
+ [bullseye] - curl 7.74.0-1.3+deb11u2
+[31 Jul 2022] DSA-5196-1 libpgjava - security update
+ {CVE-2022-21724 CVE-2022-26520}
+ [buster] - libpgjava 42.2.5-2+deb10u1
+ [bullseye] - libpgjava 42.2.15-1+deb11u1
+[30 Jul 2022] DSA-5195-1 thunderbird - security update
+ {CVE-2022-36318 CVE-2022-36319}
+ [buster] - thunderbird 1:91.12.0-1~deb10u1
+ [bullseye] - thunderbird 1:91.12.0-1~deb11u1
[29 Jul 2022] DSA-5194-1 booth - security update
{CVE-2022-2553}
[buster] - booth 1.0-162-g27f917f-2+deb10u1
@@ -73,7 +114,7 @@
[buster] - gnupg2 2.2.12-1+deb10u2
[bullseye] - gnupg2 2.2.27-2+deb11u2
[03 Jul 2022] DSA-5173-1 linux - security update
- {CVE-2021-4197 CVE-2022-0494 CVE-2022-0812 CVE-2022-0854 CVE-2022-1011 CVE-2022-1012 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-2153 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23960 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29581 CVE-2022-30594 CVE-2022-32250 CVE-2022-32296 CVE-2022-33981}
+ {CVE-2021-4197 CVE-2022-0494 CVE-2022-0812 CVE-2022-0854 CVE-2022-1011 CVE-2022-1012 CVE-2022-1016 CVE-2022-1048 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-2153 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23960 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29581 CVE-2022-30594 CVE-2022-32250 CVE-2022-32296 CVE-2022-33981}
[buster] - linux 4.19.249-2
[29 Jun 2022] DSA-5172-1 firefox-esr - security update
{CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484}
=====================================
data/config.json
=====================================
@@ -81,7 +81,7 @@
"buster-proposed-updates"
]
},
- "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips", "mips64el", "mipsel", "ppc64el", "s390x" ],
+ "architectures": [ "amd64", "arm64", "armhf", "i386" ],
"release": "oldstable"
},
"bullseye": {
=====================================
data/dla-needed.txt
=====================================
@@ -12,22 +12,98 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.
-NOTE: stretch->buster LTS transition in progress during 2022-07
-NOTE: only add packages planned for the next buster point release
-NOTE: https://lists.debian.org/debian-lts/2022/07/msg00025.html
-
NOTE: IMPORTANT: during 2022-08, make sure you do NOT conflict with a
NOTE: IMPORTANT: prepared upload for buster's last point release, see:
NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian.org@packages.debian.org;tag=pu
--
-apache2 (Roberto C. Sánchez)
+apache2
+ NOTE: 20220811: Programming language: C.
NOTE: 20220723: Prepared update 2.4.38-3+deb10u8 and filed #1014346 requesting SRM approval for upload to final buster point release (roberto)
NOTE: 20220723: Received upload approval from SRM and uploaded to buster (roberto)
+ NOTE: 20220809: Package is in oldstable-proposed-updates and will be in final buster point release (roberto)
+--
+asterisk (Markus Koschany)
+ NOTE: 20220810: Programming language: C.
+--
+curl (Markus Koschany)
+ NOTE: 20220802: Programming language: C.
+--
+epiphany-browser (Emilio)
+ NOTE: 20220811: Programming language: C.
+--
+freecad
+ NOTE: 20220815: Programming language: Python.
+ NOTE: 20220815: Not all of the vulnerable os.system calls exist in the buster version. (lamby)
+--
+jetty9 (Markus Koschany)
+ NOTE: 20220802: Programming language: Java.
+--
+kicad
+ NOTE: 20220811: Programming language: C++.
+--
+kopanocore (Andreas Rönnquist)
+ NOTE: 20220801: Programming language: C++.
+ NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
--
linux (Ben Hutchings)
--
-rustc (Emilio)
- NOTE: 20220614: backporting toolchain (rust, llvm...) for Firefox 102 ESR (pochu)
- NOTE: 20220712: bullseye backports done, wip on buster updates (pochu)
+maven-shared-utils
+ NOTE: 20220813: Programming language: Java
+ NOTE: 20220813: VCS: https://salsa.debian.org/java-team/maven-shared-utils
+ NOTE: 20220813: Maintainer notes: Markus is active in the Java team
+ NOTE: 20220813: Special attention: Relatively high popcon
+ NOTE: 20220813: Patch is relatively high. Please check, whether it can safely be applied (Anton)
+--
+mediawiki (Markus Koschany)
+ NOTE: 20220810: Programming language: PHP.
