April 2023 Archives by thread
Starting: Sat Apr 1 00:07:19 BST 2023
Ending: Sun Apr 30 22:21:26 BST 2023
Messages: 810
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3378-1 for duktape
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Try to clarify note for CVE-2023-28879
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-29132/irssi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-29132/irssi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-29132/irssi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3379-1 for intel-microcode
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28879/ghostscript via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: Triage ghostscript for buster LTS (CVE-2023-28879)
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Track proposed libreoffice update via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for duktape via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2022-36021 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new set of nvidia-graphics-drivers issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking entries for nvidia-graphics-drivers-legacy-340xx
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking items for nvidia-graphics-drivers-tesla-418
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking entries for nvidia-graphics-drivers-legacy-390xx
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track CVE entries for nvidia-graphics-drivers-tesla-450
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking entries for nvidia-graphics-drivers-tesla-460
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking items for nvidia-graphics-drivers-tesla
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking items for nvidia-graphics-drivers-tesla-470
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track new nvidia-open-gpu-kernel-modules CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3380-1 for firmware-nonfree
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Process CVE-2023-26269 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-29141/mediawiki
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28844/nextcloud-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-1436/libjettison-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-1436 as no-dsa for bullseye
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-1436/libjettison-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28144/hotspot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-27025 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28755/ruby
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28756/ruby
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: update consul note
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Updated note for ruby-loofah.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-*/nvidia-graphics-drivers-legacy-340xx: buster ignored
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add jruby
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Clarify that the additional hardening for CVE-2023-28879 should not be applied to older versions
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-0836/haproxy: buster not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-1436/libjettison-java: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Re-claim
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for xen issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2022-1996
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-1996/golang-github-emicklei-go-restful
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-1436/libjettison-java: reference introductory commit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-4899/libzstd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28834/nextcloud-server, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28625/libapache2-mod-auth-openidc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28625
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-24532/golang-1.11: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] new smarty issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] claim protobuf DLA
Helmut Grohne ( at helmutg)
- [Git][security-tracker-team/security-tracker][master] add mediawiki reference
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26437/pdns-recursor
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3381-1 for ghostscript
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] dla: add libapache2-mod-auth-openidc
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: salt is now sponsored
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add udisks2
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Directly reference upstream commits for CVE-2023-28447
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: dla: libapache2-mod-auth-openidc: one more CVE to fix
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-24537/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add as well tracking for golang 1.15 and 1.11 for CVE-2023-24537
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-24538/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-24534/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-24536/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some new nextcloud-desktop issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new envoyproxy issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26991/swftools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process CVE-2023-20941 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2022-41981,openimageio: Link to fixing commits
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3382-1 for openimageio
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Claim trafficserver in dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Replace name with uid
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-41981 reference the merged commit in the repository
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for smarty issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1838/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for chromium CVEs fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim grunt.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] dla: php-cas: clarification
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-45143,tomcat9: buster is not affected
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3383-1 for grunt
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] new opensmtpd issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: claim udisks2 in dla-needed.txt
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Claim ruby-rack ( with utkarsh as mentor )
Scarlett Gately Moore ( at sgmoore)
- [Git][security-tracker-team/security-tracker][master] dla: re-add grunt
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Mark cgimer as removed from the archive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark cgminer as removed from all supported suites
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove unrelated URL from CVE-2023-20941
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3384-1 for tomcat9
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5381-1 for tomcat9
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for cairosvg update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes for CVE-2023-1103
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes for CVE-2023-25587 and CVE-2023-22608
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] fix reference
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for ghostscript update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3385-1 for trafficserver
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-26437/pdns-recursor
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2023-2884{0,1,2}/docker.io
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1855/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1859/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26916/libyang2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-27493/envoyproxy
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-27496/envoyproxy
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-29421/bzip3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add openimageio to dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add three more bzip3 issues: CVE-2023-294{18,19,20}
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2941{5,6,,7}/bzip3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes for nvidia-graphics-drivers-tesla-450 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3386-1 for grunt
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] identify actual fixes for two protobuf issues
Helmut Grohne ( at helmutg)
- [Git][security-tracker-team/security-tracker][master] new rust-spin issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-24536: tidy version tag
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] new ruby-sidekiq issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new glpi issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] nomad n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] nvidia-graphics-drivers-tesla-450, unbound spus
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update reference for CVE-2022-1941
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Expand reference for CVE-2021-22570
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream tag information for CVE-2023-1892
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-1892/ruby-sidekiq
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Make some some older glpi entries consistent with unimportant severity
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26112/configobj
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop apache2 from dsa-needed for regression update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1668/openvswitch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1916/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-1668/openvswitch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1579/binutils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-0842/node-xml2js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-1648
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-4899/libzstd: buster not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-28858/redis-py: buster not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-24813/php-dompdf: buster not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-0842/node-xml2js: reference upstream issue
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3387-1 for udisks2
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-2630{2,3}/markdown-it-py via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: take libapache2-mod-auth-openidc
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] LTS: claim zabbix in dla-needed.txt
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2022-4899/libzstd as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-24813
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove todo for CVE-2023-0842
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1801/tcpdump
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-24626/screen
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for linux CVEs fixed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Typo
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add lldpd
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track libpod fixes via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-1801
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-1801
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-23134 is not affecting buster and bullseye:
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-24918 is not affecting buster.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2019-17382 for buster: Same situation as for stretch/jessie, elaborate reason.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Update notes for CVE-2022-23134
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-1194
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-24473 and CVE-2023-22845
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-24472/openimageio
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-38143,openimageio: Bullseye is not affected.
