[Git][security-tracker-team/security-tracker][fix_987283] 5306 commits: claim net-snmp like for ELA
Anton Gladky (@gladk)
gladk at debian.org
Sat Feb 25 21:44:12 GMT 2023
Anton Gladky pushed to branch fix_987283 at Debian Security Tracker / security-tracker
Commits:
786af565 by Thorsten Alteholz at 2022-08-16T20:10:08+02:00
claim net-snmp like for ELA
- - - - -
1c177ec8 by Salvatore Bonaccorso at 2022-08-16T20:12:41+02:00
Take net-snmp for DSA release
- - - - -
d8c1b7f0 by Salvatore Bonaccorso at 2022-08-16T20:51:43+02:00
Track fixed version for CVE-2021-44648/gdk-pixbuf via unstable
- - - - -
b1ca95c3 by Salvatore Bonaccorso at 2022-08-16T20:53:45+02:00
Track fixed version for CVE-2022-29154/rsync via unstable
- - - - -
350932f2 by Salvatore Bonaccorso at 2022-08-16T21:04:21+02:00
Process some NFUs
- - - - -
8f89a0e0 by Henri Salo at 2022-08-16T22:09:06+03:00
CVE-2022-38362/airflow
- - - - -
2135c63f by Moritz Mühlenhoff at 2022-08-16T21:52:22+02:00
epiphany-browser DSA
- - - - -
925d15df by Salvatore Bonaccorso at 2022-08-16T21:58:12+02:00
Reserve DSA number for net-snmp
- - - - -
37460ddc by Salvatore Bonaccorso at 2022-08-16T22:08:57+02:00
Take gdk-pixbuf from dsa-needed list
- - - - -
17ba084d by security tracker role at 2022-08-16T20:10:16+00:00
automatic update
- - - - -
b849cf6c by Salvatore Bonaccorso at 2022-08-16T22:19:49+02:00
Process some NFUs
- - - - -
c1b2c80f by Salvatore Bonaccorso at 2022-08-16T22:22:34+02:00
Add CVE-2022-35978/minetest
- - - - -
d9fb4e48 by Alberto Garcia at 2022-08-16T23:43:23+02:00
webkit2gtk DSA-5210-1 and wpewebkit DSA-5211-1
- - - - -
678b1173 by Moritz Mühlenhoff at 2022-08-16T23:47:57+02:00
new chromium issues
- - - - -
5e265003 by Salvatore Bonaccorso at 2022-08-17T06:39:12+02:00
CVE-2022-2294: Track as well fixed version in older suites
- - - - -
48348424 by Salvatore Bonaccorso at 2022-08-17T08:51:08+02:00
Add CVE-2022-283{1,2,3}/blender
- - - - -
8fe027e2 by Salvatore Bonaccorso at 2022-08-17T08:54:00+02:00
Add CVE-2022-2835/coredns, itp'ed
Note there are not much details on the original references in the Red
Hat bugs, but seem to releate to products using in components coredns.
Tracking for now associated with the ITP'ed bugs.
- - - - -
dc11d071 by Salvatore Bonaccorso at 2022-08-17T08:58:01+02:00
Add CVE-2022-2850/389-ds-base
- - - - -
755a9809 by Salvatore Bonaccorso at 2022-08-17T09:00:03+02:00
Track proposed update for http-parser via bullseye-pu
- - - - -
4a5795d8 by Salvatore Bonaccorso at 2022-08-17T09:47:17+02:00
Track fixes for chromium via unstable
- - - - -
65d4e5d3 by Salvatore Bonaccorso at 2022-08-17T09:58:43+02:00
Track fixes for openexr via unstable
- - - - -
4c45fec4 by security tracker role at 2022-08-17T08:10:21+00:00
automatic update
- - - - -
224516c7 by Salvatore Bonaccorso at 2022-08-17T10:26:56+02:00
Remove notes on rejected entries which pre-date the security-tracker
- - - - -
e2c7adb1 by Salvatore Bonaccorso at 2022-08-17T10:42:13+02:00
Process some NFUs
- - - - -
8b8c9111 by Salvatore Bonaccorso at 2022-08-17T10:55:55+02:00
Process some NFUs
- - - - -
ee805e86 by Salvatore Bonaccorso at 2022-08-17T10:56:22+02:00
Add new swftool issues
- - - - -
4c3afbab by Salvatore Bonaccorso at 2022-08-17T10:58:11+02:00
Add CVE-2022-3510{0,1}/swftools
- - - - -
89e2116b by Emilio Pozuelo Monfort at 2022-08-17T12:31:42+02:00
CVE-2021-45086/epiphany-browser n/a on buster
- - - - -
37d77e81 by Emilio Pozuelo Monfort at 2022-08-17T12:38:03+02:00
Reserve DLA-3073-1 for webkit2gtk
- - - - -
0a7015d3 by Emilio Pozuelo Monfort at 2022-08-17T14:08:16+02:00
lts: take freecad
- - - - -
5c31e120 by Emilio Pozuelo Monfort at 2022-08-17T14:26:56+02:00
CVE-2021-45845/freecad n/a on buster
Also fix stretch triaging, the issue was introduced in 0.19.
- - - - -
c05d1b7b by Salvatore Bonaccorso at 2022-08-17T20:04:21+02:00
Add Debian bug reference for CVE-2022-35978/minetest
- - - - -
8295e383 by Chris Lamb at 2022-08-17T11:30:13-07:00
Triage CVE-2022-37035 in frr for buster LTS.
- - - - -
7cac5988 by Chris Lamb at 2022-08-17T11:30:51-07:00
Triage CVE-2022-34526 in tiff for buster LTS.
- - - - -
03f229fe by Chris Lamb at 2022-08-17T11:31:20-07:00
Triage CVE-2022-2347 in u-boot for buster LTS.
- - - - -
1e3e8201 by Chris Lamb at 2022-08-17T11:32:33-07:00
Triage CVE-2022-30698 & CVE-2022-30699 in unbound for buster LTS.
- - - - -
858776b8 by Chris Lamb at 2022-08-17T11:35:04-07:00
data/dla-needed.txt: Triage rails for buster LTS.
- - - - -
7e50698b by Chris Lamb at 2022-08-17T11:39:54-07:00
data/dla-needed.txt: Triage ruby-tzinfo for buster LTS (CVE-2022-31163)
- - - - -
6a7d136b by Salvatore Bonaccorso at 2022-08-17T20:59:02+02:00
Add CVE-2022-37781/fdkaac
- - - - -
332d6eae by Salvatore Bonaccorso at 2022-08-17T21:13:01+02:00
Add CVE-2022-36148/fdkaac
- - - - -
c3f898e5 by Salvatore Bonaccorso at 2022-08-17T21:20:06+02:00
Process some NFUs
- - - - -
44b91513 by Salvatore Bonaccorso at 2022-08-17T21:22:14+02:00
Track some new swfmill CVEs
- - - - -
0ac8df6b by security tracker role at 2022-08-17T20:10:31+00:00
automatic update
- - - - -
5d9fd076 by Salvatore Bonaccorso at 2022-08-17T22:13:12+02:00
Process NFUs
- - - - -
6180ad5d by Salvatore Bonaccorso at 2022-08-17T22:15:47+02:00
Expand some OTFCC TODOs
- - - - -
e65b68b6 by Salvatore Bonaccorso at 2022-08-17T22:17:05+02:00
Remove notes from CVE-2022-35958 (duplicate of CVE-2022-37458)
- - - - -
8c1147a5 by Salvatore Bonaccorso at 2022-08-17T23:13:04+02:00
Process two new vim CVEs
- - - - -
1fc43434 by Salvatore Bonaccorso at 2022-08-17T23:16:47+02:00
Process some NFUs
- - - - -
c2f56873 by Salvatore Bonaccorso at 2022-08-17T23:18:25+02:00
Process some moodle CVEs
- - - - -
f9c6bc6d by Salvatore Bonaccorso at 2022-08-17T23:27:00+02:00
Track fixed version for CVE-2022-37434/zlib via unstable
- - - - -
f3f6f45f by Moritz Mühlenhoff at 2022-08-18T00:27:52+02:00
mariadb-10.6 fixed in sid
- - - - -
f929dbb9 by Moritz Mühlenhoff at 2022-08-18T00:47:52+02:00
NFUs
xpf n/a
- - - - -
398004c7 by Moritz Mühlenhoff at 2022-08-18T00:53:12+02:00
new freeciv issue
- - - - -
0ef2b6b2 by Moritz Mühlenhoff at 2022-08-18T00:55:37+02:00
chromium DSA
- - - - -
f43c143c by Moritz Mühlenhoff at 2022-08-18T01:00:00+02:00
freeciv bugnum
- - - - -
bab59362 by Salvatore Bonaccorso at 2022-08-18T06:37:43+02:00
Add tracking bug for CVE-2021-22946
- - - - -
33e1461a by Salvatore Bonaccorso at 2022-08-18T08:25:19+02:00
Add CVE-2022-2869/tiff
- - - - -
0371dd16 by Salvatore Bonaccorso at 2022-08-18T08:28:34+02:00
Add CVE-2022-2868/tiff
- - - - -
82a34590 by Salvatore Bonaccorso at 2022-08-18T08:30:52+02:00
Add CVE-2022-2867/tiff
- - - - -
5df204ab by Salvatore Bonaccorso at 2022-08-18T08:35:05+02:00
Mark CVE-2022-1798 as NFU
- - - - -
7cea4b47 by Emilio Pozuelo Monfort at 2022-08-18T09:46:31+02:00
Reserve DLA-3074-1 for epiphany-browser
- - - - -
a5d3d02e by Salvatore Bonaccorso at 2022-08-18T09:48:23+02:00
Add CVE-2022-2568 as TODO
- - - - -
6899bb47 by security tracker role at 2022-08-18T08:10:24+00:00
automatic update
- - - - -
202bf3e2 by Neil Williams at 2022-08-18T09:32:02+01:00
Process some NFUs
- - - - -
a5b30f6c by Neil Williams at 2022-08-18T09:45:12+01:00
Process some NFUs
- - - - -
52e7860a by Neil Williams at 2022-08-18T09:59:53+01:00
CVE-2022-2862/vim unfixed
- - - - -
46d2072f by Salvatore Bonaccorso at 2022-08-18T11:10:32+02:00
Add CVE-2022-36191/gpac
- - - - -
f97ffd7e by Salvatore Bonaccorso at 2022-08-18T11:12:31+02:00
Add CVE-2022-36190/gpac
- - - - -
9e4c96ea by Salvatore Bonaccorso at 2022-08-18T11:13:49+02:00
Add CVE-2022-36186/gpac
- - - - -
43bde582 by Salvatore Bonaccorso at 2022-08-18T11:17:43+02:00
Mark CVE-2021-21897/horizon-eda as unimportant as not the embedded copy is used
- - - - -
1e580858 by Salvatore Bonaccorso at 2022-08-18T11:23:35+02:00
Process some NFUs
- - - - -
e747c893 by Salvatore Bonaccorso at 2022-08-18T11:25:21+02:00
Add CVE-2022-35166/libjpeg
- - - - -
b582a003 by Salvatore Bonaccorso at 2022-08-18T11:25:42+02:00
Add CVE-2022-35164/libredwg, itp'ed
- - - - -
10890ef4 by Neil Williams at 2022-08-18T10:28:10+01:00
Process some NFUs
- - - - -
ec5df249 by Salvatore Bonaccorso at 2022-08-18T11:31:23+02:00
Process more NFUs
- - - - -
25f5fd3f by Salvatore Bonaccorso at 2022-08-18T11:38:54+02:00
Add CVE-2022-2503/linux
- - - - -
7a8e3a15 by Neil Williams at 2022-08-18T10:45:19+01:00
Process some NFUs
- - - - -
d9fa454e by Neil Williams at 2022-08-18T11:13:32+01:00
CVE-2022-35133/cherrytree undetermined
- - - - -
efcc70ea by Neil Williams at 2022-08-18T11:34:45+01:00
Process 2 NFUs
- - - - -
30e67ce4 by Neil Williams at 2022-08-18T11:35:19+01:00
CVE-2022-35434/jpegqs unfixed #1017608
- - - - -
13a2def9 by Salvatore Bonaccorso at 2022-08-18T12:52:48+02:00
Reserve DLA-3075-1 for schroot
- - - - -
67f94d0e by Salvatore Bonaccorso at 2022-08-18T13:14:09+02:00
Reserve DSA number for schroot update
- - - - -
6917b6e7 by Emilio Pozuelo Monfort at 2022-08-18T14:14:51+02:00
Reserve DLA-3076-1 for freecad
- - - - -
b0fc6ed2 by Emilio Pozuelo Monfort at 2022-08-18T14:25:33+02:00
lts-missing-uploads: don't hardcode lts release
- - - - -
999e4cdf by Emilio Pozuelo Monfort at 2022-08-18T15:50:57+02:00
lts-missing-uploads: ignore DLAs for older releases
Otherwise we'll check the version in the old DLA against the current
LTS's Sources.
- - - - -
9f1acded by Salvatore Bonaccorso at 2022-08-18T16:02:15+02:00
Track fixed version for CVE-2022-35434/jpegqs
- - - - -
8bf911db by Salvatore Bonaccorso at 2022-08-18T16:51:36+02:00
Update information for CVE-2022-20158/linux
- - - - -
e480dd47 by Chris Lamb at 2022-08-18T08:08:13-07:00
data/dla-needed.txt: Claim ruby-tzinfo.
- - - - -
73800177 by Chris Lamb at 2022-08-18T09:36:09-07:00
Triage CVE-2022-6083 in freeciv for buster LTS.
- - - - -
7a89bb14 by Chris Lamb at 2022-08-18T09:37:26-07:00
data/dla-needed.txt: Triage ruby-rack for buster LTS (CVE-2022-30122 & CVE-2022-30123)
- - - - -
d7ff87f3 by Chris Lamb at 2022-08-18T09:38:53-07:00
data/dla-needed.txt: Triage sox for buster LTS (CVE-2021-40426)
- - - - -
2b258fa8 by Chris Lamb at 2022-08-18T09:40:43-07:00
data/dla-needed.txt: Triage sofia-sip for buster LTS (CVE-2022-31001, CVE-2022-31002 & CVE-2022-31003)
- - - - -
571928c0 by Chris Lamb at 2022-08-18T09:45:24-07:00
Triage CVE-2022-36186, CVE-2022-36190 & CVE-2022-36191 in gpac for buster LTS.
- - - - -
f63102c6 by Chris Lamb at 2022-08-18T10:44:15-07:00
Reserve DLA-3077-1 for ruby-tzinfo
- - - - -
2b912d13 by Moritz Mühlenhoff at 2022-08-18T21:27:42+02:00
fix freeciv entry
- - - - -
c498f672 by security tracker role at 2022-08-18T20:10:18+00:00
automatic update
- - - - -
d41f619e by Markus Koschany at 2022-08-18T23:53:56+02:00
CVE-2022-35978,minetest: Fixed in unstable
- - - - -
a563d910 by Moritz Mühlenhoff at 2022-08-19T00:04:37+02:00
NFUs
- - - - -
fd43febb by Salvatore Bonaccorso at 2022-08-19T00:53:34+02:00
Add CVE-2022-2874/vim
- - - - -
ad540db1 by Salvatore Bonaccorso at 2022-08-19T00:59:23+02:00
Mark CVE-2022-2874 as unimportant
- - - - -
58d524de by Salvatore Bonaccorso at 2022-08-19T06:10:06+02:00
Correct information for CVE-2022-29360/rainloop
It was apparently marked as NFU earlier but we have src:rainloop.
- - - - -
4a55794a by Salvatore Bonaccorso at 2022-08-19T09:52:04+02:00
Add CVE-2022-2873/linux
- - - - -
92979641 by Salvatore Bonaccorso at 2022-08-19T10:00:10+02:00
Update information for CVE-2022-2873/linux
- - - - -
37c6d502 by security tracker role at 2022-08-19T08:10:27+00:00
automatic update
- - - - -
a61b74b7 by Salvatore Bonaccorso at 2022-08-19T10:23:50+02:00
Add CVE-2020-36599/ruby-omniauth
- - - - -
a8ded8b3 by Salvatore Bonaccorso at 2022-08-19T10:26:23+02:00
Add three new libjpeg issues
- - - - -
ef6c02a8 by Salvatore Bonaccorso at 2022-08-19T10:30:38+02:00
Add three new tcpreplay issues
- - - - -
9d1f1119 by Salvatore Bonaccorso at 2022-08-19T10:40:47+02:00
Process some NFUs
- - - - -
f95558f4 by Neil Williams at 2022-08-19T10:02:12+01:00
CVE-2022-35133/cherrytree add Suse bug reference
- - - - -
a1eaad5a by Neil Williams at 2022-08-19T10:15:13+01:00
Process an NFU
- - - - -
e3a4d500 by Neil Williams at 2022-08-19T10:20:20+01:00
CVE-2020-27787/upx-ucl 3.96-1
- - - - -
9f2c7153 by Neil Williams at 2022-08-19T10:26:01+01:00
CVE-2020-27790 && CVE-2020-27788/upx-ucl 3.96-1
- - - - -
1dcdf771 by Salvatore Bonaccorso at 2022-08-19T11:31:00+02:00
Lower some severities
- - - - -
a8adc525 by Salvatore Bonaccorso at 2022-08-19T11:32:34+02:00
Process some NFUs
- - - - -
534efd03 by Salvatore Bonaccorso at 2022-08-19T11:35:05+02:00
Process some more NFUs
- - - - -
e6d58356 by Salvatore Bonaccorso at 2022-08-19T11:37:02+02:00
Add notes on CVE-2021-32862
- - - - -
049fe9cd by Emilio Pozuelo Monfort at 2022-08-19T11:56:58+02:00
Mark CVE-2022-21{19,20,21}/dcmtk as fixed in 3.6.7-1
- - - - -
0885ef5d by Emilio Pozuelo Monfort at 2022-08-19T12:17:53+02:00
Add fixing commits for CVE-2022-21{19,20,21}/dcmtk
- - - - -
c513c995 by Salvatore Bonaccorso at 2022-08-19T15:25:03+02:00
CVE-2022-2121: Add reference to upstream issue and tag for commit
- - - - -
445b140e by Salvatore Bonaccorso at 2022-08-19T15:25:31+02:00
Add upstream reference for CVE-2022-2120
- - - - -
df138680 by Salvatore Bonaccorso at 2022-08-19T15:25:54+02:00
Add upstream reference for CVE-2022-2119
- - - - -
dcff1b5e by Stefano Rivera at 2022-08-19T15:51:47+02:00
I've already prepared kicad
- - - - -
a1b9c9e3 by Salvatore Bonaccorso at 2022-08-19T15:55:28+02:00
Note that Stefano Rivera proposed debdiff for bullseye for kicad
- - - - -
12f897de by Salvatore Bonaccorso at 2022-08-19T21:10:46+02:00
Mark two of the dcmtk issues as unfixed
The CVE reference is missleading as they state that the 3.6.7 release
will fix all three. But in fact only one got included in the 3.6.7
release and two other were fixed only shortly after the tagged release.