+--
+ndpi (Anton)
+ NOTE: 20220801: Programming language: C.
+--
+net-snmp
+ NOTE: 20220816: Programming language: C.
+--
+netatalk
+ NOTE: 20220816: Programming language: C.
+--
+nodejs
+ NOTE: 20220801: Programming language: JavaScript.
+ NOTE: 20220801: one of the upstream fixes doesn't address the security issue
+--
+php-horde-mime-viewer
+ NOTE: 20220816: Programming language: PHP.
+--
+php-horde-turba
+ NOTE: 20220816: Programming language: PHP.
+--
+puma (Abhijith PA)
+ NOTE: 20220801: Programming language: Ruby.
+--
+qemu (Abhijith PA)
+ NOTE: 20220802: Programming language: C.
+ NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and
+ NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm)
+ NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith)
+--
+rsync (Stefano Rivera)
+ NOTE: 20220811: Programming language: C.
+ NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton)
+--
+salt
+ NOTE: 20220814: Programming language: Python
+ NOTE: 20220814: Packages is not in the supported packages by us.
+ NOTE: 20220814: Also, I am not sure, whether it is possible to fix issues
+ NOTE: 20220814: without backporting a newer verion. (Anton)
+--
+schroot (carnil)
+ NOTE: 20220813: Programming language: C++
+ NOTE: 20220813: VCS: https://salsa.debian.org/debian/schroot/
+ NOTE: 20220813: Maintainer notes: Maintainer prepares o-o-stable updates
+ NOTE: 20220813: Debian security team will release DSA and DLA
+--
+zlib (Emilio)
+ NOTE: 20220813: Programming language: C
+ NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/
+ NOTE: 20220813: Special attention: Very high popcon. Please test carefully!
--
=====================================
data/dsa-needed.txt
=====================================
@@ -12,53 +12,37 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
--
-asterisk
---
-curl (apo)
+asterisk (apo)
--
epiphany-browser
+ Emilio prepared a debdiff for review
--
freecad (aron)
--
-gst-plugins-good1.0
---
-jetty
+gdk-pixbuf
--
kicad (jmm)
--
-kopanocore/oldstable
---
-librecad
---
-libpgjava (apo)
- NOTE: 20220711: libscram-java is missing in bullseye-security. I am currently
- NOTE: 20220711: waiting for #1014409 being resolved.
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
- releases to more recent v4.19.y and v5.10.y versions
----
-ndpi/oldstable
+ releases to more recent v5.10.y versions
+--
+maven-shared-utils
--
net-snmp
--
netatalk
open regression with MacOS, tentative patch not yet merged upstream
--
-nodejs/stable
---
-nodejs/oldstable
- one of the upstream fixes doesn't address the security issue
+nodejs
--
php-horde-mime-viewer
--
php-horde-turba
--
-puma/oldstable
---
rails
--
-rpki-client/stable
+rpki-client
new 7.6 release required libretls, which isn't in Bullseye
--
ruby-rack
@@ -67,18 +51,16 @@ ruby-tzinfo
--
salt
--
-samba
+schroot (carnil)
--
-slurm-llnl/oldstable
+sofia-sip
--
sox
patch needed for CVE-2021-40426, check with upstream
--
-thunderbird
+webkit2gtk (berto)
--
-unzip
- unclear information, initial report indicates writable memory corruption, but
- some identified patch is just for a NULL deref, needs more clarification
+wpewebkit (berto)
--
-xorg-server
+zlib (carnil)
--
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -218,3 +218,23 @@ CVE-2021-45910
[buster] - gif2apng 1.9+srconly-2+deb10u1
CVE-2021-45909
[buster] - gif2apng 1.9+srconly-2+deb10u1
+CVE-2022-28736
+ [buster] - grub2 2.06-3~deb10u1
+CVE-2022-28735
+ [buster] - grub2 2.06-3~deb10u1
+CVE-2022-28734
+ [buster] - grub2 2.06-3~deb10u1
+CVE-2022-28733
+ [buster] - grub2 2.06-3~deb10u1
+CVE-2021-3697