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-21897/cloudcompare
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for various nvidia-graphics-drivers-tesla-470 CVEs via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30456/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5384-1 for openimageio
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3387-2 for udisks2
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] 2 commits: external-check: Handle vendor entries with additional vendor security prefix
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim lldpd.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.19 issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for CVE-2022-25927
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references to upstream fix for CVE-2023-0842/node-xml2js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-0842/node-xml2js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for CVE-2023-2447{2,3} and CVE-2023-22845
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-26112/configobj
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-26916/libyang2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-36440/frr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new otrs issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new llvm non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28428/ippsample
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new netatalk issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Adjust upstream commit reference according to pull request and commit for netatalk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add haproxy to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-23132 is not affecting buster.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Track nvidia-graphics-drivers fixes via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track nvidia-graphics-drivers-tesla-470 fixes via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: LTS: WIP two packages
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-40626/zabbix not affecting buster.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] ignore CVE-2022-43515/zabbix for buster, as it is ignored on all other releases as well.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-46768/zabbix does not affect bullseye and buster, vulnerable feature...
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] new cmark-gfm issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add one commit reference for bzip3
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] tiff non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] guestfs-tools fixed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3388-1 for keepalived
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Claim curl in dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] LTS: reclaim wordpress in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Drop suffix dots
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for upstream commits for CVE-2023-26485 and CVE-2023-24824
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-29415
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust metadata on experimental version for CVE-2023-27476/owslib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-27476
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Revert "Adjust metadata on experimental version for CVE-2023-27476/owslib"
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track source-wise fixes for CVE-2023-1801 in experimental
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new centreon-web issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new upx-ucl issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] heat fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libpod fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Claim cairosvg
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] claim ring
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add src:firefox issues from mfsa2023-13
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add src:firefox-esr issues from mfsa2023-14
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct assessment for CVE-2023-29542/firefox
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Assign firefox-esr and thunderbird to jmm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add src:thunderbird issues from mfsa2023-15
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust some Firefox ESR related not-affected comments
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-29005/flask-appbuilder
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-25950/haproxy
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for firefox issues in mfsa2023-13
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr for mfsa2023-14 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] classify protobuf-java CPU DoS CVEs as unimportant
Helmut Grohne ( at helmutg)
- [Git][security-tracker-team/security-tracker][master] fixup protobuf-java triage: tag all fixed versions unimportant
Helmut Grohne ( at helmutg)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3389-1 for lldpd
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-48437/libressl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1989/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Revert change for not-affected on CVE-2022-41722/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1829/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2023-1281
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-1829/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3390-1 for zabbix
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] new imagemagick issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1998/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] chromium, firefox-esr DSAs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3391-1 for firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] new flintqs non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new asterisk/ring issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add explicity references to pull requests
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26551/ntp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26552/ntp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26553/ntp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26554/ntp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26555/ntp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add openvswitch to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional references for CVE-2023-28879/ghostscript
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-2655{1,2,3,4}/ntp as unimportant
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Revert "fixup protobuf-java triage: tag all fixed versions unimportant"
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-26555/ntp as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2023-29465
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream references for CVE-2023-2691{6,7}/libyang2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-27585/pjproject
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1872/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: claim golang-1.11
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2958{0,1}/yasm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28488/connman
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-396{4,5}/ffmpeg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1990/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new ncurses issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark protobuf as ignored
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] openvswitch DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for haproxy update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for rust-spin issue fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28488
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-41717 affects golang-golang-x-net as well
Shengjing Zhu ( at zhsj)
- [Git][security-tracker-team/security-tracker][master] Fix syntax
Shengjing Zhu ( at zhsj)
- [Git][security-tracker-team/security-tracker][master] "new" sqlite3 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new binutils issue, concludes external check