- - - - -
97ea0976 by Salvatore Bonaccorso at 2022-08-19T21:21:00+02:00
Update references for CVE-2022-29360/rainloop
- - - - -
9b2fe699 by Salvatore Bonaccorso at 2022-08-19T21:32:48+02:00
Reference cloned bug for CVE-2022-2119 and CVE-2022-2120
- - - - -
5b125fec by Moritz Mühlenhoff at 2022-08-19T21:36:04+02:00
connman fixed in sid
- - - - -
ebb046ec by Moritz Mühlenhoff at 2022-08-19T21:38:32+02:00
additional firefox reference
- - - - -
e695a8b5 by Chris Lamb at 2022-08-19T12:45:40-07:00
data/dla-needed.txt: Triage exiv2 for buster LTS (CVE-2020-19716)
- - - - -
f8d0d336 by Salvatore Bonaccorso at 2022-08-19T21:46:50+02:00
Mark CVE-2022-37781/fdkaac as no-dsa (minor and contrib not supported)
- - - - -
cce87991 by Salvatore Bonaccorso at 2022-08-19T21:47:45+02:00
Mark CVE-2022-36148/fdkaac as no-dsa for bullseye
- - - - -
8b7c4578 by Chris Lamb at 2022-08-19T12:49:32-07:00
data/dla-needed.txt: Triage wkhtmltopdf for buster LTS (CVE-2020-21365)
- - - - -
0ad18fdc by Salvatore Bonaccorso at 2022-08-19T22:02:21+02:00
Add Debian bug reference for CVE-2022-36148
- - - - -
c56aecdc by security tracker role at 2022-08-19T20:10:22+00:00
automatic update
- - - - -
150f72d0 by Salvatore Bonaccorso at 2022-08-19T22:26:10+02:00
Add Debian bug reference for CVE-2022-37781
- - - - -
c1bcd09c by Salvatore Bonaccorso at 2022-08-19T22:30:00+02:00
Process one NFU
- - - - -
fa33734c by Salvatore Bonaccorso at 2022-08-19T22:37:37+02:00
Add CVE-2022-2889/vim
- - - - -
785731e9 by Salvatore Bonaccorso at 2022-08-19T22:43:46+02:00
Process NFUs
- - - - -
e3673978 by Moritz Mühlenhoff at 2022-08-19T23:11:47+02:00
bullseye triage
- - - - -
7225f8f4 by Moritz Mühlenhoff at 2022-08-19T23:24:31+02:00
add webkit/chrome references
- - - - -
7607fd1c by Moritz Mühlenhoff at 2022-08-19T23:45:24+02:00
intel-microcode fixed in sid
- - - - -
ceb90d4f by Salvatore Bonaccorso at 2022-08-20T09:02:55+02:00
Add CVE-2022-2308/linux
- - - - -
9ce93e9a by Salvatore Bonaccorso at 2022-08-20T09:10:15+02:00
Add CVE-2022-2526/systemd
- - - - -
1c96570b by security tracker role at 2022-08-20T08:10:17+00:00
automatic update
- - - - -
494c826f by Salvatore Bonaccorso at 2022-08-20T14:04:09+02:00
Mark rainloop as removed from unstable
- - - - -
6c9447b4 by Salvatore Bonaccorso at 2022-08-20T14:05:00+02:00
Process three NFUs
- - - - -
3ef73f25 by Salvatore Bonaccorso at 2022-08-20T14:08:18+02:00
Process some NFUs
- - - - -
23083b47 by Salvatore Bonaccorso at 2022-08-20T14:16:52+02:00
Add CVE-2020-2779{3,4,5}/radare2
- - - - -
83553fb8 by Salvatore Bonaccorso at 2022-08-20T14:21:40+02:00
Add CVE-2020-27792/ghostscript
- - - - -
f44b5ea8 by Stefano Rivera at 2022-08-20T17:34:21+02:00
Reserve DLA-3078-1 for kicad
- - - - -
04678e42 by Chris Lamb at 2022-08-20T09:37:35-07:00
data/dla-needed.txt: Triage exim4 for buster LTS (CVE-2022-37452)
- - - - -
378267f6 by Chris Lamb at 2022-08-20T09:40:18-07:00
data/dla-needed.txt: Triage upx-ucl for buster LTS (CVE-2020-27787)
- - - - -
26b2707e by Moritz Mühlenhoff at 2022-08-20T19:07:28+02:00
glibc spu
- - - - -
f683c047 by security tracker role at 2022-08-20T20:10:18+00:00
automatic update
- - - - -
fb3e2bda by Moritz Muehlenhoff at 2022-08-20T22:51:04+02:00
ruby-sinatra, dlt-daemon fixed in sid
- - - - -
87ed15b8 by Emilio Pozuelo Monfort at 2022-08-20T23:12:59+02:00
Swap FD week with Utkarsh
- - - - -
5964ae24 by Henri Salo at 2022-08-21T02:24:21+03:00
NFU CVE-2022-34916 Apache Flume
- - - - -
f3b37504 by Salvatore Bonaccorso at 2022-08-21T10:07:53+02:00
Process some NFUs
- - - - -
8e0db381 by security tracker role at 2022-08-21T08:10:13+00:00
automatic update
- - - - -
1982babd by Salvatore Bonaccorso at 2022-08-21T10:14:21+02:00
Add CVE-2022-38493/rhonabwy
- - - - -
2024ef3a by Salvatore Bonaccorso at 2022-08-21T10:20:02+02:00
Track various vim issues fixed via unstable upload
- - - - -
ac8e3d46 by Salvatore Bonaccorso at 2022-08-21T10:21:19+02:00
Track fixed version via unstable for CVE-2022-2874/vim
- - - - -
4429630e by Chris Lamb at 2022-08-21T09:37:50-07:00
data/dla-needed.txt: Triage mbedtls for buster LTS (CVE-2020-36475, CVE-2020-36476 & CVE-2020-36478)
- - - - -
8136e92a by Chris Lamb at 2022-08-21T09:41:20-07:00
data/dla-needed.txt: Triage flac for buster LTS (CVE-2021-0561)
- - - - -
6b690998 by Utkarsh Gupta at 2022-08-21T22:29:57+05:30
Take mbedtls, ruby-rack, and flac
- - - - -
03bc418a by Anton Gladky at 2022-08-21T20:35:14+02:00
LTS: Add VCS to curl
- - - - -
faf9ceee by Moritz Mühlenhoff at 2022-08-21T20:39:00+02:00
kicad DSA
- - - - -
b1764c59 by security tracker role at 2022-08-21T20:10:17+00:00
automatic update
- - - - -
ed9f09d1 by Salvatore Bonaccorso at 2022-08-21T22:40:45+02:00
Process some NFUs
- - - - -
49a11ddc by Markus Koschany at 2022-08-22T00:55:49+02:00
Reserve DLA-3079-1 for jetty9
- - - - -
4c215889 by Anton Gladky at 2022-08-22T07:00:22+02:00
LTS: Add VCS for ndpi
- - - - -
89b17bbd by Moritz Muehlenhoff at 2022-08-22T08:31:31+02:00
new keystone issue
NFUs
- - - - -
c5fb08ea by Abhijith PA at 2022-08-22T12:06:49+05:30
update note in dla-needed
- - - - -
1d587745 by Salvatore Bonaccorso at 2022-08-22T09:38:10+02:00
Update information for CVE-2022-1462/linux
- - - - -
bddc86f5 by Salvatore Bonaccorso at 2022-08-22T09:39:21+02:00
Update information for CVE-2022-1882/linux
- - - - -
bf10f91f by Salvatore Bonaccorso at 2022-08-22T09:41:00+02:00
Update status for CVE-2022-2308/linux
- - - - -
3759957f by security tracker role at 2022-08-22T08:10:18+00:00
automatic update
- - - - -
ac58155a by Salvatore Bonaccorso at 2022-08-22T10:59:05+02:00
Process two NFUs
- - - - -
5569e853 by Moritz Muehlenhoff at 2022-08-22T11:09:19+02:00
two blender issues fixed in sid
- - - - -
84bffc47 by Moritz Muehlenhoff at 2022-08-22T12:04:20+02:00
NFUs
- - - - -
b4819afe by Moritz Muehlenhoff at 2022-08-22T16:43:21+02:00
bullseye triage
- - - - -
fb9544ae by Roberto C. Sánchez at 2022-08-22T11:08:43-04:00
LTS: take exiv2 in dla-needed.txt
- - - - -
5e95043f by Moritz Muehlenhoff at 2022-08-22T17:57:45+02:00
bullseye triage
- - - - -
6535cf67 by Moritz Muehlenhoff at 2022-08-22T18:18:50+02:00
dcmtk fixed in sid
- - - - -
0f9fbc44 by Sylvain Beucler at 2022-08-22T18:26:08+02:00
dla: claim exim4
- - - - -
ca1fbed8 by Salvatore Bonaccorso at 2022-08-22T21:22:33+02:00
Take libxslt from dsa-needed list
- - - - -
ccfbe770 by Salvatore Bonaccorso at 2022-08-22T21:57:04+02:00
Remove notes from CVE-2019-9081 which is now rejected
- - - - -
5f7a83ca by security tracker role at 2022-08-22T20:10:16+00:00
automatic update
- - - - -
82861f93 by Salvatore Bonaccorso at 2022-08-22T22:19:11+02:00
Process several NFUs
- - - - -
ffc91999 by Salvatore Bonaccorso at 2022-08-22T22:24:37+02:00
Add CVE-2022-2930/octoprint
- - - - -
f55ebfc9 by Salvatore Bonaccorso at 2022-08-22T22:25:58+02:00
Process some NFUs
- - - - -
231bbb63 by Salvatore Bonaccorso at 2022-08-23T08:20:07+02:00
Add CVE-2022-2884/gitlab
- - - - -
76ca866c by Salvatore Bonaccorso at 2022-08-23T08:39:08+02:00
Add CVE-2022-2938/linux
- - - - -
8304718b by Salvatore Bonaccorso at 2022-08-23T08:40:06+02:00
Add todo for CVE-2022-38171
- - - - -
ebc3bf82 by Salvatore Bonaccorso at 2022-08-23T09:11:39+02:00
Process one NFU
- - - - -
228e5280 by Salvatore Bonaccorso at 2022-08-23T09:12:29+02:00
Add CVE-2022-35583/wkhtmltopdf
- - - - -
25b3879b by Salvatore Bonaccorso at 2022-08-23T09:21:30+02:00
Process some NFUs
- - - - -
4eabc524 by security tracker role at 2022-08-23T08:10:21+00:00
automatic update
- - - - -
7fde48e7 by Salvatore Bonaccorso at 2022-08-23T10:14:02+02:00
Add CVE-2022-2923/vim
- - - - -
936602c6 by Salvatore Bonaccorso at 2022-08-23T10:15:32+02:00
Process one NFU
- - - - -
ea02ce8d by Salvatore Bonaccorso at 2022-08-23T11:12:50+02:00
Process some NFUs
- - - - -
3302fd77 by Markus Koschany at 2022-08-23T13:28:21+02:00
CVE-2022-0084,jboss-xnio: Fixed in unstable
- - - - -
a465c777 by Moritz Muehlenhoff at 2022-08-23T14:59:58+02:00
xen fixed in sid
- - - - -
3b058e10 by Salvatore Bonaccorso at 2022-08-23T17:21:09+02:00
Update Debian bug reference for CVE-2022-29153/consul
- - - - -
cad4124d by Salvatore Bonaccorso at 2022-08-23T17:35:56+02:00
Add CVE-2022-37428/pdns-recursor
- - - - -
37a1d5e9 by Salvatore Bonaccorso at 2022-08-23T19:19:50+02:00
Add additional tracking of CVE-2022-23816
- - - - -
267364ba by Salvatore Bonaccorso at 2022-08-23T19:23:50+02:00
Add three end of life tags for the recent xen issues
- - - - -
58febc20 by Moritz Muehlenhoff at 2022-08-23T20:31:45+02:00
consul fixed in sid
- - - - -
0e1fdaf4 by Salvatore Bonaccorso at 2022-08-23T21:11:46+02:00
Three rails issues fixed in unstable
- - - - -
6a0f5299 by Salvatore Bonaccorso at 2022-08-23T21:12:15+02:00
Cleanup additional whitespaces in note
- - - - -
c757a127 by security tracker role at 2022-08-23T20:10:24+00:00
automatic update
- - - - -
8a9f3dfd by Salvatore Bonaccorso at 2022-08-23T22:12:25+02:00
Remove notes from CVE-2021-3894
Finally the CVE was rejected officially and apparred as such in the CVE
feed, cf. https://bugzilla.redhat.com/show_bug.cgi?id=2014970
- - - - -
edb50323 by Salvatore Bonaccorso at 2022-08-23T22:14:29+02:00
Process one NFU
- - - - -
0aa7f208 by Salvatore Bonaccorso at 2022-08-23T22:15:54+02:00
Remove notes from rejected CVEs
Three of those were found to be no security issues and CVE-2021-3408 was
a duplicate assignment for the CVE-2021-20233 issue.
- - - - -
04181277 by Salvatore Bonaccorso at 2022-08-23T22:17:50+02:00
Remove notes from CVE-2020-27834
This was a bogus CVE assignment for zabbix and it got now withdrawn by
the assigning CNA.
- - - - -
5b7b37b3 by Salvatore Bonaccorso at 2022-08-23T22:25:24+02:00
Add CVE-2022-2946/vim
- - - - -
b127d95c by Salvatore Bonaccorso at 2022-08-23T22:31:48+02:00
Process some NFUs
- - - - -
2a338a60 by Anton Gladky at 2022-08-23T22:48:23+02:00
LTS: minor dla-needed update
- - - - -
c3f2c325 by Salvatore Bonaccorso at 2022-08-24T06:30:48+02:00
Add new firefox issues from mfsa2022-33
- - - - -
4caf0a0e by Salvatore Bonaccorso at 2022-08-24T06:37:34+02:00
Add new firefox-esr issues from mfsa2022-34
- - - - -
4802d93d by Salvatore Bonaccorso at 2022-08-24T06:38:27+02:00
Add firefox-esr (and assign to jmm)
- - - - -
00cacec4 by Salvatore Bonaccorso at 2022-08-24T06:41:30+02:00
Add reference to mfsa2022-35 and update affected status for firefox-esr
- - - - -
1e05a144 by Salvatore Bonaccorso at 2022-08-24T06:45:20+02:00
Add thunderbird CVEs from mfsa2022-36
- - - - -
bce31a41 by Salvatore Bonaccorso at 2022-08-24T06:47:17+02:00
Update status for thunderbird CVEs according to mfsa2022-37
- - - - -
ce010b75 by Salvatore Bonaccorso at 2022-08-24T06:48:06+02:00
Add thunderbird to dsa-needed list (and assign to jmm)
- - - - -
5f67eb12 by Salvatore Bonaccorso at 2022-08-24T06:50:25+02:00
Track fixed version for firefox-esr via unstable (mfsa2022-34)
- - - - -
e06f0f3f by Salvatore Bonaccorso at 2022-08-24T06:53:14+02:00
Track fixed version for firefox via unstable (mfsa2022-33)
- - - - -
96eccb35 by Salvatore Bonaccorso at 2022-08-24T08:34:54+02:00
Add CVE-2022-2959/linux
- - - - -
41e7d1e0 by Salvatore Bonaccorso at 2022-08-24T08:36:02+02:00
Add CVE-2022-2961/linux
- - - - -
177f99e8 by Salvatore Bonaccorso at 2022-08-24T08:38:51+02:00
Add CVE-2022-2962/qemu
- - - - -
86a56eba by Salvatore Bonaccorso at 2022-08-24T08:40:41+02:00
Process three NFUs
- - - - -
5b859360 by Moritz Muehlenhoff at 2022-08-24T08:44:18+02:00
new open-vm-tools issue
- - - - -
3162d078 by Salvatore Bonaccorso at 2022-08-24T09:14:37+02:00
Add upstream commit reference for CVE-2022-31676
- - - - -
eb6c8c3e by Salvatore Bonaccorso at 2022-08-24T09:23:54+02:00
Add Debian bug reference for CVE-2022-31676
- - - - -
7d7e26f1 by security tracker role at 2022-08-24T08:10:21+00:00
automatic update
- - - - -
f14ad4f0 by Salvatore Bonaccorso at 2022-08-24T10:28:16+02:00
Process two NFUs
- - - - -
432d4ffb by Moritz Muehlenhoff at 2022-08-24T10:35:59+02:00
bullseye triage
- - - - -
2c9ff52c by Salvatore Bonaccorso at 2022-08-24T10:39:00+02:00
Process three NFUs
- - - - -
fdd0407e by Moritz Muehlenhoff at 2022-08-24T10:42:58+02:00
NFU
add note for shim entries
- - - - -
9f2bbe07 by Moritz Muehlenhoff at 2022-08-24T10:56:55+02:00
open-vm-tools fixed in sid
- - - - -
f23cda07 by Moritz Muehlenhoff at 2022-08-24T10:57:58+02:00
pdns-recursor fixed in sid
- - - - -
9fb8a877 by Moritz Muehlenhoff at 2022-08-24T12:08:51+02:00
NFUs
- - - - -
52026250 by Markus Koschany at 2022-08-24T14:20:47+02:00
CVE-2022-35978,minetest: Mark Buster and Bullseye no-dsa
This issue affects only the single player mode and could be fixed if a more
serious problem arises in the future.
- - - - -
cf9292c5 by Salvatore Bonaccorso at 2022-08-24T14:26:11+02:00
Remove minetest from dsa-needed list
- - - - -
71ae14eb by Salvatore Bonaccorso at 2022-08-24T15:02:08+02:00
Reserve DSA number for open-vm-tools update
- - - - -
922937a6 by Salvatore Bonaccorso at 2022-08-24T16:58:30+02:00
Reserve DSA number for libxslt update
- - - - -
178f908b by Moritz Muehlenhoff at 2022-08-24T17:12:50+02:00
texlive/otfcc updates
- - - - -
3cabb67a by Moritz Mühlenhoff at 2022-08-24T21:07:42+02:00
firefox-esr DSA
- - - - -
6f0b9313 by Salvatore Bonaccorso at 2022-08-24T21:28:08+02:00
Mark CVE-2022-2832/blender as unimportant
This only affects builds of blender with WITH_HEADLESS which is not the
case in Debian.
- - - - -
2dbf8ac4 by Salvatore Bonaccorso at 2022-08-24T21:33:06+02:00
Add upstream commits for CVE-2022-2850/389-ds-base
- - - - -
dc308afc by Salvatore Bonaccorso at 2022-08-24T21:43:54+02:00
Mark CVE-2022-2946 as no-dsa for bullseye
- - - - -
1d4170c5 by Salvatore Bonaccorso at 2022-08-24T21:45:12+02:00
Add Debian bug reference for CVE-2022-2850/389-ds-base
- - - - -
e3bbe76a by Salvatore Bonaccorso at 2022-08-24T21:47:54+02:00
Update information for CVE-2022-2962/qemu
- - - - -
6358e4da by Salvatore Bonaccorso at 2022-08-24T22:01:13+02:00
Add Debian bug reference for CVE-2022-38223/qemu
- - - - -
2f7e1346 by Anton Gladky at 2022-08-24T22:05:48+02:00
DLA: add firefox-esr (urgent upload)
- - - - -
5203f09e by Anton Gladky at 2022-08-24T22:05:49+02:00
Reserve DLA-3080-1 for firefox-esr
- - - - -
3800fb41 by security tracker role at 2022-08-24T20:10:16+00:00
automatic update
- - - - -
21b04838 by Salvatore Bonaccorso at 2022-08-24T22:14:22+02:00
Add tracking bug for collection of tcpreplay CVEs
- - - - -
9ca36e16 by Salvatore Bonaccorso at 2022-08-24T22:20:46+02:00
Add CVE-2022-2978/linux
- - - - -
8186dfa6 by Salvatore Bonaccorso at 2022-08-24T22:27:04+02:00
Process some NFUs
- - - - -
ab72e75d by Adrian Bunk at 2022-08-24T23:30:47+03:00
CVE-2022-32511 has recently been fixed in sid and bookworm
- - - - -
1a0587d5 by Salvatore Bonaccorso at 2022-08-25T08:27:15+02:00
Process CVE-2021-4022 as NFU
- - - - -
65156c78 by Abhijith PA at 2022-08-25T12:47:43+05:30
Reserve DLA-3081-1 for open-vm-tools
- - - - -
80fe4f5c by security tracker role at 2022-08-25T08:10:14+00:00
automatic update
- - - - -
cc0a2b42 by Salvatore Bonaccorso at 2022-08-25T11:39:26+02:00
Process one NFU
- - - - -
181a9d4e by Salvatore Bonaccorso at 2022-08-25T12:29:56+02:00
Process some more NFUs
- - - - -
81a318a0 by Salvatore Bonaccorso at 2022-08-25T21:32:44+02:00
Track fixed version for CVE-2020-27511/prototypejs via unstable
- - - - -
aba91adf by Salvatore Bonaccorso at 2022-08-25T21:47:35+02:00
Reserve DSA number for zlib update
- - - - -
bd10aa3b by security tracker role at 2022-08-25T20:10:17+00:00
automatic update
- - - - -
f810a9fb by Salvatore Bonaccorso at 2022-08-25T22:25:30+02:00
Process some NFUs
- - - - -
b6853f9d by Salvatore Bonaccorso at 2022-08-25T22:33:11+02:00
Add CVE-2022-2991/linux
- - - - -
bbaa6690 by Salvatore Bonaccorso at 2022-08-25T22:57:40+02:00
Process some NFUs
- - - - -
6dd4f3f2 by Salvatore Bonaccorso at 2022-08-25T23:40:26+02:00
Add CVE-2022-32793/wpewebkit
- - - - -
a36d2fe8 by Salvatore Bonaccorso at 2022-08-25T23:43:57+02:00
Add CVE-2022-32793/webkit2gtk
- - - - -
e79d2a76 by Salvatore Bonaccorso at 2022-08-25T23:53:05+02:00
Add CVE-2021-42521/vtk
- - - - -
1c5b80a4 by Salvatore Bonaccorso at 2022-08-25T23:55:16+02:00
Add CVE-2021-42522/anjuta
- - - - -
76ed2457 by Salvatore Bonaccorso at 2022-08-25T23:57:22+02:00
Add CVE-2021-42523/colord
- - - - -
0e68372e by Salvatore Bonaccorso at 2022-08-26T00:02:54+02:00
Add CVE-2021-3800/glib2.0
- - - - -
8576d098 by Salvatore Bonaccorso at 2022-08-26T00:06:45+02:00
Add CVE-2022-22728/libapreq2
- - - - -
ab5d082e by Adrian Bunk at 2022-08-26T02:49:29+03:00
CVE-2022-0759 was fixed in ruby-kubeclient 4.9.3-1
- - - - -
4927ad96 by Salvatore Bonaccorso at 2022-08-26T07:48:16+02:00
Add CVE-2022-29{89,90}
- - - - -
68a5a3b6 by Salvatore Bonaccorso at 2022-08-26T09:00:12+02:00
Process some NFUs
- - - - -
d903700b by Salvatore Bonaccorso at 2022-08-26T09:03:18+02:00
Move webkit2gtk CVEs to CVE-2022-32893
- - - - -
0a7fa93f by Salvatore Bonaccorso at 2022-08-26T09:12:04+02:00
Process two NFUs
- - - - -
36823f89 by Salvatore Bonaccorso at 2022-08-26T09:21:27+02:00
Add CVE-2020-35511/pngcheck
- - - - -
3d0ad999 by Moritz Muehlenhoff at 2022-08-26T09:50:22+02:00
bullseye triage
- - - - -
43098006 by security tracker role at 2022-08-26T08:10:22+00:00
automatic update
- - - - -
a8d9cf01 by Salvatore Bonaccorso at 2022-08-26T10:18:09+02:00
Add CVE-2022-2997/snipe-it
- - - - -
0a612886 by Salvatore Bonaccorso at 2022-08-26T10:31:05+02:00
Add CVE-2022-2982/vim
- - - - -
6a7f04ce by Salvatore Bonaccorso at 2022-08-26T10:35:42+02:00
Add CVE-2022-2980/vim
- - - - -
f975efde by Salvatore Bonaccorso at 2022-08-26T11:02:44+02:00
Add CVE-2022-38533/binutils
- - - - -
bb116a19 by Moritz Mühlenhoff at 2022-08-26T13:29:08+02:00
fig2dev spu
- - - - -
a90a4bf8 by Moritz Muehlenhoff at 2022-08-26T16:21:56+02:00
more references
- - - - -
50288d49 by Moritz Mühlenhoff at 2022-08-26T16:37:19+02:00
pcre2 spu
- - - - -
a446a498 by Salvatore Bonaccorso at 2022-08-26T19:39:42+02:00
Add CVE-2022-2905/linux
- - - - -
440f4b5e by Salvatore Bonaccorso at 2022-08-26T21:15:37+02:00
Add Debian bug reference for CVE-2022-22728/libapreq2
- - - - -
abb98a5d by security tracker role at 2022-08-26T20:10:19+00:00
automatic update
- - - - -
d1957c69 by Salvatore Bonaccorso at 2022-08-26T22:17:26+02:00
Process two NFUs
- - - - -
2c896a85 by Salvatore Bonaccorso at 2022-08-26T22:18:18+02:00
Assign webkit2gtk and wpewebkit from dsa-needed
- - - - -
2af94dad by Salvatore Bonaccorso at 2022-08-26T22:21:00+02:00
Process some NFUs
- - - - -
c171b5fe by Salvatore Bonaccorso at 2022-08-26T22:42:48+02:00
Process some NFUs
- - - - -
dce740ce by Salvatore Bonaccorso at 2022-08-26T22:43:14+02:00
Add CVE-2021-4216/mupdf
- - - - -
acabc113 by Salvatore Bonaccorso at 2022-08-26T22:43:44+02:00
Add new sox issues
- - - - -
61cbee9b by Salvatore Bonaccorso at 2022-08-26T22:44:47+02:00
Add CVE-2021-3427/deluge
- - - - -
267d5684 by Salvatore Bonaccorso at 2022-08-27T08:46:16+02:00
Add new upx-ucl issues
- - - - -
6b6ec6d2 by Salvatore Bonaccorso at 2022-08-27T08:52:55+02:00
Add CVE-2022-2964/linux
- - - - -
80e339af by Salvatore Bonaccorso at 2022-08-27T08:54:37+02:00
Add CVE-2022-2995/cri-o, itp'ed
- - - - -
d475637c by Salvatore Bonaccorso at 2022-08-27T08:58:09+02:00
Add CVE-2022-2996/python-scciclient
- - - - -
c9f81f06 by Salvatore Bonaccorso at 2022-08-27T09:15:11+02:00
Add Debian bug reference for CVE-2022-2996
- - - - -
b7e00dcb by security tracker role at 2022-08-27T08:10:19+00:00
automatic update
- - - - -
b8c3977e by Salvatore Bonaccorso at 2022-08-27T11:37:24+02:00
Process some NFUs
- - - - -
ea68201b by Salvatore Bonaccorso at 2022-08-27T11:43:17+02:00
Add CVE-2019-15167/tcpdump
- - - - -
a433334a by Alberto Garcia at 2022-08-27T16:37:56+02:00
webkit2gtk DSA-5219-1 and wpewebkit DSA-5220-1
- - - - -
bf2b35fc by Sylvain Beucler at 2022-08-27T18:22:26+02:00
Reserve DLA-3082-1 for exim4
- - - - -
768dca5e by Abhijith PA at 2022-08-28T00:22:19+05:30
Reserve DLA-3083-1 for puma
- - - - -
e89a08b9 by Salvatore Bonaccorso at 2022-08-27T21:06:12+02:00
evloution-rss removed from unstable
- - - - -
e81f65da by Salvatore Bonaccorso at 2022-08-27T21:09:35+02:00
Add upstream tag information for CVE-2022-23634 fix upstream
- - - - -
db4c94d8 by Salvatore Bonaccorso at 2022-08-27T21:10:18+02:00
Track fixed version for CVE-2022-23634/puma via unstable
- - - - -
47976b80 by Salvatore Bonaccorso at 2022-08-27T21:13:33+02:00
Track fixed version for CVE-2022-24790/puma via unstable
- - - - -
db83ae38 by Anton Gladky at 2022-08-27T21:20:32+02:00
LTS: ignore CVE-2020-15473
- - - - -
b18d1f41 by Anton Gladky at 2022-08-27T21:20:38+02:00
LTS: mark CVE-2020-15475 as not-affected for buster
- - - - -
c7846a5c by Abhijith PA at 2022-08-28T01:05:05+05:30
data/dla-needed.txt: claim sox sofia-sip
- - - - -
50e9faf0 by Salvatore Bonaccorso at 2022-08-27T21:45:26+02:00
Sort suites entries for ndpi
- - - - -
a02e04f2 by Salvatore Bonaccorso at 2022-08-27T21:50:43+02:00
Track proposed update for freeradius via buster-pu
- - - - -
82c8e1fa by security tracker role at 2022-08-27T20:10:25+00:00
automatic update
- - - - -
ac1caed1 by Anton Gladky at 2022-08-27T22:16:08+02:00
Reserve DLA-3084-1 for ndpi
- - - - -
f6e610d7 by Salvatore Bonaccorso at 2022-08-28T07:13:14+02:00
Process NFUs
- - - - -
7073adf8 by security tracker role at 2022-08-28T08:10:12+00:00
automatic update
- - - - -
2dc8bbcc by Salvatore Bonaccorso at 2022-08-28T10:24:04+02:00
Add CVE-2022-38791/MariaDB
- - - - -
c0c8ba0e by Salvatore Bonaccorso at 2022-08-28T10:26:20+02:00
Process one NFU
- - - - -
c10b16c0 by Salvatore Bonaccorso at 2022-08-28T10:27:01+02:00
Add CVE-2022-38792/python-exotel
- - - - -
143b0f65 by Salvatore Bonaccorso at 2022-08-28T13:49:54+02:00
Expand commit list for CVE-2021-44648/gdk-pixbuf
- - - - -
79f9cb9d by Salvatore Bonaccorso at 2022-08-28T21:00:30+02:00
Track fixed version for various fis-gtm issues
- - - - -
762f47f6 by Salvatore Bonaccorso at 2022-08-28T21:05:46+02:00
Track proposed update for dlt-daemon via bullseye-pu
- - - - -
af02afe7 by security tracker role at 2022-08-28T20:10:22+00:00
automatic update
- - - - -
cd30c18b by Thorsten Alteholz at 2022-08-29T00:04:15+02:00
update note and take upx-ucl
- - - - -
1d34d950 by Markus Koschany at 2022-08-29T00:47:54+02:00
Remove no-dsa tags for upcoming curl update
- - - - -
cd62cd85 by Markus Koschany at 2022-08-29T00:49:45+02:00
Reserve DLA-3085-1 for curl
- - - - -
da256173 by Markus Koschany at 2022-08-29T00:53:28+02:00
Claim maven-shared-utils and update NOTES.