+ [buster] - grub2 2.06-3~deb10u1
+CVE-2021-3696
+ [buster] - grub2 2.06-3~deb10u1
+CVE-2021-3695
+ [buster] - grub2 2.06-3~deb10u1
+CVE-2022-31607
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1
+CVE-2022-31608
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1
+CVE-2022-31615
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1
=====================================
data/next-point-update.txt
=====================================
@@ -38,3 +38,29 @@ CVE-2021-45910
[bullseye] - gif2apng 1.9+srconly-3+deb11u1
CVE-2021-45909
[bullseye] - gif2apng 1.9+srconly-3+deb11u1
+CVE-2022-31081
+ [bullseye] - libhttp-daemon-perl 6.12-1+deb11u1
+CVE-2022-31213
+ [bullseye] - dbus-broker 26-1+deb11u2
+CVE-2022-28736
+ [bullseye] - grub2 2.06-3~deb11u1
+CVE-2022-28735
+ [bullseye] - grub2 2.06-3~deb11u1
+CVE-2022-28734
+ [bullseye] - grub2 2.06-3~deb11u1
+CVE-2022-28733
+ [bullseye] - grub2 2.06-3~deb11u1
+CVE-2021-3697
+ [bullseye] - grub2 2.06-3~deb11u1
+CVE-2021-3696
+ [bullseye] - grub2 2.06-3~deb11u1
+CVE-2021-3695
+ [bullseye] - grub2 2.06-3~deb11u1
+CVE-2022-31607
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1
+CVE-2022-31608
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1
+CVE-2022-31615
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1
+CVE-2021-3502
+ [bullseye] - avahi 0.8-5+deb11u1
=====================================
data/packages/removed-packages
=====================================
@@ -820,3 +820,108 @@ opentmpfiles
php8.0
rust-rand-core-0.3
ansible-base
+389-admin
+acccheck
+aolserver4
+banshee
+bareftp
+biomaj-watcher
+blam
+burn
+cbrpager
+cfengine2
+chromium-browser
+comix
+common-lisp-controller
+conkeror
+consolekit
+dansguardian
+django-celery
+dotlrn
+ekg
+ekiga
+emacs25
+flower
+fso-datad
+fso-deviced
+fso-frameworkd
+fso-gsmd
+fso-usaged
+getmail4
+gnash
+gnats
+gnome-exe-thumbnailer
+gnome-orca
+gnome-vfs
+gnome-xcf-thumbnailer
+gns3
+gnugk
+gquilt
+gxine
+hunspell-en-us
+hyperestraier
+ibid
+ike
+ipsec-tools
+irssi-plugin-otr
+jquery-jplayer
+kde-baseapps
+kdewebdev
+libbson
+libgnumail-java
+libidn2-0
+libkdcraw
+libpam-sshauth
+libpam4j
+librdmacm
+libsocialweb
+libxfcegui4
+linux-4.19
+linux-latest-4.19
+linuxdcpp
+llvm-toolchain-3.7
+lucene2
+mail-notification
+mat
+memcachedb
+mixmaster
+mon
+mono-reference-assemblies
+monotone
+not-yet-commons-ssl
+nufw
+nvidia-graphics-drivers-legacy-304xx
+obnam
+opal
+openacs
+opensaml2
+opensips
+owl
+pavuk
+phonefsod
+plexus-utils
+ptlib
+pxz
+pybliographer
+python-django-openstack-auth
+python-django-piston
+reportbug-ng
+rhn-client-tools
+rhnsd
+rssh
+ruby-rack-protection
+srtp
+swift-plugin-s3
+synaesthesia
+systemd-shim
+tau
+thrift-compiler
+tk8.5
+tomboy
+unbound1.9
+uzbl
+wagon2
+webkitkde
+xvt
+yarssr
+zonecheck
=====================================
doc/DLA.template
=====================================
@@ -9,14 +9,14 @@ $SPACEDDATE https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : $PACKAGE
-Version : $stretch_VERSION
+Version : $buster_VERSION
CVE ID : $CVE
Debian Bug : $BUGNUM
$TEXT
-For Debian 9 stretch, this problem has been fixed in version
-$stretch_VERSION.
+For Debian 10 buster, this problem has been fixed in version
+$buster_VERSION.
We recommend that you upgrade your $PACKAGE packages.
=====================================
doc/DSA.template
=====================================
@@ -14,9 +14,6 @@ Debian Bug : $BUGNUM
$TEXT
-For the oldstable distribution ($OLDSTABLE), this problem has been fixed
-in version $$OLDSTABLE_VERSION.
-
For the stable distribution ($STABLE), this problem has been fixed in
version $$STABLE_VERSION.