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new rust-h2 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new ckeditor issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new gitlab issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-29132/irssi via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-41716/go affects cross compile for Windows binary
Shengjing Zhu ( at zhsj)
- [Git][security-tracker-team/security-tracker][master] python2.7: associate past python3.x CVEs to python2.7 + buster triage
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] sync python2.7 status for bullseye
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new jpeg-xl issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] connman fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] reserve DSA for rails update
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] Add upstream reference for CVE-2023-29491/ncurses
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2022-41717
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag reference for CVE-2022-27664
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove note for CVE-2023-1876
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tempoary item for another set of sgt-puzzles issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30630/dmidecode
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-48468/protobuf-c
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2033/chromium
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2034/froxlor
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2021/teampass
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-199{2,3,4}/wireshark
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2020-28367/golang: reference patch and regression fix
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2004/freetype
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2008/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-29383/shadow
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28484 and CVE-2023-29469
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-45985/lua5.4
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-46880/libressl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-29013/traefik
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add libxml2 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for nvidia-graphics-drivers issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for libxml2 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] python2.7: associate past python3.x CVEs to python2.7 (2)
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Change commit order accordingly how applied upstream
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Clarify notes for libxml2 CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-2033/chromium via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Move some NFUs for calibre-web to an itp'ed entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2023-26437/pdns-recursor
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-26437/pdns-recursor as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-22946/apache-spark
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Move CVE-2022-31777 to itp'ed entry for apache-spark
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for nvidia-graphics-drivers-tesla issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30772/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2002/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3392-1 for syslog-ng
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Revert "Reserve DLA-3392-1 for syslog-ng"
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-28439: Add reference to upstream commit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28439/ckeditor
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-30630/dmidecode
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-29383/shadow
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] ignore protobuf CVEs in buster that are ignored in bullseye
Helmut Grohne ( at helmutg)
- [Git][security-tracker-team/security-tracker][master] Track fixes via experimental for sgt-puzzles's #1034190
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 8 commits: LTS: add configobj to dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 6 commits: CVE-2023-29383,shadow: Buster is no-dsa
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for sgt-puzzles via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: data/dla-needed.txt: Claim asterisk.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim configobj.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-3116/heimdal
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3392-1 for ruby-rack
Scarlett Gately Moore ( at sgmoore)
- [Git][security-tracker-team/security-tracker][master] openvswitch fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] xpdf n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] one more nvidia CVE
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track nvidia-graphics-drivers fixes pending via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new libspring-java issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for libxml2 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: dispatch FD for second half of 2023
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Drop one duplicate source package entry for nvidia-graphics-drivers-tesla
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new pev issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new dogecoin issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] "new" kamailio issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] "new" nbconvert issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libxml2: Fixing links from old git.gnome.org to gitlab.gnome.org.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] protobuf spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2021-32862/nbconvert
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for nvidia-open-gpu-kernel-modules issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1831/mattermost-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Concluded that sqlite3 was already in fixed upstream for the buster version.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] LTS: add openvswtich to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 4 commits: Marked mediawiki CVE-2023-29141 as no-dsa also for buster following decision for bullseye.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Marked qemu CVE-2023-1544 as no-dsa also for buster following decision for bullseye.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add fixing reference for CVE-2020-24736 in 3.27.y
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1981/avahi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3077{4,5}/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-3077{4,5}/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-294{79,80}/rnp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3393-1 for protobuf
Helmut Grohne ( at helmutg)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28856/redis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2023-28856/redis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Correct name of openvswitch package.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for CVE-2023-294{79,80}/rnp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: add link to vcs for openvswitch
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] owslib fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2023-27585 in asterisk for buster LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-045{8,9}/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30539/nextcloud-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-29197/php-guzzlehttp-psr7
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30536/php-slim-psr7
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2023-27585,asterisk: Buster is affected
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Concluded that CVE-2023-1625 do not require a DLA for buster. It is an...
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-30536/php-slim-psr7
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-29197/php-guzzlehttp-psr7
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: add avahi to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] LTS: add connman to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Concluded that frr package does not need an update for buster. The...