- - - - -
acf9fd2f by Markus Koschany at 2022-08-29T00:57:55+02:00
CVE-2022-27774,curl: postponed in Buster
- - - - -
fb37676d by Salvatore Bonaccorso at 2022-08-29T06:34:56+02:00
Process some NFUs
- - - - -
7897bb3f by Salvatore Bonaccorso at 2022-08-29T06:42:33+02:00
Add CVE-2022-3016/vim
- - - - -
99c56345 by Salvatore Bonaccorso at 2022-08-29T07:08:31+02:00
Process NFUs
- - - - -
e5c87ba3 by Salvatore Bonaccorso at 2022-08-29T07:09:15+02:00
Add CVE-2021-3574/imagemagick
- - - - -
d4ab9275 by Salvatore Bonaccorso at 2022-08-29T07:09:50+02:00
Add CVE-2021-20224/imagemagick
- - - - -
3426d7be by Salvatore Bonaccorso at 2022-08-29T07:56:56+02:00
Note that maintainer proposed debdiff for sofia-sip
- - - - -
02acd7be by Salvatore Bonaccorso at 2022-08-29T08:36:22+02:00
Track fixed version for thunderbird issues for mfsa2022-36
- - - - -
7f6cc9ae by Salvatore Bonaccorso at 2022-08-29T08:38:25+02:00
Add fixed version for CVE-2022-38476
- - - - -
052ecc7b by Salvatore Bonaccorso at 2022-08-29T08:51:00+02:00
Add CVE-2021-20223/sqlite3
- - - - -
bb02628c by Salvatore Bonaccorso at 2022-08-29T09:24:50+02:00
Add inetutils issue
- - - - -
20597bba by Salvatore Bonaccorso at 2022-08-29T09:39:41+02:00
Track proposed (but not yet acked) mbedtls update via bullseye-pu
- - - - -
f3ac36bb by Salvatore Bonaccorso at 2022-08-29T09:42:48+02:00
Track dovecot proposed udate via bullseye-pu
- - - - -
49e350a1 by Salvatore Bonaccorso at 2022-08-29T10:07:06+02:00
Mark inetutils as no-dsa for bullseye
- - - - -
ba2a09b9 by security tracker role at 2022-08-29T08:10:17+00:00
automatic update
- - - - -
8f64b2a0 by Salvatore Bonaccorso at 2022-08-29T10:14:38+02:00
Process several NFUs
- - - - -
56483fb4 by Markus Koschany at 2022-08-29T14:47:13+02:00
Reserve DLA-3086-1 for maven-shared-utils
- - - - -
5e7fc22a by Sylvain Beucler at 2022-08-29T17:48:25+02:00
dla: claim nodejs
- - - - -
341b5798 by Salvatore Bonaccorso at 2022-08-29T20:26:38+02:00
Add CVE-2022-28199/dpdk
- - - - -
b089b296 by Salvatore Bonaccorso at 2022-08-29T20:29:40+02:00
Mark CVE-2022-28199 as not-affected for 18.x branch in buster
- - - - -
8bc27dd3 by Salvatore Bonaccorso at 2022-08-29T20:35:22+02:00
Add CVE-2022-2132/dpdk
- - - - -
c1ab9c51 by Salvatore Bonaccorso at 2022-08-29T20:36:17+02:00
Add dpdk to dsa-needed list
- - - - -
3a3e04eb by Moritz Muehlenhoff at 2022-08-29T20:50:02+02:00
take dpdk
- - - - -
7d43823c by Salvatore Bonaccorso at 2022-08-29T21:19:39+02:00
Track proposed nvidia-graphics-drivers-tesla-450 updates via bullseye-pu
- - - - -
f56c0058 by Salvatore Bonaccorso at 2022-08-29T21:21:15+02:00
Track proposed nvidia-graphics-drivers-tesla-470 updates via bullseye-pu
- - - - -
161ce0da by Salvatore Bonaccorso at 2022-08-29T21:22:30+02:00
Track proposed nvidia-graphics-drivers update via bullseye-pu
- - - - -
949334c1 by Salvatore Bonaccorso at 2022-08-29T22:02:31+02:00
Process four NFUs
- - - - -
bc69ffc8 by security tracker role at 2022-08-29T20:10:20+00:00
automatic update
- - - - -
45bf3b22 by Salvatore Bonaccorso at 2022-08-29T22:15:24+02:00
Process some NFUs
Those are from INTEL-SA-00621 but affecting either Windows systems or
UEFI firmware.
Link: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
- - - - -
c3b90729 by Salvatore Bonaccorso at 2022-08-29T22:15:26+02:00
Add firmware-nonfree CVEs from INTEL-SA-00621
Link: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
- - - - -
ba13bfcd by Salvatore Bonaccorso at 2022-08-29T22:17:50+02:00
Process NFUs
- - - - -
32c8b6d8 by Salvatore Bonaccorso at 2022-08-29T22:18:36+02:00
Remove notes from CVE-2022-36707 (duplicate of CVE-2022-2214)
- - - - -
01f83afb by Salvatore Bonaccorso at 2022-08-29T22:20:40+02:00
Remove information from CVE-2022-0644
- - - - -
c1870d46 by Moritz Mühlenhoff at 2022-08-29T22:28:48+02:00
thunderbird DSA
- - - - -
8515de26 by Salvatore Bonaccorso at 2022-08-29T22:30:33+02:00
Add CVE-2022-2953/tiff
- - - - -
577ebfa6 by Salvatore Bonaccorso at 2022-08-29T22:34:00+02:00
Process NFUs
- - - - -
5c1ed16d by Anton Gladky at 2022-08-29T22:38:40+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
b64da0a4 by Anton Gladky at 2022-08-30T06:16:39+02:00
Reserve DLA-3087-1 for webkit2gtk
- - - - -
3718d718 by Salvatore Bonaccorso at 2022-08-30T06:30:32+02:00
CVE-2022-39028/inetutils assigned
- - - - -
a69be114 by Anton Gladky at 2022-08-30T06:38:21+02:00
Revert "Reserve DLA-3087-1 for webkit2gtk"
This reverts commit b64da0a4dcfaa99c4b4a8acc3daa56c049f4097d.
- - - - -
ac000627 by Anton Gladky at 2022-08-30T06:39:19+02:00
Reserve DLA-3087-1 for webkit2gtk
- - - - -
797c376e by Salvatore Bonaccorso at 2022-08-30T06:48:18+02:00
Track proposed inetutils update via bullseye-pu
- - - - -
71ae11ce by Salvatore Bonaccorso at 2022-08-30T07:37:42+02:00
Reference upstream issue for freeciv issue, #1017579
- - - - -
32634ce8 by Salvatore Bonaccorso at 2022-08-30T08:31:07+02:00
Add CVE-2022-2986/moodle
- - - - -
6fce142d by Salvatore Bonaccorso at 2022-08-30T08:36:27+02:00
Add advancecomp issues (unlcear report upstream)
- - - - -
8fa581b5 by Salvatore Bonaccorso at 2022-08-30T09:20:37+02:00
Add CVE-2021-46837/asterisk
- - - - -
ec32d283 by Salvatore Bonaccorso at 2022-08-30T09:32:06+02:00
Try to clarify note for CVE-2019-15297 / CVE-2021-46837
- - - - -
d15c86df by security tracker role at 2022-08-30T08:10:18+00:00
automatic update
- - - - -
fe2a6c9c by Moritz Muehlenhoff at 2022-08-30T10:30:39+02:00
bullseye triage
- - - - -
42c9e6b8 by Salvatore Bonaccorso at 2022-08-30T11:13:20+02:00
Process one NFU
- - - - -
da616eea by Salvatore Bonaccorso at 2022-08-30T11:23:45+02:00
Add CVE-2022-3035/snipe-it
- - - - -
8eea0859 by Salvatore Bonaccorso at 2022-08-30T11:25:04+02:00
Process some NFUs
- - - - -
d99d0ed6 by Stefano Rivera at 2022-08-30T11:36:55+02:00
Don't think the rsync patch is reasonably backportable
- - - - -
cc90ce1e by Stefano Rivera at 2022-08-30T11:47:06+02:00
Upstream issue for CVE-2022-35583
- - - - -
354bd0fd by Stefano Rivera at 2022-08-30T11:52:05+02:00
Upstream hasn't looked at wkhtmltopdf's CVE
- - - - -
327dda4d by Stefano Rivera at 2022-08-30T12:01:54+02:00
Take netatalk
- - - - -
ef809332 by Moritz Muehlenhoff at 2022-08-30T15:18:04+02:00
additional reference for CVE-2022-2586
- - - - -
bf0548c5 by Stefano Rivera at 2022-08-30T15:40:36+02:00
ignore CVE-2022-29154 for bullseye - not reasonbly backportable
- - - - -
57a8fe05 by Salvatore Bonaccorso at 2022-08-30T16:22:12+02:00
Revert "ignore CVE-2022-29154 for bullseye - not reasonbly backportable"
This reverts commit bf0548c5166b324750ab071f71f732083ff9282c.
- - - - -
5a26be31 by Stefano Rivera at 2022-08-30T16:39:50+02:00
Ignore rsync for buster (whoops)
- - - - -
128acfb5 by Salvatore Bonaccorso at 2022-08-30T16:41:21+02:00
Add CVE-2022-2663/linux
- - - - -
7288fa6e by Moritz Mühlenhoff at 2022-08-30T20:42:27+02:00
dpdk DSA
- - - - -
b64286c2 by security tracker role at 2022-08-30T20:10:22+00:00
automatic update
- - - - -
68f38d72 by Salvatore Bonaccorso at 2022-08-30T22:13:23+02:00
Process two NFUs
- - - - -
eb28a692 by Salvatore Bonaccorso at 2022-08-30T22:14:19+02:00
Remove TODO item from rejected CVE (was incorrectly assigned)
- - - - -
2c394b7b by Salvatore Bonaccorso at 2022-08-30T22:29:44+02:00
Add CVE-2022-38784/poppler
- - - - -
d0959741 by Salvatore Bonaccorso at 2022-08-30T22:38:42+02:00
Add CVE-2022-3017/froxlor
- - - - -
f131fcf3 by Salvatore Bonaccorso at 2022-08-30T22:39:50+02:00
Process some NFUs
- - - - -
19ffd2f7 by Salvatore Bonaccorso at 2022-08-30T22:40:17+02:00
Add CVE-2022-36194/centreon-web, itp'ed
- - - - -
75648813 by Salvatore Bonaccorso at 2022-08-30T22:40:47+02:00
Add CVE-2022-0367/libmodbus
- - - - -
bc275714 by Salvatore Bonaccorso at 2022-08-30T22:45:02+02:00
Add CVE-2022-21385/linux
- - - - -
136b324e by Thorsten Alteholz at 2022-08-30T23:24:06+02:00
Reserve DLA-3088-1 for net-snmp
- - - - -
81b5df38 by Salvatore Bonaccorso at 2022-08-31T06:33:22+02:00
Add chromium to dsa-needed list
- - - - -
da03de6c by Salvatore Bonaccorso at 2022-08-31T06:43:29+02:00
Add new chromium issues
- - - - -
917a27d3 by Salvatore Bonaccorso at 2022-08-31T06:56:16+02:00
Add CVE-2022-3061/linux
- - - - -
ce336efc by Salvatore Bonaccorso at 2022-08-31T07:02:05+02:00
Add CVE-2020-27784/linux
- - - - -
83049c83 by Salvatore Bonaccorso at 2022-08-31T07:14:25+02:00
Add some new gitlab CVEs
- - - - -
b550005f by Salvatore Bonaccorso at 2022-08-31T07:55:00+02:00
CVE-2022-39047/freeciv assigned
- - - - -
5686173a by Salvatore Bonaccorso at 2022-08-31T08:26:13+02:00
Process three NFUs
- - - - -
41e22c5e by Chris Lamb at 2022-08-31T07:43:04+01:00
data/dla-needed.txt: Claim php-horde-mime-viewer.
- - - - -
bba2e6db by Salvatore Bonaccorso at 2022-08-31T08:56:52+02:00
Add CVE-2020-35525/sqlite3
- - - - -
76ee7ddb by Salvatore Bonaccorso at 2022-08-31T09:03:36+02:00
Add CVE-2020-35527/sqlite3
- - - - -
4add43d4 by Chris Lamb at 2022-08-31T08:10:55+01:00
Reserve DLA-3089-1 for php-horde-mime-viewer
- - - - -
5b41cf73 by Chris Lamb at 2022-08-31T08:34:23+01:00
data/dla-needed.txt: Claim php-horde-turba.
- - - - -
4002b5de by security tracker role at 2022-08-31T08:10:20+00:00
automatic update
- - - - -
09806a59 by Salvatore Bonaccorso at 2022-08-31T10:27:25+02:00
Process some NFUs
- - - - -
1fdc40d4 by Salvatore Bonaccorso at 2022-08-31T10:36:17+02:00
Add CVE-2022-39046/glibc
- - - - -
6ea3cde9 by Salvatore Bonaccorso at 2022-08-31T10:38:16+02:00
Add CVE-202-3037/vim
- - - - -
cf2f0e1c by Chris Lamb at 2022-08-31T09:41:49+01:00
Reserve DLA-3090-1 for php-horde-turba
- - - - -
43884d67 by Salvatore Bonaccorso at 2022-08-31T10:44:24+02:00
Update information for CVE-2022-39046/glibc
- - - - -
4420a021 by Salvatore Bonaccorso at 2022-08-31T10:48:20+02:00
Process some NFUs
- - - - -
b46b41cc by Helmut Grohne at 2022-08-31T13:43:11+02:00
flag wkhtmltopdf CVE-2022-35583 unimportant
- - - - -
1ee36381 by Moritz Muehlenhoff at 2022-08-31T13:49:34+02:00
new curl issue
- - - - -
37e036fc by Moritz Muehlenhoff at 2022-08-31T13:52:26+02:00
add xpdf/poppler clarification
- - - - -
7d193dd3 by Salvatore Bonaccorso at 2022-08-31T14:28:56+02:00
Wrap slightly a long note
- - - - -
c7a140b5 by Salvatore Bonaccorso at 2022-08-31T14:28:57+02:00
CVE-2022-35252: Reference upstream information and upstream tag
- - - - -
a5b5c0e9 by Salvatore Bonaccorso at 2022-08-31T14:44:35+02:00
Add Debian bug reference for CVE-2022-35252/curl
- - - - -
2963291a by security tracker role at 2022-08-31T20:10:36+00:00
automatic update
- - - - -
42983945 by Salvatore Bonaccorso at 2022-08-31T22:17:15+02:00
CVE-2022-39047/freeciv fixed in unstable
- - - - -
777ecff8 by Salvatore Bonaccorso at 2022-08-31T22:19:53+02:00
Process two NFUs
- - - - -
41913e67 by Salvatore Bonaccorso at 2022-08-31T22:23:22+02:00
Add CVE-2022-37183/piwigo
- - - - -
7cd3078c by Salvatore Bonaccorso at 2022-08-31T22:24:37+02:00
Process some NFUs
- - - - -
3de98831 by Salvatore Bonaccorso at 2022-08-31T22:31:35+02:00
Add CVE-2022-3028/linux
- - - - -
a5c9affd by Salvatore Bonaccorso at 2022-08-31T23:15:09+02:00
Add two new wolfssl issues
- - - - -
6bf3d59d by Salvatore Bonaccorso at 2022-08-31T23:20:21+02:00
Add three new tiff issues
- - - - -
93072b33 by Markus Koschany at 2022-09-01T07:28:44+02:00
CVE-2019-15167,tcpdump: Earliest fix was in 4.9.3-1~deb10u1
CVE-2019-15167 is also fixed in Buster, correct the version accordingly.