=====================================
doc/security-team.d.o/index
=====================================
@@ -1,11 +1,9 @@
<table style="margin: 0 auto 0 auto;width: 100%;text-align:center;">
<tbody>
- <tr><th>buster 10</th><th>bullseye 11</th><th>bookworm 12</th><th>sid</th></tr>
- <tr><th>buster-security</th><th>bullseye-security</th><th>testing</th><th>unstable</th></tr>
+ <tr><th>bullseye 11</th><th>bookworm 12</th><th>sid</th></tr>
+ <tr><th>bullseye-security</th><th>testing</th><th>unstable</th></tr>
<tr>
<td valign="top">
- <a href="https://security-tracker.debian.org/tracker/status/release/oldstable">Vulnerable Packages</a><br\>
- </td><td valign="top">
<a href="https://security-tracker.debian.org/tracker/status/release/stable">Vulnerable Packages</a><br\>
</td><td valign="top">
<a href="https://security-tracker.debian.org/tracker/status/release/testing">Vulnerable Packages</a><br\>
@@ -13,8 +11,6 @@
<a href="https://security-tracker.debian.org/tracker/status/release/unstable">Vulnerable Packages</a><br\>
</td></tr>
<tr><td valign="top">
- <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-oldstable-point-update.txt">Next (oldstable) point update</a><br\>
- </td><td valign="top">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-point-update.txt">Next point update</a><br\>
</td><td valign="top">
Next point update<br\>
=====================================
lib/python/security_db.py
=====================================
@@ -2074,9 +2074,7 @@ class DB:
cursor = self.cursor()
last_bug = None
- show_ignored_sql = ""
- if (not show_ignored):
- show_ignored_sql = "AND source_package_status.debian_bug_file = 1"
+ show_ignored_sql = f" AND COALESCE (debian_bug_file = {1 if show_ignored else 0}, NULL)"
result = []
for bug, pkg in cursor.execute(
=====================================
static/distributions.json
=====================================
@@ -16,8 +16,8 @@
},
"buster": {
"major-version": "10",
- "support": "security",
- "contact": "team at security.debian.org"
+ "support": "lts",
+ "contact": "debian-lts at lists.debian.org"
},
"bullseye": {
"major-version": "11",
=====================================
templates/lts-no-dsa.txt
=====================================
@@ -1,12 +1,12 @@
Content-Type: text/plain; charset=utf-8
To: {{ to }}
Cc: {{ cc }}
-Subject: About the security issues affecting {{ package }} in Stretch
+Subject: About the security issues affecting {{ package }} in Buster
Dear maintainer(s),
The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Stretch:
+package in Buster:
{%- if cve -%}
{% for entry in cve %}
https://security-tracker.debian.org/tracker/{{ entry }}
@@ -15,10 +15,10 @@ https://security-tracker.debian.org/tracker/{{ entry }}
https://security-tracker.debian.org/tracker/source-package/{{ package }}
{%- endif %}
-We decided that we would not prepare a stretch security update (usually
+We decided that we would not prepare a buster security update (usually
because the security impact is low and that we concentrate our limited
resources on higher severity issues and on the most widely used packages).
-That said the stretch users would most certainly benefit from a fixed
+That said the buster users would most certainly benefit from a fixed
package.
If you want to work on such an update, you're welcome to do so. Please
=====================================
templates/lts-update-planned-minor.txt
=====================================
@@ -1,10 +1,10 @@
Content-Type: text/plain; charset=utf-8
To: {{ to }}
Cc: {{ cc }}
-Subject: Stretch update of {{ package }} (minor security issues)?
+Subject: Buster update of {{ package }} (minor security issues)?
The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Stretch:
+package in Buster:
{%- if cve -%}
{% for entry in cve %}
https://security-tracker.debian.org/tracker/{{ entry }}
@@ -17,7 +17,7 @@ We decided that a member of the LTS team should take a look at this
package, although the security impact of still open issues is low. When
resources are available on our side, one of the LTS team members will
start working on fixes for those minor security issues, as we think that
-the stretch users would most certainly benefit from a fixed package.
+the buster users would most certainly benefit from a fixed package.
If you'd rather want to work on such an update yourself, you're welcome
to do so. Please send us a short notification to the debian-lts mailing
=====================================
templates/lts-update-planned.txt
=====================================
@@ -1,12 +1,12 @@
Content-Type: text/plain; charset=utf-8
To: {{ to }}
Cc: {{ cc }}
-Subject: Stretch update of {{ package }}?
+Subject: Buster update of {{ package }}?
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
-currently open in the Stretch version of {{ package }}:
+currently open in the Buster version of {{ package }}:
{%- if cve -%}
{% for entry in cve %}
https://security-tracker.debian.org/tracker/{{ entry }}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c28bf164fff7792988c502883f4ef69dc1e62da7...f50b11cfa293b3d86e3728f53f0e8965909e8e33
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c28bf164fff7792988c502883f4ef69dc1e62da7...f50b11cfa293b3d86e3728f53f0e8965909e8e33
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220816/0fa5ed74/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list