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3394-1 for asterisk
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-1981/avahi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-1949 mark as ignored for buster
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Track fixes for thunderbird via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add php-nyholm-psr7 for CVE-2023-29197
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim connman.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2023-29197
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim avahi.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Drop claim of libxml2 to harmonise claims across LTS and ELTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2162/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2166/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2020/check-mk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] php-slim-psr7 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-23773/golang-1.11: buster ignored
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-27525
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2124/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] golang-1.11: postpone open CVEs unfixed in bullseye
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-1981/avahi via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new sqlparse issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-045{8,9}/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track introducing commit for CVE-2023-30608
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new Java issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new virtualbox issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new mysql issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3395-1 for golang-1.11
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-16155
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-29491: Add reference to oss-security post
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: add openjdk-11 to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Marked tiff CVE-2023-30774 as no-dsa also for buster following decision for bullseye.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for CVE-2023-30608/sqlparse
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream issue reference for CVE-2023-29469/libxml2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-27043/python
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] DLA-3395-1/golang-1.11: drop fix for CVE-2022-23772
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] new linux issues (concludes external check)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add note for CVE-2023-28856/redis.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] lts: take openjdk-11
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] new jetty issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-217{6,7}/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] chromium fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new mujs issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1255/openssl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: add wireshark to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] LTS: add redis to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2193/mattermost-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new CVEs for check-mk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3395-2 for golang-1.11
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for libxml2 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add NOTE for apache
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Remove github.com prefixes from URLs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-28235/etcd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-10650/jackson-databind
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: take wireshark
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Track libsignal-protocol-c as well for CVE-2022-48468
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28617/emacs via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-36788/slic3r
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add link to github issue of CVE-2019-14824
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Indent noe via tab for CVE-2019-14824
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2194/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim redis.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update note for configobj.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3396-1 for redis
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Track linux CVEs pending for bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3397-1 for connman
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-28856/redis as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-0842/node-xml2js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for python-werkzeug issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-27534,curl: buster is no-dsa
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Remove ceph from dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Claim heimdal in dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Remove heimdal from dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: work on consul
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1729/libraw
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-3874/foreman
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-163{3,6}/barbican
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2023-29197/php-nyholm-psr7 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-29197/php-guzzlehttp-psr7 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26876/piwigo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed node-xml2js update via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-29197 as no-dsa for bullseye
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for CVE-2023-29197/php-guzzlehttp-psr7
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for php-nyholm-psr7 via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2022-45801 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process two more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track issues from WSA-2023-0003
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] chromium, thunderbird DSAs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] update lua status
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixes for linux upload via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2023-29197 as no-dsa for buster. It is postponed for bullseye but...
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] LTS: add jackson-databind to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] pev fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] data/DLA/list: Correct src:connman version number for DLA-3397-1.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Marked CVE-2021-28235 as no-dsa for package etcd in buster since the issue...
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-32921 marked as no-dsa for buster since the impact is low. Upstream...
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] LTS: add nbconvert to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-26964/rust-h2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-24787
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove note from CVE-2023-24367
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2021-41259
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] After source code analysis it is clear that CVE-2023-298997 through...
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Marked imagemagick CVE-2023-1906 as no-dsa for buster since it is a denial of...
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] LTS: add sniproxy to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] LTS: add epiphany-browser to dla-needed.txt
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 3 commits: update note
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Fill in details of the CVE IDs assigned for sgt-puzzles
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3399-1 for 389-ds-base
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] LTS: take sssd
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] LTS: update notes on docker
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-289{97,98,99}, VE-2023-29000
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Make temporary descriptions stable until CVEs published
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-31081/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-31082/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3400-1 for thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3108{3,4,5}/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track wireshark fixes via experimental
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new libpodofo issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new starlette issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2022-43504/wordpress
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Triage wordpress for buster
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] new nvidia-cuda-toolkit issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Remove wordpress from dla-needed.txt.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for nvidia-cuda-toolkit issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-31045/backdrop
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] associate CVE-2021-33589 with src:rnp
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark gnupg1 as unimportant
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3401-1 for apache2
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] old bitcoin issue fixed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Triage one more buster issue for buster.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2019/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-200{6,7}/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim openvswitch in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] update fixed version for node-xml2js
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] wpewebkit fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-42335/xen