- - - - -
944cf827 by Salvatore Bonaccorso at 2022-09-01T08:09:27+02:00
Restore information about unstable fix for CVE-2019-15167 and add buster entry
- - - - -
3c6decb2 by Salvatore Bonaccorso at 2022-09-01T08:15:52+02:00
Add one new additional chromium CVE appeared in advisory
Link: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- - - - -
1a01a68b by Salvatore Bonaccorso at 2022-09-01T08:19:47+02:00
Track fixed version for chromium via unstable
- - - - -
2f3a2d0c by Salvatore Bonaccorso at 2022-09-01T08:20:44+02:00
Fix indentation of one source package entry
- - - - -
cb8499ad by Moritz Mühlenhoff at 2022-09-01T09:08:48+02:00
inetutils ospu
- - - - -
0f318742 by Markus Koschany at 2022-09-01T09:10:42+02:00
Add dpdk, curl, ghostscript and glib2.0 to dla-needed.txt
- - - - -
9d46290d by Salvatore Bonaccorso at 2022-09-01T09:17:44+02:00
Track CVE fixes for linux/5.19.6-1 upload to unstable
- - - - -
885e5239 by Salvatore Bonaccorso at 2022-09-01T09:22:39+02:00
Add note on dpdk upload from maintainer
- - - - -
1dd172f1 by security tracker role at 2022-09-01T08:10:18+00:00
automatic update
- - - - -
19c5bf49 by Salvatore Bonaccorso at 2022-09-01T10:20:06+02:00
Process some NFUs
- - - - -
04172aba by Salvatore Bonaccorso at 2022-09-01T10:28:36+02:00
Process several NFUs
- - - - -
bfb14f7e by Salvatore Bonaccorso at 2022-09-01T10:53:56+02:00
Process some NFUs
- - - - -
40bb4216 by Salvatore Bonaccorso at 2022-09-01T11:10:43+02:00
Add thunderbird issues from mfsa2022-38
- - - - -
e57abd30 by Salvatore Bonaccorso at 2022-09-01T11:17:48+02:00
Add CVE-2022-36059/node-matrix-js-sdk
- - - - -
4dc66265 by Moritz Muehlenhoff at 2022-09-01T11:31:07+02:00
new wordpress issues (temp entry)
- - - - -
58bc43de by Salvatore Bonaccorso at 2022-09-01T11:33:01+02:00
Add Debian bug reference for wordpress issue
- - - - -
f57ac939 by Moritz Muehlenhoff at 2022-09-01T11:41:58+02:00
NFU
- - - - -
70cc5ede by Moritz Muehlenhoff at 2022-09-01T12:36:20+02:00
latest thunderbird issues n/a for stable/oldstable
- - - - -
93a402ef by Moritz Muehlenhoff at 2022-09-01T15:44:24+02:00
bullseye triage
- - - - -
692b2ebe by Moritz Muehlenhoff at 2022-09-01T16:02:02+02:00
one more exploit writeup for CVE-2022-32250
- - - - -
dc6f49e2 by Salvatore Bonaccorso at 2022-09-01T20:33:13+02:00
Reference commits for firrmware-nonfree issues for INTEL-SA-00621
Not fully confirmed (yet), but they match the information from
INTEL-SA-00621 on upstream publication and related firmware for Intel
Bluetooth 9462, 6560, AX201, AX211, AX210, AX200 and AX201.
- - - - -
ba530b65 by Moritz Mühlenhoff at 2022-09-01T21:16:58+02:00
chromium DSA
- - - - -
35161e2d by security tracker role at 2022-09-01T20:10:29+00:00
automatic update
- - - - -
0ed10e49 by Salvatore Bonaccorso at 2022-09-01T22:21:46+02:00
Process some NFUs
- - - - -
697c7e79 by Salvatore Bonaccorso at 2022-09-01T22:42:29+02:00
Add CVE-2022-36055/hlem-kubernetes
- - - - -
502c21ed by Abhijith PA at 2022-09-02T02:16:46+05:30
Reserve DLA-3091-1 for sofia-sip
- - - - -
8a1595ab by Salvatore Bonaccorso at 2022-09-01T22:50:11+02:00
Process some NFUs
- - - - -
ca180ef3 by Salvatore Bonaccorso at 2022-09-01T22:50:12+02:00
Add CVE-2022-32743/samba
- - - - -
f8af919e by Salvatore Bonaccorso at 2022-09-01T23:11:37+02:00
Add CVE-2020-3553{0,1,2,3,4,5}/libraw
- - - - -
880ea23c by Salvatore Bonaccorso at 2022-09-02T06:34:15+02:00
Add CVE-2022-3918{8,9}/linux
- - - - -
b3832e30 by Salvatore Bonaccorso at 2022-09-02T06:55:24+02:00
Add CVE-2022-2735/pcs
- - - - -
b06dd15f by Salvatore Bonaccorso at 2022-09-02T07:03:40+02:00
Add CVE-2022-3078/linux
- - - - -
80838152 by Markus Koschany at 2022-09-02T07:04:56+02:00
Reserve DLA-3092-1 for dpdk
- - - - -
8d936036 by Markus Koschany at 2022-09-02T07:30:17+02:00
Add connman and poppler to dla-needed.txt
- - - - -
0d70e799 by Markus Koschany at 2022-09-02T07:38:37+02:00
Add thunderbird to dla-needed.txt
- - - - -
d0318344 by Salvatore Bonaccorso at 2022-09-02T08:35:06+02:00
Process some NFUs
- - - - -
13b14c7e by Salvatore Bonaccorso at 2022-09-02T08:35:47+02:00
Add Debian bug reference for CVE-2022-2735/pcs
- - - - -
d94fc96a by Salvatore Bonaccorso at 2022-09-02T08:40:45+02:00
Add CVE-2022-36033/jsoup
- - - - -
7581d34c by Henri Salo at 2022-09-02T09:49:19+03:00
CVE-2022-38054/airflow
- - - - -
9b6c64b0 by Salvatore Bonaccorso at 2022-09-02T08:52:21+02:00
Add Debian bug reference for CVE-2022-36033/jsoup
- - - - -
7fa5035b by Moritz Muehlenhoff at 2022-09-02T09:07:16+02:00
bullseye triage
- - - - -
38ead3de by Neil Williams at 2022-09-02T08:24:48+01:00
Process some NFUs
- - - - -
24ec2bd1 by Neil Williams at 2022-09-02T08:40:07+01:00
CVE-2021-3020/crmsh 4.3.1
Vulnerable in bullseye
- - - - -
a1490101 by Neil Williams at 2022-09-02T08:52:00+01:00
Process two NFUs
- - - - -
413b908f by Salvatore Bonaccorso at 2022-09-02T10:03:48+02:00
Drop explicit unfixed entry for bullseye for CVE-2021-3020
- - - - -
fc2f678d by Salvatore Bonaccorso at 2022-09-02T10:05:25+02:00
Add Debian revision to version for CVE-2021-3020/crmsh via unstable
- - - - -
97ab104b by security tracker role at 2022-09-02T08:10:27+00:00
automatic update
- - - - -
5d4b1c62 by Neil Williams at 2022-09-02T09:12:55+01:00
Process some NFUs
- - - - -
99182b02 by Salvatore Bonaccorso at 2022-09-02T10:24:11+02:00
Add CVE-2022-39190/linux
- - - - -
16f8f631 by Salvatore Bonaccorso at 2022-09-02T10:26:57+02:00
Process some NFUs
- - - - -
931e631a by Salvatore Bonaccorso at 2022-09-02T10:31:41+02:00
Add CVE-2022-3917{6,7}/bluez
- - - - -
41ee2a61 by Salvatore Bonaccorso at 2022-09-02T10:33:04+02:00
Process some NFUs
- - - - -
f946b3bc by Neil Williams at 2022-09-02T09:50:41+01:00
CVE-2022-1325/cimg unfixed #1018941
- - - - -
b05bdafa by Neil Williams at 2022-09-02T09:58:30+01:00
CVE-2022-1615/samba unfixed
- - - - -
2626e781 by Neil Williams at 2022-09-02T10:16:11+01:00
Process some NFUs
- - - - -
120d880a by Neil Williams at 2022-09-02T10:22:28+01:00
CVE-2022-2764/undertow unfixed
- - - - -
70168e2d by Neil Williams at 2022-09-02T10:38:32+01:00
Process some NFUs
- - - - -
35bd5b59 by Neil Williams at 2022-09-02T11:00:38+01:00
Process some NFUs
- - - - -
bf56ec98 by Moritz Muehlenhoff at 2022-09-02T12:59:20+02:00
add exploit reference
- - - - -
9d58f429 by Salvatore Bonaccorso at 2022-09-02T13:43:37+02:00
Remove one reference which does not reach additional information
- - - - -
bfcc89c0 by Salvatore Bonaccorso at 2022-09-02T14:14:44+02:00
Add CVE-2022-39170/dwarfutils
- - - - -
bfec0936 by Salvatore Bonaccorso at 2022-09-02T14:24:55+02:00
Add CVE-2022-38128/binutils
- - - - -
8f9c8f03 by Moritz Muehlenhoff at 2022-09-02T14:44:05+02:00
NFUs
- - - - -
30b949ff by Moritz Muehlenhoff at 2022-09-02T14:58:00+02:00
NFUs
- - - - -
98a34314 by Salvatore Bonaccorso at 2022-09-02T14:59:12+02:00
Add CVE-2022-38127/binutils
- - - - -
8a34bbe8 by Salvatore Bonaccorso at 2022-09-02T15:00:32+02:00
Add CVE-2022-38126/binutils
- - - - -
8a4b5acf by Salvatore Bonaccorso at 2022-09-02T15:07:24+02:00
Process some NFUs
- - - - -
025d5e8b by Salvatore Bonaccorso at 2022-09-02T15:38:11+02:00
Add CVE-2020-35538/libjpeg-turbo
- - - - -
1b6798aa by Salvatore Bonaccorso at 2022-09-02T18:50:42+02:00
Track fixed version via unstable for CVE-2022-27337/poppler
Was fixed upstream in 22.04.0, and first included in unstable with the
22.08.0-2 upload after a series of uploads in experimental.
- - - - -
3cc8606e by Salvatore Bonaccorso at 2022-09-02T18:54:02+02:00
Add fixed version for CVE-2022-35252/curl via unstable
- - - - -
19befd69 by Markus Koschany at 2022-09-02T19:06:50+02:00
Add bluez to dla-needed.txt
- - - - -
6eebfcfa by Salvatore Bonaccorso at 2022-09-02T21:41:37+02:00
Add Debian bug reference for CVE-2022-36059/node-matrix-js-sdk
- - - - -
0fb68b67 by Salvatore Bonaccorso at 2022-09-02T21:47:34+02:00
Re-associate CVE-2021-3020 with hawk, itp'ed
While the CVE references refer to a commit applied in crmsh as well, the
issue is for ClusterLabs Hawk.
- - - - -
7f0677e7 by Salvatore Bonaccorso at 2022-09-02T22:04:07+02:00
Add upstream tag reference for CVE-2022-38784/poppler
- - - - -
817acc79 by security tracker role at 2022-09-02T20:10:18+00:00
automatic update
- - - - -
ca2deb39 by Salvatore Bonaccorso at 2022-09-02T22:12:57+02:00
Add Debian bug reference for CVE-2022-38784/poppler
- - - - -
9f64431b by Salvatore Bonaccorso at 2022-09-02T22:15:54+02:00
Add notes for CVE-2022-38784/poppler
- - - - -
54a7e93f by Salvatore Bonaccorso at 2022-09-02T22:24:03+02:00
Add CVE-2022-38170/airflow
- - - - -
11079ae8 by Salvatore Bonaccorso at 2022-09-02T22:24:36+02:00
Process some NFUs
- - - - -
22d48679 by Salvatore Bonaccorso at 2022-09-02T23:08:33+02:00
Add CVE-2020-22669/modsecurity-crs
- - - - -
87501f70 by Markus Koschany at 2022-09-03T00:24:40+02:00
CVE-2022-36033,jsoup: Buster and Bullseye are no-dsa
Minor issue. The preserveRelativeLinks option is disabled by default.
- - - - -
8fd536f0 by Markus Koschany at 2022-09-03T01:09:58+02:00
CVE-2022-36033,jsoup: fixed in unstable
- - - - -
eaabd91c by Salvatore Bonaccorso at 2022-09-03T07:25:37+02:00
Add CVE-2022-3075/chromium
- - - - -
0deaa769 by Salvatore Bonaccorso at 2022-09-03T07:28:44+02:00
Add chromium to dsa-needed list
- - - - -
2b37f3d9 by Salvatore Bonaccorso at 2022-09-03T09:59:50+02:00
Process some NFUs
- - - - -
e46b0d27 by Salvatore Bonaccorso at 2022-09-03T10:03:03+02:00
Mark issues from INTEL-SA-00593 as NFU
It might affect the drivers in the src:linux package but in this case
there is no actionale information possible, mark for now as NFU and
follow other distros.
- - - - -
65af02c4 by security tracker role at 2022-09-03T08:10:16+00:00
automatic update
- - - - -
094b18d3 by Salvatore Bonaccorso at 2022-09-03T10:11:06+02:00
Mark CVE-2022-21793 as NFU
- - - - -
7891a8fd by Salvatore Bonaccorso at 2022-09-03T10:51:13+02:00
Process some NFUs
- - - - -
ae79cb2e by Salvatore Bonaccorso at 2022-09-03T10:52:17+02:00
Add CVE-2022-36647/davs2
- - - - -
dc945f62 by Salvatore Bonaccorso at 2022-09-03T10:53:17+02:00
Add CVE-2022-36640/influxdb
- - - - -
ccbd1fd5 by Salvatore Bonaccorso at 2022-09-03T10:53:54+02:00
Add CVE-2022-31152/matrix-synapse
- - - - -
b043d0ef by Abhijith PA at 2022-09-03T16:26:29+05:30
Reserve DLA-3093-1 for rails
- - - - -
d237826f by Salvatore Bonaccorso at 2022-09-03T13:37:09+02:00
Track proposed curl update via bullseye-pu
- - - - -
8a7cb1ff by Abhijith PA at 2022-09-03T19:23:53+05:30
Add missing CVE to DLA list
- - - - -
8907e8dc by Salvatore Bonaccorso at 2022-09-03T18:05:51+02:00
Add reference to upstream commit for CVE-2022-36647/davs2
- - - - -
376d2ec5 by Salvatore Bonaccorso at 2022-09-03T18:39:42+02:00
Add commit references for connman issues
- - - - -
3fe7d24c by Salvatore Bonaccorso at 2022-09-03T19:13:02+02:00
Take connman from dsa-needed list
- - - - -
6dfce36a by security tracker role at 2022-09-03T20:10:25+00:00
automatic update
- - - - -
a26cc607 by Salvatore Bonaccorso at 2022-09-03T22:21:33+02:00
Add CVE-2022-3099/vim
- - - - -
30cae8d6 by Utkarsh Gupta at 2022-09-04T02:11:14+05:30
Reserve DLA-3094-1 for flac
- - - - -
126c6e03 by Utkarsh Gupta at 2022-09-04T02:17:05+05:30
Reserve DLA-3095-1 for ruby-rack
- - - - -
53ae6179 by Markus Koschany at 2022-09-03T23:51:34+02:00
Reserve DLA-3096-1 for ghostscript
- - - - -
89d78ce2 by Markus Koschany at 2022-09-03T23:54:04+02:00
Claim poppler in dla-needed.txt
- - - - -
6a6a1dea by Markus Koschany at 2022-09-04T07:14:26+02:00
CVE-2022-39028,inetutils: Buster is no-dsa
Minor issue
- - - - -
7447b886 by Markus Koschany at 2022-09-04T07:19:13+02:00
CVE-2021-3427,deluge: Mark Buster as no-dsa
Minor issue
- - - - -
bd383103 by Markus Koschany at 2022-09-04T07:21:21+02:00
Add imagemagick to dla-needed.txt
- - - - -
3a9fe2b5 by Markus Koschany at 2022-09-04T07:22:15+02:00
CVE-2022-21233,intel-microcode: Buster no-dsa
Minor issue
- - - - -
dcfc53fa by Markus Koschany at 2022-09-04T07:25:21+02:00
CVE-2022-2447,keystone: Buster no-dsa
Minor issue
- - - - -
ff3b84aa by Markus Koschany at 2022-09-04T07:33:12+02:00
Add openexr to dla-needed.txt
- - - - -
d623da06 by Markus Koschany at 2022-09-04T07:34:51+02:00
CVE-2022-37428,pdns-recursor: Buster no-dsa
Minor issue
- - - - -
4653ec65 by Markus Koschany at 2022-09-04T07:36:53+02:00
Add python-oslo.utils to dla-needed.txt
- - - - -
71877d01 by Markus Koschany at 2022-09-04T07:39:01+02:00
Add samba to dla-needed.txt
- - - - -
b279146d by Markus Koschany at 2022-09-04T07:39:54+02:00
Add vim to dla-needed.txt
- - - - -
d79787aa by Markus Koschany at 2022-09-04T07:41:07+02:00
CVE-2021-42521,vtk6,vtk7: Buster is no-dsa
Minor issue
- - - - -
48590d2c by Markus Koschany at 2022-09-04T07:43:45+02:00
CVE-2020-35538,libjpeg-turbo: Buster is no-dsa
Minor issue
- - - - -
405866c4 by Markus Koschany at 2022-09-04T07:45:18+02:00
Add libraw to dla-needed.txt
- - - - -
45d8d559 by Salvatore Bonaccorso at 2022-09-04T08:52:11+02:00
dsa-needed: Prepared update for poppler for bullseye
- - - - -
f99f6961 by Salvatore Bonaccorso at 2022-09-04T08:54:14+02:00
Track fixed version for CVE-2021-3508/pdfresurrect via unstable
- - - - -
fd4165de by security tracker role at 2022-09-04T08:10:18+00:00
automatic update
- - - - -
39f78857 by Salvatore Bonaccorso at 2022-09-04T10:21:54+02:00
Lower severity for CVE-2022-36640
If InfluxDB is deployed on publicly accessible endpoint, it is
recommended to enable authentication.
- - - - -
f21447e4 by Salvatore Bonaccorso at 2022-09-04T20:57:24+02:00
Add fixed version via unstable for CVE-2022-2735/pcs
- - - - -
1d077ae3 by Salvatore Bonaccorso at 2022-09-04T21:27:11+02:00
Track pending linux fixes via bullseye-pu
- - - - -
531ebb2a by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update curl meta-data
- - - - -
cc429809 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update glib2.0 meta-data
- - - - -
9e1330cb by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update imagemagick meta-data
- - - - -
2c956dc5 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update libraw meta-data
- - - - -
3ed71294 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update openexr meta-data
- - - - -
a7841dc5 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update poppler meta-data
- - - - -
591bf63f by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update python-oslo.utils meta-data
- - - - -
9d4fb228 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update samba meta-data
- - - - -
f620de97 by Anton Gladky at 2022-09-04T21:59:42+02:00
LTS: update vim meta-data
- - - - -
e918bff8 by security tracker role at 2022-09-04T20:10:16+00:00
automatic update
- - - - -
7d13e03a by Anton Gladky at 2022-09-04T22:20:07+02:00
LTS: update bluez meta-data
- - - - -
880b3fcc by Anton Gladky at 2022-09-04T22:47:23+02:00
Reserve DLA-3097-1 for thunderbird
- - - - -
d4e3e79b by Anton Gladky at 2022-09-04T22:54:18+02:00
Resurrect thunderbird (some more opened CVEs)
- - - - -
0922fdb6 by Markus Koschany at 2022-09-04T23:21:14+02:00
CVE-2022-2831,blender: Buster is not affected
The vulnerable code is not present
- - - - -
bf452474 by Markus Koschany at 2022-09-04T23:40:50+02:00
Add unzip and wkhtmltopdf to dla-needed.txt
- - - - -
d024398f by Markus Koschany at 2022-09-04T23:51:06+02:00
Reserve DLA-3098-1 for libmodbus
- - - - -
d2201231 by Markus Koschany at 2022-09-05T00:00:22+02:00
Add runc to dla-needed.txt
- - - - -
a154251a by Markus Koschany at 2022-09-05T00:13:54+02:00
Add libgoogle-gson-java to dla-needed.txt
- - - - -
0e2edf5f by Abhijith PA at 2022-09-05T08:52:16+05:30
Reserve DLA-3099-1 for qemu
- - - - -
ecc04bb4 by Salvatore Bonaccorso at 2022-09-05T06:53:04+02:00
Process one NFU
- - - - -
0fe0a4cf by Moritz Muehlenhoff at 2022-09-05T08:56:35+02:00
golang-github-blevesearch-bleve removed
- - - - -
b20351cc by security tracker role at 2022-09-05T08:10:15+00:00
automatic update
- - - - -
8ec4900f by Salvatore Bonaccorso at 2022-09-05T10:17:14+02:00
Add CVE-2022-39842/linux
- - - - -
cfd15d6c by Moritz Muehlenhoff at 2022-09-05T10:18:07+02:00
NFUs
- - - - -
a2d1ad5a by Moritz Muehlenhoff at 2022-09-05T10:48:13+02:00
recent zlib issue also fixed in libz-mingw-w64
- - - - -
16b896bb by Moritz Muehlenhoff at 2022-09-05T12:20:25+02:00
bullseye triage
- - - - -
3d79d450 by Salvatore Bonaccorso at 2022-09-05T12:24:36+02:00
Process some NFUs
- - - - -
7aedbba3 by Moritz Muehlenhoff at 2022-09-05T14:56:59+02:00
add more references for curl and linux
- - - - -
cdccbfc1 by Salvatore Bonaccorso at 2022-09-05T15:09:30+02:00
Mark CVE-2022-1882/linux as unimportant
- - - - -
9ec96416 by Moritz Muehlenhoff at 2022-09-05T15:25:22+02:00
NFUs
- - - - -
7faf5a55 by Salvatore Bonaccorso at 2022-09-05T15:48:57+02:00
Track fixed version via unstable for CVE-2022-0135/virglrenderer
- - - - -
eac39c6c by Salvatore Bonaccorso at 2022-09-05T15:48:58+02:00
Add upstream tag information for CVE-2022-0135
- - - - -
3fe0d32f by Moritz Muehlenhoff at 2022-09-05T16:59:40+02:00
bullseye triage
- - - - -
545f141d by Moritz Muehlenhoff at 2022-09-05T18:28:43+02:00
bullseye triage
- - - - -
719e0447 by Salvatore Bonaccorso at 2022-09-05T21:01:32+02:00
Process some NFUs
- - - - -
9bf7d976 by Salvatore Bonaccorso at 2022-09-05T21:02:33+02:00
Add two new pspp issues
- - - - -
2a1459be by Salvatore Bonaccorso at 2022-09-05T21:03:26+02:00
Add CVE-2022-25887/node-sanitize-html
- - - - -
7d7fae6b by Salvatore Bonaccorso at 2022-09-05T21:35:10+02:00
Add CVE-2022-25857/snakeyaml
- - - - -
7b0997e4 by Salvatore Bonaccorso at 2022-09-05T21:35:54+02:00
Add CVE-2022-25761/open62541, itp'ed
- - - - -
cf503442 by Salvatore Bonaccorso at 2022-09-05T21:36:31+02:00
Add CVE-2022-25304/python-opcua
- - - - -
8879196a by Salvatore Bonaccorso at 2022-09-05T21:37:10+02:00
Process two NFUs
- - - - -
e12105ff by Ola Lundqvist at 2022-09-05T21:42:21+02:00
Added a note about CVE-2021-32686.
- - - - -
b3da704c by Ola Lundqvist at 2022-09-05T21:43:31+02:00
Added pcs to dla-needed following decision for bullseye.