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new apache-jena issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] take ffmpeg
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Correct upstream commit references for tiff issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new git issues: CVE-2023-25652, CVE-2023-25815 and CVE-2023-29007
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for git issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark git issues as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-42335/xen
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for git issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional bug references for hdf5 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct one ancient version for proftpd-dfsg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add metadata for DSA-2203-1/nss
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add metadata for DSA-2199-1 and DSA-2200-1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30626/jellyfin
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate CVE-2023-27161 with jellyfin, itp'ed entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2251/node-yaml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2281/mattermost-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30402/yasm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add three more yasm issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28847/nextcloud-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2269/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] golang-github-go-macaron-i18n removed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFUs, concludes external check
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Process four NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30549
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30609
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] triage two nodejs CVEs
Aron Xu ( at aron)
- Processing 062d2fac8074a3772a5d82ae064d322c1d623c5a failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Sort suites top-down
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new iotjs issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 6 commits: lts: CVE-2022-3590/wordpress postponed on buster
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] TODO is resolved
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add upstream reference for CVE-2023-30406
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream reference for CVE-2023-30408
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream issue reference for CVE-2023-30410
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream issue reference for CVE-2023-30414
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Expand one todo with question in upstream issue reference
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-29007
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-25652
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Directly refernce upstream commit for CVE-2023-25815
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some Drupal core issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1387/grafana
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-44232/ming
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take ruby-rails-html-sanitizer
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1786/cloud-init
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: update-xrefs: new script to update data/CVE/list Xrefs
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] golang-github-go-macaron-csrf removed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] rust-ncurses removed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] freetype fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark CVE-2022-37708 as non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track rust-ncurses as removed from everywhere
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-1786/cloud-init as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-1786/cloud-init
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-30549/singularity-container
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Odoo triage
Sebastien Delafond ( at seb)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-26735
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-44465: mark as "<not-affected> initial upload" rather than fixed in...
Sebastien Delafond ( at seb)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-44460: mark as "<not-affected> initial upload" rather than fixed in...
Sebastien Delafond ( at seb)
- [Git][security-tracker-team/security-tracker][master] Review list of bullseye-pu pending uploads for 11.7
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-31436/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] buster/bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] rust-enumflags2 n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add reference
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark libbson as removed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: process-cve-records: add --work-dir argument
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Fix indentation in CVE list notes
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] List CVE xrefs first
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] 5 commits: process-cve-records: update descriptions
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] process-cve-records: don't remove our own descriptions
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] dla: claim python2.7
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] rust-kamadak-exif n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Mark libbson now as removed everywhere supported
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed updte for pev via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on two bind-dyndb-ldap issues
Salvatore Bonaccorso ( at carnil)
- Processing 465a8b58f3683275ad03007e2da4f028e6c9b898 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] 2 commits: process-cve-records: Workaround descriptions with non-ascii characters
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-30842
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop some wokarounded entries which were added due to bugs in the downcoverted CVE JSON v4 feeds
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop more now properly rejected CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: take epiphany-browser
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1999/libwebp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-28882/modsecurity
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-31486/libhttp-tiny-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two additional references for CVE-2023-31486
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-28882/modsecurity
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track as well perl for CVE-2023-31486
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-31485/libgitlab-api-v4-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-31484/perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 4 commits: Drop bullseye entries for python-matrix-nio (removed from bullseye)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove three no-dsa tagged entries which got an update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2022-1227/libpod addressed as well in bullseye
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-47015 in bullseye
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct tracking for mariadb-10.5 issues in bullseye
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30847/h2o
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream commit reference for CVE-2023-2002
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark libsignal-protocol-c as no-dsa for bullseye
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] DSA-2044-1: Make version without epoch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-31485/libgitlab-api-v4-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-31484/perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove two manual overrides in ancient entry and note
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] sqlite: associate past sqlite3 CVEs to sqlite + buster triage (open + 2020-2022)
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] ffmpeg updates, some n/a, remove one postponed entry for issue fixed in 4.3.6
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-1161: Note that it only partially affects <= bullseye
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-29950/swftools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: take jruby
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Move #954089 association to correct CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-31484/perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3403-1 and DLA-3404-1 for linux and linux-5.10
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] dla: take jackson-databind
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-46877 does not affect buster
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2426/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3405-1 for libxml2
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3406-1 for sniproxy
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-37219: Add upstream commit reference.
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3407-1 for jackson-databind
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] ffmpeg DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Additionally track libfastjson for CVE-2020-12762
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28882/modsecurity
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3408-1 for jruby
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3409-1 for libapache2-mod-auth-openidc
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-2426/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: take openimageio
Anton Gladky ( at gladk)
Last message date:
Sun Apr 30 22:21:26 BST 2023
Archived on: Sun Apr 30 22:21:32 BST 2023
This archive was generated by
Pipermail 0.09 (Mailman edition).