- - - - -
1b06a387 by Ola Lundqvist at 2022-09-05T21:53:36+02:00
Added a note for pcs pacakge.
- - - - -
fd264d04 by Salvatore Bonaccorso at 2022-09-05T21:54:17+02:00
Add Debian bug reference for CVE-2022-25857/snakeyaml
- - - - -
49e8a838 by Salvatore Bonaccorso at 2022-09-05T21:58:27+02:00
Add Debian bug reference for CVE-2022-25887/node-sanitize-html
- - - - -
e4b85c5c by security tracker role at 2022-09-05T20:10:22+00:00
automatic update
- - - - -
f887d2cc by Salvatore Bonaccorso at 2022-09-05T22:15:01+02:00
Process some NFUs
- - - - -
7a64dc9e by Salvatore Bonaccorso at 2022-09-05T22:17:40+02:00
Process some NFUs
- - - - -
9f317a5a by Ola Lundqvist at 2022-09-05T22:18:35+02:00
Added snort to dla-needed.
- - - - -
63f44573 by Salvatore Bonaccorso at 2022-09-05T22:23:26+02:00
Add CVE-2022-3123/dokuwiki
- - - - -
5fd615d7 by Salvatore Bonaccorso at 2022-09-05T22:33:30+02:00
Process some NFUs
- - - - -
f7e37108 by Salvatore Bonaccorso at 2022-09-05T22:40:22+02:00
Add CVE-2020-29260/libvncserver
- - - - -
da5178a8 by Salvatore Bonaccorso at 2022-09-05T22:47:12+02:00
Add Debian bug reference for CVE-2020-29260/libvncserver
- - - - -
4f047c4c by Anton Gladky at 2022-09-05T22:54:31+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
bd20945d by Ola Lundqvist at 2022-09-05T23:27:53+02:00
Marked CVE-2021-30130 for phpseclib and php-phpseclib as not affecterd in buster.
- - - - -
d0a466ec by Ola Lundqvist at 2022-09-05T23:47:33+02:00
Added sqlite3 to dla-needed since the issues are of normal severity and should be easy to fix.
- - - - -
59a03bab by Salvatore Bonaccorso at 2022-09-06T06:07:26+02:00
Revert "Marked CVE-2021-30130 for phpseclib and php-phpseclib as not affecterd in buster."
This reverts commit bd20945d085a7900698474a6185745db59a7d533.
It was fixed as well in the 1.x and 2.x series. The comment that it
affects only the 3.x series seems thus wrong. That said it would be
entirely be possible it does not affect the older versions, so might
just be a different description in the end. For now revert this commit
which is inline with the previous tracking.
- - - - -
41e81da1 by Salvatore Bonaccorso at 2022-09-06T06:11:22+02:00
Revert "Added a note about CVE-2021-32686."
This reverts commit e12105ff25a3c30ba7f72893a7d454302a2e1006.
The comment seems more suitable for a dla-needed note once it has been
fully triaged for the respective suite in case it remains to be
considered affected. Here it looks like an incomplete todo item for the
triagen and would look at the wrong place.
- - - - -
7a739569 by Salvatore Bonaccorso at 2022-09-06T06:20:58+02:00
Track fixed version for CVE-2022-3075/chromium via unstable
- - - - -
a9fd8591 by Salvatore Bonaccorso at 2022-09-06T06:25:30+02:00
Add Debian bug reference for CVE-2021-27815
- - - - -
d024cdf1 by Salvatore Bonaccorso at 2022-09-06T06:26:26+02:00
Track fixed version via unstable for CVE-2021-27815/exif
- - - - -
7e01e9fb by Salvatore Bonaccorso at 2022-09-06T06:33:00+02:00
Reference upstream commit for CVE-2022-33103
- - - - -
871dec6b by Salvatore Bonaccorso at 2022-09-06T06:44:23+02:00
Track fixed version for CVE-2022-33103/u-boot via unstable
- - - - -
d26929ec by Salvatore Bonaccorso at 2022-09-06T06:52:32+02:00
Track fixed version for CVE-2022-25887/node-sanitize-html via unstable
- - - - -
3ae6b522 by Alex Murray at 2022-09-06T14:23:30+09:30
cvelist.el: Only set indent-line-function locally
Otherwise the global value is overridden and then affects other buffers which
are not in debian-cvelist-mode.
Signed-off-by: Alex Murray <alex.murray at canonical.com>
- - - - -
922f2dfa by Salvatore Bonaccorso at 2022-09-06T08:51:22+02:00
Add CVE-2020-10735/python
- - - - -
5805f508 by Salvatore Bonaccorso at 2022-09-06T09:25:59+02:00
Process one NFU
- - - - -
fc339b92 by Salvatore Bonaccorso at 2022-09-06T09:27:55+02:00
Add CVE-2022-3008/tinygltf
- - - - -
09b69ce1 by Salvatore Bonaccorso at 2022-09-06T09:42:06+02:00
Add four snakeyaml issues
- - - - -
dbd718cc by security tracker role at 2022-09-06T08:10:21+00:00
automatic update
- - - - -
6c30c68a by Salvatore Bonaccorso at 2022-09-06T10:38:42+02:00
Mark CVE-2022-34747 as NFU
- - - - -
3bd73aac by Chris Lamb at 2022-09-06T13:09:04+01:00
Correct "issues" typo.
- - - - -
bfa9ae42 by Markus Koschany at 2022-09-06T19:02:45+02:00
Triage mediawiki/buster
The embedded Guzzle copy is not present in Buster
- - - - -
b59278eb by Sylvain Beucler at 2022-09-06T19:04:45+02:00
CVE-2021-22930,CVE-2021-22940/nodejs: reference issues and complete patch
- - - - -
1300eaef by Sylvain Beucler at 2022-09-06T19:11:44+02:00
CVE-2021-22939/nodejs: reference patch
- - - - -
74328a5a by Sylvain Beucler at 2022-09-06T19:38:57+02:00
CVE-2021-22959,CVE-2021-22960,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215/nodejs: buster not-affected
- - - - -
8fbe2ab6 by Moritz Muehlenhoff at 2022-09-06T18:58:38+00:00
Merge branch 'fix-cvelist-overriding-global-indentation' into 'master'
cvelist.el: Only set indent-line-function locally
See merge request security-tracker-team/security-tracker!115
- - - - -
215ec313 by Markus Koschany at 2022-09-06T21:06:36+02:00
Claim libgoogle-gson-java in dla-needed.txt
- - - - -
28c288bc by Salvatore Bonaccorso at 2022-09-06T21:24:33+02:00
Reserve DSA number for poppler update
- - - - -
c4d010a3 by Salvatore Bonaccorso at 2022-09-06T21:55:01+02:00
Mark CVE-2022-20399 as NFU, specific to Android kernel
Link: https://source.android.com/docs/security/bulletin/2022-09-01
- - - - -
16d145c3 by security tracker role at 2022-09-06T20:10:24+00:00
automatic update
- - - - -
a655ad42 by Moritz Mühlenhoff at 2022-09-06T22:17:14+02:00
pcs, chromium DSAs
- - - - -
8f7e9017 by Salvatore Bonaccorso at 2022-09-06T22:23:31+02:00
Remove notes from now (hopefully finally) rejected Android bulletin CVE
- - - - -
bd86a2fa by Salvatore Bonaccorso at 2022-09-06T22:26:53+02:00
Process some NFUs
- - - - -
d678175c by Ola Lundqvist at 2022-09-06T22:28:10+02:00
Marked quite a few golang issues as no-dsa for buster. Either with motivation minor issue or limited support depending on the severity of the CVE.
- - - - -
c9eff6a5 by Salvatore Bonaccorso at 2022-09-06T22:30:02+02:00
Process more NFUs
- - - - -
dfd22da5 by Salvatore Bonaccorso at 2022-09-06T22:36:19+02:00
Process NFUs
- - - - -
4e40d678 by Salvatore Bonaccorso at 2022-09-06T22:49:23+02:00
Add CVE-2022-27664/go
- - - - -
86bf9d63 by Salvatore Bonaccorso at 2022-09-06T22:53:10+02:00
Add CVE-2022-32190/go
- - - - -
5b6a4a2b by Ola Lundqvist at 2022-09-06T22:57:34+02:00
Added firmware-nonfree to dla-needed and at the same time removed some CVEs with non-free not supported for buster since firmware-nonfree is now an exception in LTS. Some CVEs got their no-dsa description adjusted instead.
- - - - -
3e1acc24 by Ola Lundqvist at 2022-09-06T23:03:38+02:00
Marked CVE-2022-37434 for libz-mingw-w64 as no-dsa with motivation minor issue following the analysis for bullseye.
- - - - -
b457154a by Ola Lundqvist at 2022-09-06T23:05:39+02:00
Marked CVE-2022-2962 for qemu as no-dsa in buster with motivation minor issue following the analysis for bullseye.
- - - - -
a65ad595 by Ola Lundqvist at 2022-09-06T23:07:59+02:00
Marked CVE-2020-10688 for resteasy as no-dsa in buster with motivation minor issue following the analysis for bullseye.
- - - - -
65aca7e5 by Ola Lundqvist at 2022-09-06T23:10:53+02:00
Marked CVE-2022-25648 for ruby-git as no-dsa in buster with motivation minor issue following the analysis for bullseye.
- - - - -
b8f1a972 by Ola Lundqvist at 2022-09-06T23:16:17+02:00
Marked CVE-2022-36144 and CVE-2022-36139 for swfmill as no-dsa in buster with motivation minor issue following the analysis for bullseye.
- - - - -
56b1879f by Ola Lundqvist at 2022-09-06T23:19:56+02:00
Marked CVE-2022-2867, CVE-2022-2868 and CVE-2022-2869 for tiff as no-dsa in buster with motivation minor issue following the analysis for bullseye..
- - - - -
178635f8 by Ola Lundqvist at 2022-09-06T23:20:48+02:00
Marked CVE-2019-25058 for usbguard as no-dsa in buster with motivation minor issue following the analysis for bullseye.
- - - - -
de10c4e2 by Ola Lundqvist at 2022-09-06T23:27:02+02:00
Marked CVE-2021-3514 for 389-ds-base as no-dsa in buster with motivation minor issue. This follows the decision made earlier for stretch. For bullseye it was fixed but since the issue was considered minor for strech there is no reason why a backport should be made in buster.
- - - - -
027eab42 by Ola Lundqvist at 2022-09-06T23:31:55+02:00
Added libxslt to dla-needed following decision for bullseye.
- - - - -
16e67227 by Ola Lundqvist at 2022-09-06T23:35:57+02:00
Marked CVE-2021-30130 as not affected in buster for php-phpseclib and phpseclib.
- - - - -
c6a9d207 by Ola Lundqvist at 2022-09-06T23:38:54+02:00
Marked CVE-2021-32740 for ruby-addressable as no-dsa in buster with motivation minor issue. This follows the decision made earlier for stretch. For bullseye it was fixed but since the issue was considered minor for strech there is no reason why a backport should be made in buster.
- - - - -
12737123 by Ola Lundqvist at 2022-09-06T23:43:03+02:00
Added trafficserver to dla-needed following decision for bullseye.
- - - - -
45919888 by Salvatore Bonaccorso at 2022-09-07T06:16:19+02:00
Track fixed version for CVE-2021-4156/libsndfile via unstable
- - - - -
403edb08 by Salvatore Bonaccorso at 2022-09-07T06:17:17+02:00
Revert "Marked CVE-2021-30130 as not affected in buster for php-phpseclib and phpseclib."
This reverts commit 16e672276cedba5df6867af30bdf216ca32b4721.
See commit 59a03babf1e8e9dd14d6afe7d884ea6e70e528d7.
- - - - -
449e4908 by security tracker role at 2022-09-07T08:10:12+00:00
automatic update
- - - - -
4657050e by Salvatore Bonaccorso at 2022-09-07T10:16:16+02:00
Remove note from rejected CVE entry for previously in Android security bulletin
- - - - -
c8494410 by Salvatore Bonaccorso at 2022-09-07T10:19:16+02:00
Add CVE-2022-3134/vim
- - - - -
f9e69ae1 by Salvatore Bonaccorso at 2022-09-07T10:30:10+02:00
Add CVE-2022-38530/gpac
- - - - -
d833097d by Salvatore Bonaccorso at 2022-09-07T10:30:57+02:00
Add CVE-2022-38529/tinyexr
- - - - -
e3fe0835 by Salvatore Bonaccorso at 2022-09-07T10:32:51+02:00
Process NFUs
- - - - -
7a464bbc by Markus Koschany at 2022-09-07T10:47:20+02:00
Reserve DLA-3100-1 for libgoogle-gson-java
- - - - -
4fc37148 by Emilio Pozuelo Monfort at 2022-09-07T11:29:24+02:00
lts: triage thunderbird 102.x CVEs for buster
- - - - -
aa62fa10 by Moritz Muehlenhoff at 2022-09-07T11:31:45+02:00
bullseye triage
- - - - -
4d28a6d6 by Moritz Muehlenhoff at 2022-09-07T11:33:32+02:00
NFUs
- - - - -
390de285 by Markus Koschany at 2022-09-07T12:15:44+02:00
Reserve DSA-5227-1
- - - - -
dc036e00 by Ola Lundqvist at 2022-09-07T20:13:18+02:00
Marked CVE-2022-38531 affecting gpac as EOL for buster LTS.
- - - - -
d9e1d291 by Ola Lundqvist at 2022-09-07T20:19:12+02:00
Marked a few more CVEs as no-dsa since we have limited support for golang in buster.
- - - - -
516cff0c by Salvatore Bonaccorso at 2022-09-07T21:06:23+02:00
Add CVE-2022-38528/assimp
- - - - -
59a6f38c by Salvatore Bonaccorso at 2022-09-07T21:15:27+02:00
Process several NFUs
- - - - -
85c8e985 by Ola Lundqvist at 2022-09-07T21:23:00+02:00
Added node-tar to dla-needed.
- - - - -
d5609e71 by Salvatore Bonaccorso at 2022-09-07T21:52:44+02:00
Add Debian bug reference for CVE-2022-3008/tinygltf
- - - - -
dbc91343 by Ola Lundqvist at 2022-09-07T22:06:08+02:00
Marked CVE-2022-36059 affecting node-matrix-js-sdk as no-dsa in buster with motivation minor issue.
- - - - -
2b0122c6 by Ola Lundqvist at 2022-09-07T22:06:09+02:00
Marked CVE-2022-39831 CVE-2022-39832 affecting pspp as no-dsa in buster with motivation minor issue.
- - - - -
6dc29d2d by Ola Lundqvist at 2022-09-07T22:06:10+02:00
Marked CVE-2022-25304 affecting python-opcua as no-dsa in buster with motivation minor issue.
- - - - -
c87f2585 by Ola Lundqvist at 2022-09-07T22:06:12+02:00
Marked CVE-2022-0692 and CVE-2022-0687 affecting node-url-parse as no-dsa with motivation minor issue. Authentication bypass is generally a bad thing but since there are previous CVEs with the same severity classified as no-dsa there is no point in fixing the new ones without fixing the old.
- - - - -
6d62b728 by Ola Lundqvist at 2022-09-07T22:06:13+02:00
Marked CVE-2020-29260 affecting libvncserver as no-dsa with motivation minor issue.
- - - - -
82887e57 by security tracker role at 2022-09-07T20:10:19+00:00
automatic update
- - - - -
65350f7f by Salvatore Bonaccorso at 2022-09-07T22:11:54+02:00
Add Debian bug reference for CVE-2022-36647/davs2
- - - - -
dc571e0c by Salvatore Bonaccorso at 2022-09-07T22:16:32+02:00
Process one NFU
- - - - -
c398f21f by Salvatore Bonaccorso at 2022-09-07T22:25:38+02:00
Process NFUs
- - - - -
cbbe1127 by Salvatore Bonaccorso at 2022-09-07T22:28:25+02:00
Add CVE-2022-40023/mako
- - - - -
985e30da by Ola Lundqvist at 2022-09-07T22:37:23+02:00
Marked CVE-2022-35019 affecting advancecomp as no-dsa with motivation minor issue.
- - - - -
a21a11d9 by Salvatore Bonaccorso at 2022-09-07T22:38:19+02:00
Adjust firefox-esr version for CVE-2022-38476 fix via unstable
- - - - -
74fd1615 by Moritz Muehlenhoff at 2022-09-08T08:54:13+02:00
pcs n/a for buster
- - - - -
ac71ff77 by security tracker role at 2022-09-08T08:10:12+00:00
automatic update
- - - - -
a4a707f2 by Salvatore Bonaccorso at 2022-09-08T10:14:31+02:00
Process some Tenda specific NFUs
- - - - -
4ce5eb00 by Salvatore Bonaccorso at 2022-09-08T10:43:49+02:00
Process some NFUs
- - - - -
ae195ade by Salvatore Bonaccorso at 2022-09-08T10:45:12+02:00
Process one NFU
- - - - -
ef8178a7 by Emilio Pozuelo Monfort at 2022-09-08T13:01:31+02:00
lts: take libxslt
- - - - -
97c1c416 by Chris Lamb at 2022-09-08T12:52:33+01:00
data/dla-needed.txt: Claim sqlite3.
- - - - -
f6e03630 by Chris Lamb at 2022-09-08T12:56:51+01:00
data/dla-needed.txt: Claim connman.
- - - - -
e68a0896 by Chris Lamb at 2022-09-08T12:56:59+01:00
data/dla-needed.txt: Claim python-oslo.utils.
- - - - -
669b96c5 by Salvatore Bonaccorso at 2022-09-08T17:54:47+02:00
Track fixed version for CVE-2022-38784/poppler via unstable
- - - - -
bbb9e1e2 by Moritz Muehlenhoff at 2022-09-08T19:43:37+02:00
tinygltf fixed in sid
- - - - -
45be27c2 by Salvatore Bonaccorso at 2022-09-08T21:44:11+02:00
Process some NFUs
- - - - -
7edf082c by security tracker role at 2022-09-08T20:10:25+00:00
automatic update
- - - - -
18d1af4e by Salvatore Bonaccorso at 2022-09-08T22:16:16+02:00
Process one NFU
- - - - -
d8982c16 by Salvatore Bonaccorso at 2022-09-08T22:21:25+02:00
Add CVE-2022-3153/vim
- - - - -
9c99554d by Salvatore Bonaccorso at 2022-09-08T22:22:40+02:00
Mark CVE-2022-3153 as unimportant
- - - - -
ab0f605b by Salvatore Bonaccorso at 2022-09-08T22:23:42+02:00
Process some NFUs
- - - - -
9e1a55cd by Valentin Vidic at 2022-09-08T22:39:58+02:00
Claim pcs in dla-needed.txt
- - - - -
4399d13c by Salvatore Bonaccorso at 2022-09-08T22:45:01+02:00
Add notes for CVE-2022-36069 and CVE-2022-36070
- - - - -
a8946470 by Salvatore Bonaccorso at 2022-09-09T06:27:39+02:00
Add CVE-2022-38060/kolla, itp'ed
- - - - -
3b4bb8cb by Salvatore Bonaccorso at 2022-09-09T06:41:01+02:00
Track fixed version for two tinyexr issues
- - - - -
aba0ccc2 by Salvatore Bonaccorso at 2022-09-09T07:01:06+02:00
Review list for final point release for buster
- - - - -
0d67df40 by Ola Lundqvist at 2022-09-09T07:50:10+02:00
Marked all open CVEs for package aom as no-dsa with motivation minor issue in buster.
- - - - -
e6a12f33 by Ola Lundqvist at 2022-09-09T07:50:12+02:00
Marked CVE-2020-20288 as no-dsa in buster.
- - - - -
bf29af6f by Ola Lundqvist at 2022-09-09T07:57:05+02:00
Added phpseclib and php-phpseclib to dla-needed.
- - - - -
4686a5af by Ola Lundqvist at 2022-09-09T08:03:12+02:00
Updated the order of how issues are shown in lts-cve-triage command. The reason is that it is more important to triage new potentially severe issues rather than to re-triage issues that have already been triaged once.
- - - - -
7eb18346 by Salvatore Bonaccorso at 2022-09-09T08:11:33+02:00
Review list for upcoming bullseye point release
- - - - -
c5ae7d5f by Ola Lundqvist at 2022-09-09T08:12:36+02:00
Added paramiko to dla-needed.
- - - - -
da509ec3 by Ola Lundqvist at 2022-09-09T08:20:47+02:00
Added mariadb-10.3 to dla-needed. There are no known urgent CVEs but the share volume of issues warrants a fix. May be fixed at the same time as for bullseye and that is likely to be in a point release.
- - - - -
57788dbe by security tracker role at 2022-09-09T08:10:16+00:00
automatic update
- - - - -
829a783e by Salvatore Bonaccorso at 2022-09-09T10:19:08+02:00
Add CVE-2022-40307/linux
- - - - -
dc45211d by Salvatore Bonaccorso at 2022-09-09T10:25:54+02:00
Process some NFUs
- - - - -
eb455f02 by Salvatore Bonaccorso at 2022-09-09T10:27:38+02:00
Add CVE-2022-40299/singular
- - - - -
f5099df7 by Salvatore Bonaccorso at 2022-09-09T11:36:38+02:00
Add CVE-2019-25076/openvswitch
- - - - -
cacc85a3 by Moritz Muehlenhoff at 2022-09-09T11:49:27+02:00
bullseye triage
- - - - -
db0b2ebc by Abhijith PA at 2022-09-09T18:11:02+05:30
Re add rails to dla-needed.txt, regression
- - - - -
f85c5a06 by Emilio Pozuelo Monfort at 2022-09-09T14:55:49+02:00
Reserve DLA-3101-1 for libxslt
- - - - -
69128059 by Moritz Muehlenhoff at 2022-09-09T17:00:17+02:00
add webkit exploit reference
- - - - -
f3ffe012 by Moritz Muehlenhoff at 2022-09-09T17:04:27+02:00
two tinyexr issues n/a
- - - - -
f5cc4d53 by Salvatore Bonaccorso at 2022-09-09T17:42:28+02:00
Add pull request reference for CVE-2022-34300
- - - - -
1b0a9a8f by Salvatore Bonaccorso at 2022-09-09T17:43:12+02:00
Add upstream tag information for two upstream commits for tinyexr
- - - - -
4262d9bd by Salvatore Bonaccorso at 2022-09-09T17:48:29+02:00
Update information on CVE-2020-28589/tinyobjloader
- - - - -
2a929232 by Moritz Muehlenhoff at 2022-09-09T21:10:30+02:00
rust-anymap removed from sid
- - - - -
8674c9ab by Salvatore Bonaccorso at 2022-09-09T21:16:58+02:00
Remove one entry which does not belong to the source package
- - - - -
1d62d525 by Salvatore Bonaccorso at 2022-09-09T21:21:16+02:00
Remove two more CVE associated which are untracked for otherwise for twisted
- - - - -
ee4a337a by Salvatore Bonaccorso at 2022-09-09T21:26:58+02:00
Fix typo in CVE identifier for unrar-nonfree entry
- - - - -
aeeae369 by security tracker role at 2022-09-09T20:10:22+00:00
automatic update
- - - - -
cca8ccb1 by Salvatore Bonaccorso at 2022-09-09T22:32:39+02:00
Process one NFU
- - - - -
20f29a7c by Salvatore Bonaccorso at 2022-09-09T22:39:21+02:00
Process some NFUs
- - - - -
f4f8c099 by Salvatore Bonaccorso at 2022-09-09T22:39:59+02:00
Add CVE-2022-3147/mattermost-server
- - - - -
acd6ce74 by Salvatore Bonaccorso at 2022-09-09T22:49:38+02:00
Add CVE-2022-3169/linux
- - - - -
0b7e029b by Salvatore Bonaccorso at 2022-09-09T22:58:23+02:00
Update information on CVE-2022-3077 and CVE-2022-2873
- - - - -
d1bf2526 by Salvatore Bonaccorso at 2022-09-09T23:13:49+02:00
Expand TODO item for four CVEs, unclear if specific to OpenAnolis
- - - - -
4cc68240 by Salvatore Bonaccorso at 2022-09-10T09:35:57+02:00
Mark CVE-2022-36085 as NFU
- - - - -
d4ab5681 by Salvatore Bonaccorso at 2022-09-10T09:39:47+02:00
Add CVE-2022-3167/rdiffweb
- - - - -
58302930 by Salvatore Bonaccorso at 2022-09-10T09:40:16+02:00
Reassociate old CVE with rdiffweb, itp'ed
- - - - -
cec9608a by Salvatore Bonaccorso at 2022-09-10T09:55:04+02:00
Process some NFUs
- - - - -
9c13ec15 by security tracker role at 2022-09-10T08:10:19+00:00
automatic update
- - - - -
a1c1edcc by Salvatore Bonaccorso at 2022-09-10T10:28:21+02:00
Reorder one mbedtls entry down the list
- - - - -
f9933e50 by Salvatore Bonaccorso at 2022-09-10T10:29:58+02:00
Merge changes accepted for bullseye 11.5 release
- - - - -
77d7165a by Salvatore Bonaccorso at 2022-09-10T10:33:06+02:00
Remove ignored elog entry as not removed as well from buster
- - - - -
fc119db4 by Salvatore Bonaccorso at 2022-09-10T08:34:23+00:00
Merge branch 'bullseye-11.5' into 'master'
Merge changes accepted for bullseye 11.5 release
See merge request security-tracker-team/security-tracker!116
- - - - -
043e5c1a by Salvatore Bonaccorso at 2022-09-10T10:41:34+02:00
Add CVE-2022-40320/libconfuse
- - - - -
6430bbf1 by Salvatore Bonaccorso at 2022-09-10T11:10:22+02:00
Process NFUs
- - - - -
36199c34 by Salvatore Bonaccorso at 2022-09-10T11:45:02+02:00
CVE-2020-10735: Replace upstream branch information with tag references
- - - - -
e9280ab8 by Salvatore Bonaccorso at 2022-09-10T11:45:37+02:00
Track fixed version via unstable for CVE-2020-10735/python3.10
- - - - -
33265aca by Salvatore Bonaccorso at 2022-09-10T12:42:03+02:00
Merge changes accepted for buster 10.13 release
- - - - -
c530f7b2 by Salvatore Bonaccorso at 2022-09-10T13:42:49+02:00
Add CVE-2021-37819/pdftk
- - - - -
21b19a8b by Salvatore Bonaccorso at 2022-09-10T12:53:55+00:00
Merge branch 'buster-10.13' into 'master'
Merge changes accepted for buster 10.13 release
See merge request security-tracker-team/security-tracker!117
- - - - -
499dc10d by Salvatore Bonaccorso at 2022-09-10T16:18:12+02:00
Add CVE-2022-36087/python-oauthlib
Note that the information from GHSA seems wrong, the issue has not been
patched in v3.2.1 upstream.
- - - - -
92de00e7 by Salvatore Bonaccorso at 2022-09-10T16:23:44+02:00
Process several NFUs
- - - - -
4c1a30ab by Roberto C. Sánchez at 2022-09-10T19:12:51-04:00
LTS: drop apache2 from dla-needed.txt, as it was just released in the buster point release today
- - - - -
a46275c6 by Chris Lamb at 2022-09-11T09:39:18+01:00
data/dla-needed.txt: Correct ordering
- - - - -
8a31b51c by Chris Lamb at 2022-09-11T09:40:07+01:00
data/dla-needed.txt: Claim paramiko.
- - - - -
398135e8 by Henri Salo at 2022-09-11T12:21:13+03:00
NFU
- - - - -
741d50cc by Markus Koschany at 2022-09-11T13:10:52+02:00
Mark version 1.2.22+ds-1 of kanboard as fixed in unstable
- - - - -
81100da7 by Salvatore Bonaccorso at 2022-09-11T14:27:57+02:00
Adjust tracking for kanboard landing in unstable
All issues were fixed in a version before the initial upload to Debian,
and never an issue with the source in Debian. As such mark those as
not-affected with our Fixed before initial upload to Debian reason.
- - - - -
9e779390 by Salvatore Bonaccorso at 2022-09-11T16:02:17+02:00
Reserve DSA number for gdk-pixbuf update
- - - - -
718327ea by Salvatore Bonaccorso at 2022-09-11T16:19:32+02:00
Add CVE-2022-37186/lemonldap-ng
- - - - -
457a30f5 by Salvatore Bonaccorso at 2022-09-11T16:30:32+02:00
Update information for CVE-2022-37186/lemonldap-ng
- - - - -
e8aafa8f by Salvatore Bonaccorso at 2022-09-11T20:59:32+02:00
Mark CVE-2022-37186/lemonldap-ng as no-dsa
- - - - -
4053740f by Ben Hutchings at 2022-09-11T21:10:50+02:00
Reserve DLA-3102-1 for linux-5.10
- - - - -
c70e639d by Anton Gladky at 2022-09-11T21:38:07+02:00
Fis formatting in dla-needed.txt
- - - - -
4b503835 by Anton Gladky at 2022-09-11T21:39:15+02:00
Fix merge conflicts
- - - - -
dc352c6c by Anton Gladky at 2022-09-11T22:08:02+02:00
Mark lxd-issues as not-affected.
- - - - -
57351cea by security tracker role at 2022-09-11T20:10:21+00:00
automatic update
- - - - -
ee918a8d by Ola Lundqvist at 2022-09-11T22:50:24+02:00
Added openvswitch to dla-needed. There is no known fix for the problem. The paper suggest a short term workaround to be implemented and long term to change to an alternative algorithm. Both seems complicated.
- - - - -
6f515f11 by Ola Lundqvist at 2022-09-11T22:50:24+02:00
Added wordpress to dla-needed with a note that further work is needed to figure out what parts of 6.0.2 release applies to buster.
- - - - -
a901342b by Ola Lundqvist at 2022-09-11T23:17:21+02:00
Added mako to dla-needed.
- - - - -
7834b9ee by Thorsten Alteholz at 2022-09-11T23:33:16+02:00
update note
- - - - -
35f425ae by Ola Lundqvist at 2022-09-11T23:35:20+02:00
Added python-django to dla-needed with the motivatioon that some issues was fixed in stretch so it should be fixed for buster too.
- - - - -
6983a3cc by Ola Lundqvist at 2022-09-11T23:45:19+02:00
Added ruby-nokogiri to dla-needed with the motivation that the package was fixed in stretch.
- - - - -
138c6f71 by Ola Lundqvist at 2022-09-11T23:50:42+02:00
Added ruby-sinatra to dla-needed.
- - - - -
553b006f by Ola Lundqvist at 2022-09-12T00:01:36+02:00
Added zabbix to dla-needed with the motivation that some CVE was fixed in stretch.
- - - - -
83635025 by Anton Gladky at 2022-09-12T07:09:02+02:00
Add nova into the dla-needed.txt
- - - - -
8cf95820 by Salvatore Bonaccorso at 2022-09-12T08:40:55+02:00
Add CVE-2022-3170/linux
- - - - -
04a7abc6 by Salvatore Bonaccorso at 2022-09-12T08:42:42+02:00
Add CVE-2022-36109/docker.io
- - - - -
fb67aae6 by security tracker role at 2022-09-12T08:10:34+00:00
automatic update
- - - - -
bfcda862 by Sylvain Beucler at 2022-09-12T10:26:29+02:00
dla: last buster point release is out, drop conflict caution note
- - - - -
5efa5035 by Emilio Pozuelo Monfort at 2022-09-12T10:59:30+02:00
Reserve DLA-3103-1 for zlib
- - - - -
a0c87c12 by Moritz Muehlenhoff at 2022-09-12T11:35:58+02:00
two qemu issues fixed, mark one of them as a non issue
- - - - -
69912ff0 by Chris Lamb at 2022-09-12T10:41:06+01:00
Reserve DLA-3104-1 for paramiko
- - - - -
e18a68a1 by Stefano Rivera at 2022-09-12T13:27:31+02:00
Record netatalk status
- - - - -
d77e9778 by Salvatore Bonaccorso at 2022-09-12T13:52:41+02:00
Process some NFUs
- - - - -
a09bf999 by Sylvain Beucler at 2022-09-12T14:13:12+02:00
dla: add node-thenify
- - - - -
bd463e40 by Sylvain Beucler at 2022-09-12T14:14:19+02:00
dla: update nodejs status
- - - - -
39444394 by Moritz Muehlenhoff at 2022-09-12T15:57:12+02:00
bullseye triage
- - - - -
2f4eb004 by Moritz Muehlenhoff at 2022-09-12T16:42:29+02:00
NFUs
- - - - -
75eb145d by Salvatore Bonaccorso at 2022-09-12T20:43:02+02:00
dd upstream tag information for CVE-2022-35414
- - - - -
43e2a7ba by Salvatore Bonaccorso at 2022-09-12T20:44:03+02:00
Add upstream commit references for CVE-2022-0216/qemu
- - - - -
3cb36217 by Moritz Muehlenhoff at 2022-09-12T20:44:50+02:00
dokuwiki n/a
- - - - -
26a66ac9 by Moritz Muehlenhoff at 2022-09-12T20:45:54+02:00
cherrytree n/a
- - - - -
429e9dd6 by Salvatore Bonaccorso at 2022-09-12T20:48:09+02:00
Fix typo in NFU note
- - - - -
54f1474b by Salvatore Bonaccorso at 2022-09-12T20:50:17+02:00
Add Debian bug reference for CVE-2022-2989/libpod
- - - - -
1c4dfecb by Salvatore Bonaccorso at 2022-09-12T20:53:05+02:00
Add Debian bug references for vim issues
- - - - -
1038d615 by Salvatore Bonaccorso at 2022-09-12T20:55:17+02:00
Add Debian bug references for dpdk issues
- - - - -
1b6a97ab by Salvatore Bonaccorso at 2022-09-12T20:58:56+02:00
Add Debian bug references for advancecomp issues
- - - - -
e992e0fc by Salvatore Bonaccorso at 2022-09-12T21:06:57+02:00
Add upstream tag information for CVE-2019-17546/gdal
- - - - -
55d75608 by Salvatore Bonaccorso at 2022-09-12T21:08:32+02:00
Track fixed version for CVE-2019-17546/gdal via unstable
- - - - -
c6cd35d9 by Salvatore Bonaccorso at 2022-09-12T21:09:34+02:00
Add upstream tag information for CVE-2019-17546/tiff
- - - - -
53c4f774 by Salvatore Bonaccorso at 2022-09-12T21:11:32+02:00
Track fixed version for CVE-2020-10735/python3.11 via unstable
- - - - -
92a3f202 by Salvatore Bonaccorso at 2022-09-12T21:12:09+02:00
Record upstream tag information for CVE-2020-10735 for python 3.11
- - - - -
253fc075 by Salvatore Bonaccorso at 2022-09-12T21:21:04+02:00
Add CVE-2022-36083/node-jose
- - - - -
c696f296 by Salvatore Bonaccorso at 2022-09-12T21:27:25+02:00
Process some NFUs
- - - - -
0f5017bf by Salvatore Bonaccorso at 2022-09-12T21:29:47+02:00
Mark CVE-2022-31251 as not-affected
The CVE is for a SUSE specific packaging issue for the testsuite. As
such only look at slurm-wlm for marking it not-affected and ignore the
renamed source package (slurm-llnl).
- - - - -
808574be by Salvatore Bonaccorso at 2022-09-12T21:31:57+02:00
Add CVE-2022-31149/activitywatch, itp'ed
- - - - -
065e552d by security tracker role at 2022-09-12T20:10:19+00:00
automatic update
- - - - -
8d46c624 by Salvatore Bonaccorso at 2022-09-12T22:17:49+02:00
Add CVE-2022-3178 (and update CVE-2022-30976 notes)
- - - - -
ac4c452a by Salvatore Bonaccorso at 2022-09-12T22:21:03+02:00
Process some NFUs
- - - - -
88ee8855 by Salvatore Bonaccorso at 2022-09-12T22:25:41+02:00
Add CVE-2022-37797/lighttpd
- - - - -
30bc6ef3 by Anton Gladky at 2022-09-12T22:27:01+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
3c450ca7 by Moritz Muehlenhoff at 2022-09-12T22:58:12+02:00
bugnums
- - - - -
0f46f8d6 by Salvatore Bonaccorso at 2022-09-13T07:21:41+02:00
Track fixed version for CVE-2022-40320/libconfuse via unstable
- - - - -
45d43174 by Salvatore Bonaccorso at 2022-09-13T07:23:49+02:00
Track fixed version for golang-1.19 issues via unstable
- - - - -
a21d6714 by Salvatore Bonaccorso at 2022-09-13T07:24:59+02:00
Track fixed version for CVE-2022-1304/e2fsprogs via unstable
- - - - -
3c05ffa8 by Abhijith PA at 2022-09-13T11:47:29+05:30
Reclaim sox
- - - - -
b60bef9d by Sylvain Beucler at 2022-09-13T08:48:32+02:00
CVE-2020-10735/python3.7: buster postponed
- - - - -
c3b20911 by Emilio Pozuelo Monfort at 2022-09-13T09:53:21+02:00
lts: take mariadb-10.3
- - - - -
b93705fc by Emilio Pozuelo Monfort at 2022-09-13T09:54:54+02:00
lts: take nova
- - - - -
fdaedd28 by Sylvain Beucler at 2022-09-13T09:57:42+02:00
CVE-2022-1705/golang: buster not-affected
- - - - -
48b5b24a by security tracker role at 2022-09-13T08:10:17+00:00
automatic update
- - - - -
0d8b843c by Chris Lamb at 2022-09-13T09:20:02+01:00
Reserve DLA-3105-1 for connman
- - - - -
43c4475b by Sylvain Beucler at 2022-09-13T10:23:12+02:00
dla: add gdal
- - - - -
bdee6244 by Salvatore Bonaccorso at 2022-09-13T10:32:30+02:00
Process some NFUs
- - - - -
dc9d798f by Utkarsh Gupta at 2022-09-13T14:08:30+05:30
Take packages
- - - - -
c1b25054 by Moritz Muehlenhoff at 2022-09-13T10:51:57+02:00
ruby-mechanize fixed in sid
- - - - -
cefce46c by Sylvain Beucler at 2022-09-13T11:00:44+02:00
dla: add pluxml
- - - - -
36fe0037 by Sylvain Beucler at 2022-09-13T11:00:46+02:00
nvidia-graphics-drivers: no-dsa->ignored to precise triage for lts-cve-triage.py
- - - - -
469aeac5 by Sylvain Beucler at 2022-09-13T11:10:07+02:00
dla: add glibc
- - - - -
24f84ec8 by Emilio Pozuelo Monfort at 2022-09-13T11:24:02+02:00
lts: take glib2.0
- - - - -
96ad99b3 by Moritz Muehlenhoff at 2022-09-13T13:17:59+02:00
new leptonlib issue
NFUs
- - - - -
8fb35876 by Moritz Muehlenhoff at 2022-09-13T13:31:01+02:00
NFUs
- - - - -
93b84abf by Chris Lamb at 2022-09-13T14:13:36+01:00
Reserve DLA-3106-1 for python-oslo.utils
- - - - -
bc7b3c1c by Chris Lamb at 2022-09-13T15:19:13+01:00
Reserve DLA-3107-1 for sqlite3
- - - - -
e0e1200b by Sylvain Beucler at 2022-09-13T17:56:32+02:00
CVE-2021-33193/apache2: link patches from distros with close versions
- - - - -
9534dd1f by Sylvain Beucler at 2022-09-13T18:27:55+02:00
dla: add dovecot
- - - - -
e4db1453 by Sylvain Beucler at 2022-09-13T18:59:18+02:00
dla: add rainloop
- - - - -
db27c8b6 by Sylvain Beucler at 2022-09-13T19:16:30+02:00
dla: add notes for rainloop
- - - - -
ff5ec504 by Salvatore Bonaccorso at 2022-09-13T20:43:27+02:00
Track fixed version for two qemu issues in 1:7.1+dfsg-2
- - - - -
d53db595 by Salvatore Bonaccorso at 2022-09-13T20:44:52+02:00
Track fixed version via unstable for CVE-2020-14394/qemu
- - - - -
fadb3f00 by Salvatore Bonaccorso at 2022-09-13T20:45:48+02:00
Record upstream commit for CVE-2020-14394/qemu
- - - - -
9136d6c0 by Salvatore Bonaccorso at 2022-09-13T20:54:43+02:00
Add upstream tag reference for CVE-2022-38266
- - - - -
6d8532d3 by Salvatore Bonaccorso at 2022-09-13T21:20:29+02:00
Mark CVE-2022-39200 as NFU
- - - - -
19105702 by Salvatore Bonaccorso at 2022-09-13T21:23:59+02:00
Mark CVE-2022-37734 as NFU
- - - - -
3435fee2 by Salvatore Bonaccorso at 2022-09-13T21:26:22+02:00
Mark CVE-2022-37300 as NFU
- - - - -
c3de84fe by Salvatore Bonaccorso at 2022-09-13T21:29:21+02:00
Process two more NFUs
- - - - -
019fee87 by security tracker role at 2022-09-13T20:10:23+00:00
automatic update
- - - - -
dda70817 by Salvatore Bonaccorso at 2022-09-13T22:16:57+02:00
Process some NFUs
- - - - -
8a1d2c75 by Salvatore Bonaccorso at 2022-09-13T22:24:41+02:00
Add CVE-2021-4064{7,8}/man2html
- - - - -
2cb6fa5c by Salvatore Bonaccorso at 2022-09-13T22:25:47+02:00
Add Debian bug reference for CVE-2022-36087
- - - - -
76408d33 by Salvatore Bonaccorso at 2022-09-13T22:32:49+02:00
Process several NFUs
- - - - -
bcbde15f by Salvatore Bonaccorso at 2022-09-13T22:34:04+02:00
Add CVE-2022-3190/wireshark
- - - - -
65608374 by Salvatore Bonaccorso at 2022-09-13T22:34:40+02:00
Add new rdiffweb issues, itp'ed
- - - - -
ec7bf776 by Salvatore Bonaccorso at 2022-09-13T22:48:56+02:00
Add CVE-2022-3029/routinator
- - - - -
291553f3 by Moritz Mühlenhoff at 2022-09-13T22:51:22+02:00
freecad DSA
- - - - -
638d973c by Salvatore Bonaccorso at 2022-09-14T08:48:27+02:00
Mark ntp as removed from unstable
- - - - -
f461908b by Salvatore Bonaccorso at 2022-09-14T08:53:36+02:00
Add CVE-2022-3202/linux
- - - - -
738a74e3 by Salvatore Bonaccorso at 2022-09-14T08:58:25+02:00
Mark CVE-2022-3193 as NFU
- - - - -
0edd7b03 by Salvatore Bonaccorso at 2022-09-14T09:02:23+02:00
Add CVE-2022-1278/wildfly
- - - - -
bb1d5493 by Moritz Muehlenhoff at 2022-09-14T09:55:36+02:00
two samba issues fixed in experimental
- - - - -
78a370a2 by security tracker role at 2022-09-14T08:10:18+00:00
automatic update
- - - - -
acf44d90 by Salvatore Bonaccorso at 2022-09-14T10:47:53+02:00
Add CVE-2022-40674/expat
- - - - -
9a6e6739 by Moritz Muehlenhoff at 2022-09-14T10:49:07+02:00
new enlightenment issue
- - - - -
a644df52 by Salvatore Bonaccorso at 2022-09-14T10:51:02+02:00
Record upstream commit for CVE-2022-40674
- - - - -
2f02e3cb by Salvatore Bonaccorso at 2022-09-14T10:52:10+02:00
Process some NFUs
- - - - -
343cfa65 by Salvatore Bonaccorso at 2022-09-14T11:00:32+02:00
Process some NFUs
- - - - -
9a0d5201 by Salvatore Bonaccorso at 2022-09-14T11:04:14+02:00
Process some NFUs
- - - - -
54b2c084 by Moritz Muehlenhoff at 2022-09-14T12:24:25+02:00
NFU, concludes external check
- - - - -
0dcf6a2e by Salvatore Bonaccorso at 2022-09-14T13:04:30+02:00
Move CVE-2022-1748 to a NFU entry
- - - - -
3f9df9b5 by Emilio Pozuelo Monfort at 2022-09-14T14:05:46+02:00
lts: take bzip2
- - - - -
e5e33f82 by Sylvain Beucler at 2022-09-14T14:37:38+02:00
CVE-2022-38266/leptonlib: buster postponed
- - - - -
d3106d66 by Salvatore Bonaccorso at 2022-09-14T15:36:29+02:00
Remove todo item for CVE-2022-36087, confirmed by maintainer
And the upload addressing the issue will contain the two needed commits
not in 3.2.1.
- - - - -
de0c07b1 by Abhijith PA at 2022-09-14T19:08:39+05:30
drop CVE-2022-32224 from DLA-3093-1
- - - - -
0568dfee by Moritz Muehlenhoff at 2022-09-14T16:46:17+02:00
otfcc non issues
- - - - -
01392162 by Moritz Muehlenhoff at 2022-09-14T17:25:06+02:00
bullseye triage
- - - - -
57672f15 by Sylvain Beucler at 2022-09-14T19:24:02+02:00
CVE-2022-28131/golang: reference patches
- - - - -
50c4c9b8 by Sylvain Beucler at 2022-09-14T19:42:52+02:00
CVE-2022-30630/golang: introduced in 1.16
- - - - -
e0288d08 by Salvatore Bonaccorso at 2022-09-14T21:30:01+02:00
Add new crhomium issues
- - - - -
57bdd7b0 by Salvatore Bonaccorso at 2022-09-14T21:31:12+02:00
Add chromium to dsa-needed list
- - - - -
af644d23 by Salvatore Bonaccorso at 2022-09-14T21:33:13+02:00
Add upstream tag information for CVE-2022-1615
- - - - -
106401af by Salvatore Bonaccorso at 2022-09-14T21:34:58+02:00
Reference merge request for CVE-2022-1615
- - - - -
044d0119 by Salvatore Bonaccorso at 2022-09-14T21:52:18+02:00
Add Debian bug reference for CVE-2022-40674/expat
- - - - -
a82a9178 by security tracker role at 2022-09-14T20:10:21+00:00
automatic update
- - - - -
ab7e0aac by Salvatore Bonaccorso at 2022-09-14T22:16:15+02:00
Add CVE-2022-40626/zabbix
- - - - -
278a5456 by Salvatore Bonaccorso at 2022-09-14T22:25:33+02:00
Update tracking for CVE-2022-2078 (and rejected CVE-2022-1972)
- - - - -
97f4ca16 by Salvatore Bonaccorso at 2022-09-14T22:29:43+02:00
Process one NFU
- - - - -
d9ef618e by Salvatore Bonaccorso at 2022-09-14T22:37:52+02:00
Process some NFUs
- - - - -
3a7efb7e by Salvatore Bonaccorso at 2022-09-14T22:38:29+02:00
Add CVE-2022-37703/amanda
- - - - -
086c1ec6 by Salvatore Bonaccorso at 2022-09-14T22:39:44+02:00
Add new glpi issues
- - - - -
25e61d80 by Salvatore Bonaccorso at 2022-09-14T23:03:02+02:00
Track fixed version for CVE-2022-36087 via unstable
- - - - -
58ad2f5b by Moritz Muehlenhoff at 2022-09-14T23:48:38+02:00
NFUs
- - - - -
b31594f7 by Valentin Vidic at 2022-09-14T23:51:09+02:00
Reserve DLA-3108-1 for pcs
- - - - -
9cb6fb3b by Salvatore Bonaccorso at 2022-09-15T06:57:31+02:00
Track fixed version for chromium issues fixed via unstable
- - - - -
15ed9348 by Salvatore Bonaccorso at 2022-09-15T08:39:25+02:00
Add CVE-2021-36568/moodle
- - - - -
465d2c21 by Salvatore Bonaccorso at 2022-09-15T08:43:58+02:00
Add CVE-2022-2566/ffmpeg
- - - - -
03f9c73a by Emilio Pozuelo Monfort at 2022-09-15T08:47:42+02:00
Reserve DLA-3109-1 for nova
- - - - -
84ba6dcd by Emilio Pozuelo Monfort at 2022-09-15T08:49:17+02:00
Remove no-dsa tag for CVE-2019-14433/nova
- - - - -
783ec94b by Abhijith PA at 2022-09-15T13:01:01+05:30
reserve DLA-3093-2 for rails
- - - - -
8963bb09 by Abhijith PA at 2022-09-15T13:37:02+05:30
update note in dla-needed.txt
- - - - -
aae29227 by security tracker role at 2022-09-15T08:10:16+00:00
automatic update
- - - - -
57d23df3 by Salvatore Bonaccorso at 2022-09-15T10:27:57+02:00
Add CVE-2022-40476/linux
- - - - -
44472113 by Salvatore Bonaccorso at 2022-09-15T10:37:03+02:00
Add CVE-2022-2977/linux
- - - - -
7c54b359 by Salvatore Bonaccorso at 2022-09-15T10:49:43+02:00
Process some NFUs
- - - - -
c626c4aa by Sylvain Beucler at 2022-09-15T12:51:57+02:00
dla: add golang-go.crypto
- - - - -
28d43909 by Sylvain Beucler at 2022-09-15T14:06:02+02:00
dla: golang-websocket: update note
- - - - -
efc4c1da by Emilio Pozuelo Monfort at 2022-09-15T14:50:33+02:00
Reserve DLA-3110-1 for glib2.0
- - - - -
441f90d9 by Roberto C. Sánchez at 2022-09-15T09:57:23-04:00
LTS: reclaim exiv2 in dla-needed.txt
- - - - -
cbca0fec by Moritz Mühlenhoff at 2022-09-15T20:55:43+02:00
chromium DSA
- - - - -
8be8be17 by Moritz Muehlenhoff at 2022-09-15T21:01:41+02:00
fix up two golang entries
- - - - -
55fd71eb by Salvatore Bonaccorso at 2022-09-15T21:40:26+02:00
Add CVE-2018-25047/smarty
- - - - -
6c868e9b by Salvatore Bonaccorso at 2022-09-15T21:58:20+02:00
Track fixed version for CVE-2022-40674/expat via unstable
- - - - -
abe5c6d7 by Salvatore Bonaccorso at 2022-09-15T22:01:05+02:00
Add Debian bug references for smarty issues
- - - - -
62e83737 by security tracker role at 2022-09-15T20:10:21+00:00
automatic update
- - - - -
f8707fdd by Salvatore Bonaccorso at 2022-09-15T22:13:46+02:00
Process two NFUs
- - - - -
2056046e by Salvatore Bonaccorso at 2022-09-15T22:24:33+02:00
Add CVE-2022-3222/gpac
- - - - -
3b2f382a by Salvatore Bonaccorso at 2022-09-15T22:30:34+02:00
Add CVE-2022-3221/rdiffweb
- - - - -
14c732ab by Salvatore Bonaccorso at 2022-09-15T22:38:15+02:00
Process some NFUs
- - - - -
c50fa45b by Thorsten Alteholz at 2022-09-15T23:41:19+02:00
Reserve DLA-3111-1 for mod-wsgi
- - - - -
57f57af1 by Salvatore Bonaccorso at 2022-09-16T06:19:10+02:00
Track fix via experimental for CVE-2022-33068/harfbuzz
- - - - -
4820ec8e by Salvatore Bonaccorso at 2022-09-16T06:30:56+02:00
Process some NFUs
- - - - -
9f8943c7 by Salvatore Bonaccorso at 2022-09-16T06:34:39+02:00
Add CVE-2022-2998/chromium
- - - - -
5a7ff1a9 by Salvatore Bonaccorso at 2022-09-16T06:43:28+02:00
Add CVE-2022-39209/cmark-gfm
- - - - -
1d79b56a by Helmut Grohne at 2022-09-16T07:56:34+02:00
lts: claim libraw
- - - - -
97e56f16 by Emilio Pozuelo Monfort at 2022-09-16T09:24:45+02:00
Reserve DLA-3112-1 for bzip2
- - - - -
0cbd88e5 by Helmut Grohne at 2022-09-16T09:43:05+02:00
Reserve DLA-3113-1 for libraw
- - - - -
7b1e2e76 by Salvatore Bonaccorso at 2022-09-16T10:04:10+02:00
Process some NFUs
- - - - -
6af95ce2 by security tracker role at 2022-09-16T08:10:16+00:00
automatic update
- - - - -
de217ad1 by Salvatore Bonaccorso at 2022-09-16T10:47:49+02:00
Process NFUs
- - - - -
45db1dd6 by Salvatore Bonaccorso at 2022-09-16T10:48:19+02:00
Process two CVEs for glpi
- - - - -
5e8db75c by Salvatore Bonaccorso at 2022-09-16T10:51:56+02:00
Process NFUs
- - - - -
f6322c4e by Salvatore Bonaccorso at 2022-09-16T10:54:42+02:00
Consolidate one NFU naming
- - - - -
0c1e734c by Emilio Pozuelo Monfort at 2022-09-16T11:09:25+02:00
Reserve DLA-3114-1 for mariadb-10.3
- - - - -
acfccc61 by Helmut Grohne at 2022-09-16T12:29:24+02:00
libraw buster DLA-3113-1 issued
- - - - -
e9e59255 by Sylvain Beucler at 2022-09-16T13:08:02+02:00
golang: standardize/clarify buster-lts triage
following discussion with Ola
- - - - -
584817f4 by Sylvain Beucler at 2022-09-16T13:08:44+02:00
dla add golang-1.11
- - - - -
54339883 by Sylvain Beucler at 2022-09-16T13:53:02+02:00
dla: add wireshark
- - - - -
48f96c33 by Salvatore Bonaccorso at 2022-09-16T16:20:06+02:00
Remove zlib CVE for mariadb-10.3 reference
- - - - -
18736b6f by Salvatore Bonaccorso at 2022-09-16T16:24:29+02:00
Drop explicit buster entries covered in DLA-3113-1 DLA list entry
- - - - -
fb6225ff by Salvatore Bonaccorso at 2022-09-16T16:35:25+02:00
Add CVE-2022-3611{3,4}/cargo
- - - - -
81ac8a8f by Aron Xu at 2022-09-16T22:45:49+08:00
data/dsa-needed.txt: claim fish.
- - - - -
64c6d92c by Salvatore Bonaccorso at 2022-09-16T17:05:44+02:00
Process two NFUs
- - - - -
87cc0849 by Salvatore Bonaccorso at 2022-09-16T17:06:25+02:00
Add CVE-2022-38866/mplayer
- - - - -
398f9175 by Salvatore Bonaccorso at 2022-09-16T17:10:32+02:00
Add CVE-2022-38600/mplayer
- - - - -
c0e1faa9 by Salvatore Bonaccorso at 2022-09-16T17:19:12+02:00
Add some new mplayer CVEs
- - - - -
3ebbb665 by Moritz Mühlenhoff at 2022-09-16T17:28:40+02:00
k8s n/a
- - - - -
88948df1 by Salvatore Bonaccorso at 2022-09-16T21:08:53+02:00
Process some more mplayer related CVEs
- - - - -
e56c2557 by security tracker role at 2022-09-16T20:10:28+00:00
automatic update
- - - - -
caa1fb49 by Salvatore Bonaccorso at 2022-09-17T08:20:18+02:00
Process some NFUs
- - - - -
83e2e319 by Salvatore Bonaccorso at 2022-09-17T08:24:30+02:00
Process some NFUs
- - - - -
a184d688 by Salvatore Bonaccorso at 2022-09-17T08:25:39+02:00
Expand TODO for CVE-2022-36402
- - - - -
3649edbb by Salvatore Bonaccorso at 2022-09-17T08:37:58+02:00
Add CVE-2022-3176/linux
- - - - -
20d7bb4e by Salvatore Bonaccorso at 2022-09-17T09:01:49+02:00
Track fixed version for CVE-2022-37706/e17 via unstable
- - - - -
b591c667 by Salvatore Bonaccorso at 2022-09-17T09:05:31+02:00
Reference upstream commit for CVE-2022-37706/e17
- - - - -
c9337846 by Salvatore Bonaccorso at 2022-09-17T09:10:33+02:00
Process several NFUs
- - - - -
13df0e98 by Salvatore Bonaccorso at 2022-09-17T09:14:08+02:00
Add e17 to dsa-needed list
- - - - -
b0ab1e57 by security tracker role at 2022-09-17T08:10:27+00:00
automatic update
- - - - -
75f96b8e by Salvatore Bonaccorso at 2022-09-17T10:34:18+02:00
Track some tensorflow CVEs
- - - - -
c369c81f by Salvatore Bonaccorso at 2022-09-17T10:59:58+02:00
Process some NFUs
- - - - -
3a9bc1e3 by Salvatore Bonaccorso at 2022-09-17T11:00:51+02:00
Add CVE-2022-40755/jasper
- - - - -
eb91ab82 by Salvatore Bonaccorso at 2022-09-17T11:01:25+02:00
Add CVE-2022-3173/snipe-it
- - - - -
3c80f1cc by Salvatore Bonaccorso at 2022-09-17T11:02:06+02:00
Add two netxcloud-server issues
- - - - -
30f5dc99 by Sylvain Beucler at 2022-09-17T11:44:02+02:00
CVE-2022-3222/gpac: buster end-of-life
- - - - -
514877fd by Sylvain Beucler at 2022-09-17T11:58:28+02:00
dla: add e17
- - - - -
5797928f by Moritz Muehlenhoff at 2022-09-17T16:12:19+02:00
take e17
- - - - -
a9beba40 by Moritz Muehlenhoff at 2022-09-17T16:57:23+02:00
mark five linux issues reported via OpenAnolis as <undetermined> until
bugs are opened up (no need to add to kernel-sec until that happens)
- - - - -
8f2967a2 by Salvatore Bonaccorso at 2022-09-17T17:23:23+02:00
Add expat for DSA needed, to be checked
- - - - -
ab52d9c5 by Salvatore Bonaccorso at 2022-09-17T17:24:06+02:00
Merge remote-tracking branch 'origin/master'
- - - - -
1ade738c by Salvatore Bonaccorso at 2022-09-17T17:29:02+02:00
Add references to the not yet openend openanolis bugzilla entries
Interestingly the scope of the OpenAnolis CNA is very specific to
OpenAnolis issues only. Still though the issues seem related to changes
to the Linux kernel. So the scope is puzzling.
Link: https://www.cve.org/PartnerInformation/ListofPartners/partner/Anolis
- - - - -
9fc43581 by Salvatore Bonaccorso at 2022-09-17T17:33:43+02:00
Reserve DSA number for connman update
- - - - -
ea020174 by Salvatore Bonaccorso at 2022-09-17T17:47:51+02:00
Track fixed version for CVE-2022-27664/golang-1.18
- - - - -
0a2fb283 by security tracker role at 2022-09-17T20:10:19+00:00
automatic update
- - - - -
47e32f0c by Salvatore Bonaccorso at 2022-09-18T08:39:38+02:00
Process one NFU
- - - - -
3f701beb by security tracker role at 2022-09-18T08:10:14+00:00
automatic update
- - - - -
2538bee4 by Salvatore Bonaccorso at 2022-09-18T11:22:39+02:00
Add CVE-2022-40768/linux
- - - - -
f4c9d234 by Salvatore Bonaccorso at 2022-09-18T11:23:55+02:00
Add CVE-2022-3232/rdiffweb, itp'ed
- - - - -
c2ccaf44 by Salvatore Bonaccorso at 2022-09-18T11:29:44+02:00
Process one NFU
- - - - -
51555f68 by Salvatore Bonaccorso at 2022-09-18T11:30:44+02:00
Add CVE-2022-3234/vim
- - - - -
e2859ed6 by security tracker role at 2022-09-18T20:10:21+00:00
automatic update
- - - - -
473fa02b by Salvatore Bonaccorso at 2022-09-19T06:46:30+02:00
Process two NFUs
- - - - -
29f07f2e by security tracker role at 2022-09-19T08:10:22+00:00
automatic update
- - - - -
1e382fef by Salvatore Bonaccorso at 2022-09-19T10:24:08+02:00
Add CVE-2022-3235/vim
- - - - -
bc0ed78d by Emilio Pozuelo Monfort at 2022-09-19T10:29:28+02:00
lts: take e17
- - - - -
12863832 by Emilio Pozuelo Monfort at 2022-09-19T12:41:03+02:00
Reserve DLA-3115-1 for e17
- - - - -
70f597e9 by Emilio Pozuelo Monfort at 2022-09-19T13:51:51+02:00
lts: take mako
- - - - -
b9c450bb by Alberto Garcia at 2022-09-19T15:22:04+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2022-0009
- - - - -
9cbd6082 by Salvatore Bonaccorso at 2022-09-19T15:41:06+02:00
Add upstream commit references for CVE-2021-3507/qemu
- - - - -
3d15f234 by Salvatore Bonaccorso at 2022-09-19T15:42:43+02:00
Track fixed version for CVE-2021-3507/qemu via unstable
- - - - -
264f990b by Salvatore Bonaccorso at 2022-09-19T15:46:09+02:00
Add references for CVE-2021-35196/manuskript
- - - - -
569552b6 by Salvatore Bonaccorso at 2022-09-19T15:49:07+02:00
Track fixed version for CVE-2021-35196/manuskript
- - - - -
f02b2890 by Emilio Pozuelo Monfort at 2022-09-19T17:17:29+02:00
Mark CVE-2022-32891 as fixed in DLA-3073-1
- - - - -
fb002b03 by Salvatore Bonaccorso at 2022-09-19T20:53:23+02:00
Process some NFUs
- - - - -
13b56749 by security tracker role at 2022-09-19T20:10:21+00:00
automatic update
- - - - -
edac8f0f by Salvatore Bonaccorso at 2022-09-19T22:17:18+02:00
Process some NFUs
- - - - -
15af9319 by Salvatore Bonaccorso at 2022-09-19T22:43:59+02:00
Process some NFUs
- - - - -
1432d91a by Salvatore Bonaccorso at 2022-09-19T22:49:00+02:00
Process some NFUs
- - - - -
ac8f8b3a by Salvatore Bonaccorso at 2022-09-19T22:50:09+02:00
Add CVE-2022-3213/imagemagick
- - - - -
89724b03 by Salvatore Bonaccorso at 2022-09-19T22:55:27+02:00
Add CVE-2022-40468/tinyproxy
- - - - -
df0164da by Anton Gladky at 2022-09-20T06:11:01+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
8591b277 by Salvatore Bonaccorso at 2022-09-20T07:25:54+02:00
Adjust one WSA-2022-0009 tracking for CVE id typo
- - - - -
68fa426c by Salvatore Bonaccorso at 2022-09-20T07:44:08+02:00
Track proposed bullseye-pu update for dojo
- - - - -
8e36f8b0 by Salvatore Bonaccorso at 2022-09-20T07:52:47+02:00
Add CVE-2022-3995{5,6,7,8}/modsecurity-crs
- - - - -
39192232 by Salvatore Bonaccorso at 2022-09-20T08:27:21+02:00
Add CVE-2022-3239/linux
- - - - -
c2e296ee by security tracker role at 2022-09-20T08:10:17+00:00
automatic update
- - - - -
343b56f0 by Salvatore Bonaccorso at 2022-09-20T10:24:22+02:00
Process some NFUs
- - - - -
b80fb107 by Moritz Mühlenhoff at 2022-09-20T10:46:26+02:00
new k8s issue
NFU
- - - - -
5bdac98e by Alberto Garcia at 2022-09-20T11:14:14+02:00
WebKit CVE-2022-32912 only affects macOS
- - - - -
719ca565 by Moritz Mühlenhoff at 2022-09-20T12:28:45+02:00
bullseye triage
- - - - -
b9ae6ff5 by Moritz Mühlenhoff at 2022-09-20T17:03:48+02:00
bullseye triage
- - - - -
ca491652 by Salvatore Bonaccorso at 2022-09-20T21:48:12+02:00
Add firefox issues from mfsa2022-40
- - - - -
60d9eaf8 by Salvatore Bonaccorso at 2022-09-20T21:50:52+02:00
Add firefox-esr issues from mfsa2022-41
- - - - -
03addbbb by Salvatore Bonaccorso at 2022-09-20T21:52:29+02:00
Add tinygltf to dsa-needed list
- - - - -
01e28e4c by security tracker role at 2022-09-20T20:10:20+00:00
automatic update
- - - - -
ef0e4e0a by Salvatore Bonaccorso at 2022-09-20T22:40:47+02:00
Remove notes from CVE-2022-36757 (rejected, not a security issue)
- - - - -
0ca4a36a by Salvatore Bonaccorso at 2022-09-20T22:42:55+02:00
Remove some notes from AXIS related CVES which are now rejected
- - - - -
b5b3a02e by Salvatore Bonaccorso at 2022-09-20T22:44:58+02:00
Remove notes from now rejected CVE-2022-24304 (duplicate of CVE-2022-2564)
- - - - -
dc75fae0 by Salvatore Bonaccorso at 2022-09-20T22:50:53+02:00
Add CVE-2022-41138/zutty
- - - - -
1614275b by Salvatore Bonaccorso at 2022-09-20T22:59:31+02:00
Process some NFUs
- - - - -
c290b9f5 by Salvatore Bonaccorso at 2022-09-20T23:22:58+02:00
Add CVE-2022-40604/airflow
- - - - -
8f9e50c0 by Salvatore Bonaccorso at 2022-09-20T23:23:43+02:00
Add CVE-2022-40754/airflow
- - - - -
bdc0305e by Thorsten Alteholz at 2022-09-21T00:27:45+02:00
mark CVE-2022-37703 as no-dsa for Buster
- - - - -
2b0a97c1 by Salvatore Bonaccorso at 2022-09-21T06:28:31+02:00
Track fixed version for firefox-esr via unstable
- - - - -
9c83a2bc by Salvatore Bonaccorso at 2022-09-21T06:40:19+02:00
Add CVE-2022-4031{3,4,5,6}/moodle
- - - - -
bf9c1ad2 by Salvatore Bonaccorso at 2022-09-21T07:00:35+02:00
Track fixed version for firefox update via unstble for mfsa2022-40 issues
- - - - -
d94ee457 by Salvatore Bonaccorso at 2022-09-21T08:39:12+02:00
Update status for CVE-2022-29264/coreboot (entered the archive)
- - - - -
43b487b8 by Salvatore Bonaccorso at 2022-09-21T08:46:45+02:00
Update information for CVE-2022-29264/coreboot
- - - - -
8387d550 by Aron Xu at 2022-09-21T14:55:04+08:00
data/dsa-needed.txt: claim gdal
- - - - -
6f7aee17 by Salvatore Bonaccorso at 2022-09-21T09:55:27+02:00
Add CVE-2022-41222/linux
- - - - -
647b6eb7 by Emilio Pozuelo Monfort at 2022-09-21T09:59:22+02:00
lts: take firefox-esr and thunderbird
- - - - -
483dadfe by security tracker role at 2022-09-21T08:10:17+00:00
automatic update
- - - - -
9f4bf032 by Salvatore Bonaccorso at 2022-09-21T10:24:49+02:00
Add CVE-2022-4000{8,9}/swftools
- - - - -
6b74f5c3 by Salvatore Bonaccorso at 2022-09-21T10:27:48+02:00
Process some NFUs
- - - - -
993f5bc6 by Salvatore Bonaccorso at 2022-09-21T10:33:17+02:00
Add CVE-2022-37032/frr
- - - - -
ab296253 by Salvatore Bonaccorso at 2022-09-21T10:42:43+02:00
Add CVE-2022-41218/linux
- - - - -
100f2691 by Moritz Mühlenhoff at 2022-09-21T11:22:24+02:00
take tinygltf
- - - - -
5bb052b7 by Moritz Mühlenhoff at 2022-09-21T11:25:06+02:00
add firefox/thunderbird to dsa-needed
- - - - -
ef454f88 by Salvatore Bonaccorso at 2022-09-21T11:49:24+02:00
Mark CVE-2022-29264/coreboot as unimportant
- - - - -
e1a270dc by Salvatore Bonaccorso at 2022-09-21T12:04:59+02:00
Process some NFUs
- - - - -
f019a19b by Salvatore Bonaccorso at 2022-09-21T12:05:30+02:00
Add new swftools issues
- - - - -
d3065eec by Salvatore Bonaccorso at 2022-09-21T12:05:51+02:00
Add CVE-2022-35957/grafana
- - - - -
9acc44f1 by Salvatore Bonaccorso at 2022-09-21T13:29:04+02:00
Add new bind9 issues
- - - - -
2e8432ac by Salvatore Bonaccorso at 2022-09-21T13:57:33+02:00
Update information for CVE-2022-38177
- - - - -
c34d6e3c by Salvatore Bonaccorso at 2022-09-21T14:01:27+02:00
Update information for CVE-2022-38178
- - - - -
0b17c71b by Emilio Pozuelo Monfort at 2022-09-21T14:09:54+02:00
lts: take webkit2gtk
- - - - -
d10ba43c by Salvatore Bonaccorso at 2022-09-21T14:21:16+02:00
Add commit references for CVE-2022-3080/bind9
- - - - -
4501fb8d by Salvatore Bonaccorso at 2022-09-21T14:28:37+02:00
Prefix NOTEs for CVE-2022-3080 to be inline with the previous one for bind9 updates
- - - - -
7ed8e231 by Salvatore Bonaccorso at 2022-09-21T14:29:56+02:00
Update information for CVE-2022-2906/bind9
- - - - -
1387c33c by Salvatore Bonaccorso at 2022-09-21T15:04:24+02:00
Update information for CVE-2022-2881 and add TODO
- - - - -
1ef88dae by Salvatore Bonaccorso at 2022-09-21T15:06:11+02:00
Update information on CVE-2022-2795
- - - - -
f9b22050 by Salvatore Bonaccorso at 2022-09-21T15:08:13+02:00
Track fixed version for bind9 issues via unstable
- - - - -
e44599d8 by Moritz Mühlenhoff at 2022-09-21T15:23:27+02:00
tinygltf DSA
- - - - -
cb01b6ac by Salvatore Bonaccorso at 2022-09-21T15:37:38+02:00
Add CVE-2022-3204/unbound
- - - - -
417dd654 by Salvatore Bonaccorso at 2022-09-21T16:46:40+02:00
Add thunderbird isses from mfsa2022-42
- - - - -
da10543a by Moritz Mühlenhoff at 2022-09-21T17:44:54+02:00
NFUs
- - - - -
1c606f43 by Emilio Pozuelo Monfort at 2022-09-21T18:02:40+02:00
Reserve DLA-3116-1 for mako
- - - - -
088d694a by Moritz Mühlenhoff at 2022-09-21T18:50:35+02:00
e17 / fish DSAs
- - - - -
e75036ef by security tracker role at 2022-09-21T20:10:23+00:00
automatic update
- - - - -
85beb014 by Salvatore Bonaccorso at 2022-09-21T22:17:37+02:00
Process two NFUs
- - - - -
91b24248 by Salvatore Bonaccorso at 2022-09-21T22:24:12+02:00
Add CVE-2022-3250/rdiffweb
- - - - -
53690d7f by Salvatore Bonaccorso at 2022-09-21T22:24:53+02:00
Process some NFUs
- - - - -
f8dfc231 by Salvatore Bonaccorso at 2022-09-21T22:52:16+02:00
Process new octoprint issues
- - - - -
e2b0c26e by Salvatore Bonaccorso at 2022-09-21T22:53:30+02:00
Process some NFUs
- - - - -
25846302 by Salvatore Bonaccorso at 2022-09-22T08:50:51+02:00
Add CVE-2022-40188/knot-resolver
- - - - -
f95abcd6 by Salvatore Bonaccorso at 2022-09-22T08:52:09+02:00
Add CVE-2022-36062/grafana
- - - - -
057ea36b by Salvatore Bonaccorso at 2022-09-22T08:55:59+02:00
Add CVE-2022-36056 as NFU
- - - - -
fada606d by Salvatore Bonaccorso at 2022-09-22T08:58:00+02:00
Process two NFUs for triploe-ansible
- - - - -
11bfda1f by Salvatore Bonaccorso at 2022-09-22T09:12:45+02:00
Mark more OTFCC CVEs as unimportant for texlive-bin
Context of explanations in https://bugs.debian.org/1019602
- - - - -
2c9659f8 by security tracker role at 2022-09-22T08:10:21+00:00
automatic update
- - - - -
320f8357 by Salvatore Bonaccorso at 2022-09-22T10:12:34+02:00
Add CVE-2022-3233/rdiffweb
- - - - -
9370af46 by Salvatore Bonaccorso at 2022-09-22T10:21:20+02:00
Process some NFUs
- - - - -
7922e0f7 by Moritz Mühlenhoff at 2022-09-22T10:51:19+02:00
knot-resolver/unbound no-dsa
- - - - -
f4465bd2 by Salvatore Bonaccorso at 2022-09-22T11:38:06+02:00
Makefile: MIRROR: Switch to deb.debian.org directly
This did not work well in past but let's try it now again.
debian.csail.mit.edu would be the neares mirror as soriano is hosted at
csail, but debian.csail.mit.edu is from time to time unstable.
If deb.debian.org will not work stable enough for our processings due to
the redirects involved, then we can switch to mirrors.wikimedia.org.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
f5fdd052 by Salvatore Bonaccorso at 2022-09-22T13:47:31+02:00
Update status for CVE-2022-2881/bind9
- - - - -
080b9f8a by Salvatore Bonaccorso at 2022-09-22T13:52:00+02:00
Add bind9 to dsa-needed list
- - - - -
9a09eee8 by Salvatore Bonaccorso at 2022-09-22T13:52:56+02:00
Assign firefox-esr to jmm
- - - - -
6267bf20 by Salvatore Bonaccorso at 2022-09-22T13:53:06+02:00
Assign webkit2gtk and wpewebkit to berto
- - - - -
5b0d4a97 by Emilio Pozuelo Monfort at 2022-09-22T14:17:18+02:00
CVE-2022-33068/harfbuzz fixed in unstable
- - - - -
76ac75e9 by Salvatore Bonaccorso at 2022-09-22T14:41:26+02:00
Reserve DSA number for bind9 update
- - - - -
1c374385 by Emilio Pozuelo Monfort at 2022-09-22T14:50:27+02:00
lts: take unzip
- - - - -
45eeacad by Roberto C. Sánchez at 2022-09-22T09:09:24-04:00
LTS: unclaim exiv2
- - - - -
5c99a053 by Markus Koschany at 2022-09-22T15:52:14+02:00
Remove no-dsa tags of mediawiki for upcoming security update
- - - - -
2736380e by Markus Koschany at 2022-09-22T15:53:14+02:00
Reserve DLA-3117-1 for mediawiki
- - - - -
89505995 by Markus Koschany at 2022-09-22T15:53:51+02:00
Update status of poppler in dla-needed.txt
- - - - -
0435a55c by Salvatore Bonaccorso at 2022-09-22T15:58:29+02:00
Add CVE-2022-35951/redis
- - - - -
d1cdf9f7 by Salvatore Bonaccorso at 2022-09-22T17:07:34+02:00
Add Debian bug reference for CVE-2022-35951/redis
- - - - -
cbeb68ce by Emilio Pozuelo Monfort at 2022-09-22T18:53:25+02:00
Reserve DLA-3118-1 for unzip
- - - - -
5c2a708e by Salvatore Bonaccorso at 2022-09-22T20:26:23+02:00
Track fixed version via unstable for tcpreplay issues
- - - - -
d2d2514c by Salvatore Bonaccorso at 2022-09-22T20:28:10+02:00
Track fixes for thunderbird via unstable for mfsa2022-42 CVEs
- - - - -
e3edee26 by Salvatore Bonaccorso at 2022-09-22T21:03:19+02:00
Process CVE-2022-40705 as NFU
- - - - -
771df441 by Salvatore Bonaccorso at 2022-09-22T21:09:27+02:00
Add CVE-2022-38398/batik
- - - - -
6834a419 by Salvatore Bonaccorso at 2022-09-22T21:10:31+02:00
Add CVE-2022-40146/batik
- - - - -
3c9cb393 by Salvatore Bonaccorso at 2022-09-22T21:11:27+02:00
Add CVE-2022-38648/batik
- - - - -
ac13f2b1 by Salvatore Bonaccorso at 2022-09-22T21:27:46+02:00
Process some NFUs
- - - - -
b19ff6e7 by Salvatore Bonaccorso at 2022-09-22T22:08:53+02:00
Reserve DSA number for expat update
- - - - -
0bc2f7a9 by security tracker role at 2022-09-22T20:10:22+00:00
automatic update
- - - - -
75079608 by Salvatore Bonaccorso at 2022-09-22T22:29:58+02:00
Add two new CVEs for rdiffweb, itp'ed
- - - - -
517c0544 by Salvatore Bonaccorso at 2022-09-22T22:32:13+02:00
Add CVE-2022-3256/vim
- - - - -
b39f9d07 by Salvatore Bonaccorso at 2022-09-22T22:32:53+02:00
Process some NFUs
- - - - -
12210128 by Salvatore Bonaccorso at 2022-09-22T22:47:34+02:00
Process several texlive-bin CVEs related to OTFCC
- - - - -
2662fe14 by Thorsten Alteholz at 2022-09-23T00:13:21+02:00
add expat
- - - - -
70cc68f8 by Thorsten Alteholz at 2022-09-23T00:13:56+02:00
add programming language
- - - - -
8b53260d by Aron Xu at 2022-09-23T11:33:18+08:00
data/dsa-needed.txt: claim gerbv and maven-shared-utils
- - - - -
89090afc by Henri Salo at 2022-09-23T09:37:32+03:00
CVE-2022-41317 and CVE-2022-41318 squid
- - - - -
9ec33a4f by Salvatore Bonaccorso at 2022-09-23T08:48:24+02:00
Update information for CVE-2022-4131{7,8}/squid
- - - - -
e876320a by Salvatore Bonaccorso at 2022-09-23T09:14:10+02:00
Add CVE-2022-3262 as NFU
- - - - -
36cceb4c by Salvatore Bonaccorso at 2022-09-23T09:37:58+02:00
Add CVE-2022-41322/kitty
- - - - -
c0ae76af by security tracker role at 2022-09-23T08:10:16+00:00
automatic update
- - - - -
4538daea by Moritz Mühlenhoff at 2022-09-23T10:14:33+02:00
firefox-esr DSA
- - - - -
ebfdb587 by Salvatore Bonaccorso at 2022-09-23T10:28:01+02:00
Process some NFUs
- - - - -
3c137e51 by Salvatore Bonaccorso at 2022-09-23T10:52:28+02:00
Add CVE-2020-36604/node-hoek
- - - - -
018b412d by Salvatore Bonaccorso at 2022-09-23T11:08:12+02:00
Process some NFUs
- - - - -
cd3dd588 by Salvatore Bonaccorso at 2022-09-23T11:21:29+02:00
Process CVE-2022-39227 as NFU
- - - - -
21fe653a by Moritz Mühlenhoff at 2022-09-23T14:32:37+02:00
bullseye triage
- - - - -
071d4267 by Moritz Mühlenhoff at 2022-09-23T15:02:36+02:00
redis fixed in sid
- - - - -
607d4467 by Thorsten Alteholz at 2022-09-23T16:19:40+02:00
add gerbv
- - - - -
1f521dee by Thorsten Alteholz at 2022-09-23T16:25:07+02:00
add squid
- - - - -
4f950c12 by Thorsten Alteholz at 2022-09-23T16:25:46+02:00
add frr
- - - - -
a4261318 by Moritz Mühlenhoff at 2022-09-23T16:35:05+02:00
NFUs
- - - - -
8f703ce2 by Salvatore Bonaccorso at 2022-09-23T20:41:38+02:00
Reference followup for CVE-2022-32215/nodejs
- - - - -
c7feb246 by Salvatore Bonaccorso at 2022-09-23T20:43:31+02:00
Reference followup for CVE-2022-32213
- - - - -
a2646830 by Salvatore Bonaccorso at 2022-09-23T20:45:02+02:00
Add Debian bug reference for CVE-2022-41322/kitty
- - - - -
e4c3d352 by Salvatore Bonaccorso at 2022-09-23T20:59:57+02:00
Add CVE-2022-35256/nodejs
- - - - -
ca015c51 by Salvatore Bonaccorso at 2022-09-23T21:02:44+02:00
Add CVE-2022-35255/nodejs
- - - - -
434aafb9 by Salvatore Bonaccorso at 2022-09-23T21:14:32+02:00
Update information for CVE-2019-1010204/binutils
- - - - -
50895ce0 by Salvatore Bonaccorso at 2022-09-23T21:26:40+02:00
Track fixed version for CVE-2020-35448 via unstable
- - - - -
b23aefc8 by Salvatore Bonaccorso at 2022-09-23T21:44:38+02:00
Update information for CVE-2021-3530/binutils
- - - - -
71a6963f by Salvatore Bonaccorso at 2022-09-23T21:46:48+02:00
Update information for CVE-2021-46195/binutils
- - - - -
e5fe68d3 by security tracker role at 2022-09-23T20:10:30+00:00
automatic update
- - - - -
96142902 by Salvatore Bonaccorso at 2022-09-23T22:26:08+02:00
Process some NFUs
- - - - -
d7924290 by Salvatore Bonaccorso at 2022-09-23T22:27:19+02:00
Add Debian bug reference for CVE-2022-39209
- - - - -
003f1e69 by Salvatore Bonaccorso at 2022-09-23T22:29:25+02:00
Add Debian bug reference for three batik issues
- - - - -
accf12c5 by Salvatore Bonaccorso at 2022-09-23T22:31:00+02:00
Add Debian bug references for squid issues
- - - - -
46f013ed by Salvatore Bonaccorso at 2022-09-24T08:50:45+02:00
Add CVE-2022-3277/neutron
- - - - -
8ed787ca by Salvatore Bonaccorso at 2022-09-24T09:46:46+02:00
Process some NFUs
- - - - -
e01f02e2 by Salvatore Bonaccorso at 2022-09-24T09:58:32+02:00
Add additional reference for CVE-2022-41218/linux
- - - - -
50abc733 by security tracker role at 2022-09-24T08:10:16+00:00
automatic update
- - - - -
35b973bd by Salvatore Bonaccorso at 2022-09-24T10:16:00+02:00
Process soem new swftools CVEs
- - - - -
ee456021 by Salvatore Bonaccorso at 2022-09-24T10:17:54+02:00
Add CVE-2022-3278/vim
- - - - -
ab10cd1b by Salvatore Bonaccorso at 2022-09-24T10:22:11+02:00
Add CVE-2022-3269/rdiffweb
- - - - -
87dd0dc4 by Salvatore Bonaccorso at 2022-09-24T10:22:48+02:00
Process some NFUs
- - - - -
b967c072 by Salvatore Bonaccorso at 2022-09-24T10:23:27+02:00
Add CVE-2022-3257/mattermost-server
- - - - -
495bc703 by Thorsten Alteholz at 2022-09-24T11:28:31+02:00
mark CVE-2020-36604 as not-affected for Buster
- - - - -
be2b55a0 by Salvatore Bonaccorso at 2022-09-24T12:43:33+02:00
Track fixed version for CVE-2021-3618 via unstable for sendmail
- - - - -
49ae9b72 by Salvatore Bonaccorso at 2022-09-24T13:11:36+02:00
Track fixes for two linux CVEs via unstable
- - - - -
5029a903 by Salvatore Bonaccorso at 2022-09-24T13:14:36+02:00
Track proposed update for mod-wsgi via bullseye-pu
- - - - -
afada32c by Salvatore Bonaccorso at 2022-09-24T13:29:55+02:00
Add CVE-2022-40716/consul
- - - - -
28112fcd by Salvatore Bonaccorso at 2022-09-24T13:31:07+02:00
Process some NFUs
- - - - -
69a008a4 by Salvatore Bonaccorso at 2022-09-24T13:33:43+02:00
Unify some WordPress plugin spelling
- - - - -
9126ff5a by Salvatore Bonaccorso at 2022-09-24T13:42:54+02:00
Add CVE-2022-2785/linux
- - - - -
e4d1679a by Salvatore Bonaccorso at 2022-09-24T14:30:01+02:00
Track upstream commits and fixes for CVE-2021-28861
- - - - -
e0206a43 by Markus Koschany at 2022-09-24T14:34:36+02:00
apache-jena CVE fixed in unstable
- - - - -
243403b2 by security tracker role at 2022-09-24T20:10:28+00:00
automatic update
- - - - -
3ecf83c5 by Thorsten Alteholz at 2022-09-25T09:04:17+02:00
Reserve DLA-3119-1 for expat
- - - - -
9321481f by security tracker role at 2022-09-25T08:10:10+00:00
automatic update
- - - - -
e7f31c6a by Thorsten Alteholz at 2022-09-25T10:34:15+02:00
sec team marked all CVEs as unimportant, so nothing to do here as well
- - - - -
74c7b448 by Thorsten Alteholz at 2022-09-25T10:51:13+02:00
mark CVE-2022-38528 as no-dsa for Buster (no fix yet; follow sec team)
- - - - -
d7f8f3d0 by Anton Gladky at 2022-09-25T12:30:34+02:00
LTS: take dovecot
- - - - -
06844544 by Thorsten Alteholz at 2022-09-25T16:23:47+02:00
mark CVE-2022-25869 and CVE-2022-25844 as no-dsa for Buster
- - - - -
835bdb50 by Thorsten Alteholz at 2022-09-25T16:31:04+02:00
follow sec team and mark three CVEs for batik as no-dsa
- - - - -
cdb9eaea by Thorsten Alteholz at 2022-09-25T16:37:15+02:00
add bind9
- - - - -
c02c32ab by Thorsten Alteholz at 2022-09-25T16:52:30+02:00
mark CVE-2022-1325 as no-dsa for Buster
- - - - -
4fbc37db by Thorsten Alteholz at 2022-09-25T16:54:02+02:00
mark CVE-2022-36114 and CVE-2022-36113 as no-dsa for Buster
- - - - -
b1fe2a10 by Thorsten Alteholz at 2022-09-25T16:55:50+02:00
mark CVE-2022-24728 as no-dsa for Buster
- - - - -
53735b97 by Thorsten Alteholz at 2022-09-25T16:56:49+02:00
mark CVE-2022-24729 as no-dsa for Buster
- - - - -
d69e0e9b by Salvatore Bonaccorso at 2022-09-25T17:07:11+02:00
Track fixed batik issues in unstable
- - - - -
9ebd898b by Salvatore Bonaccorso at 2022-09-25T21:17:29+02:00
Add CVE-2022-3296
- - - - -
a719ee83 by security tracker role at 2022-09-25T20:10:23+00:00
automatic update
- - - - -
96fe1f44 by Markus Koschany at 2022-09-26T00:12:08+02:00
Remove no-dsa tags for upcoming security update of poppler.
- - - - -
ca01099d by Markus Koschany at 2022-09-26T00:14:33+02:00
Reserve DLA-3120-1 for poppler
- - - - -
05303965 by Salvatore Bonaccorso at 2022-09-26T07:16:30+02:00
Track fixedversion for CVE-2022-32088/mariadb-10.6
- - - - -
3c7a7e4d by Anton Gladky at 2022-09-26T07:20:01+02:00
Mark CVE-2020-28200 ad ignored for buster
- - - - -
2bffcecc by Salvatore Bonaccorso at 2022-09-26T07:31:15+02:00
Trim additional whitespaces in NOTE
- - - - -
b7a49c2c by Salvatore Bonaccorso at 2022-09-26T08:25:11+02:00
Add upstream issue reference for CVE-2007-4559
- - - - -
949ff0ec by security tracker role at 2022-09-26T08:10:13+00:00
automatic update
- - - - -
09b381ac by Salvatore Bonaccorso at 2022-09-26T10:30:02+02:00
Add fixed version via unstable for CVE-2022-3176/linux
- - - - -
95ba91d5 by Salvatore Bonaccorso at 2022-09-26T10:30:44+02:00
Process two NFUs
- - - - -
ccf87def by Emilio Pozuelo Monfort at 2022-09-26T12:46:31+02:00
lts: fix typo
- - - - -
4f0cd370 by Thorsten Alteholz at 2022-09-26T13:05:23+02:00
mark CVE-2022-36109 as no-dsa for Buster
- - - - -
3a885c21 by Thorsten Alteholz at 2022-09-26T13:05:24+02:00
mark CVE-2022-41322 as no-dsa for Buster
- - - - -
58ad4383 by Thorsten Alteholz at 2022-09-26T13:05:26+02:00
mark CVE-2022-37186 as no-dsa for Buster
- - - - -
52826e1c by Thorsten Alteholz at 2022-09-26T13:05:27+02:00
mark CVE-2022-37797 as no-dsa for Buster
- - - - -
c7c15943 by Thorsten Alteholz at 2022-09-26T13:05:28+02:00
mark CVE-2022-3204 as no-dsa for Buster
- - - - -
759aad62 by Moritz Muehlenhoff at 2022-09-26T15:34:53+02:00
jpeg-xl n/a
- - - - -
e6498e87 by Moritz Muehlenhoff at 2022-09-26T16:56:54+02:00
update additional jpeg-xl issues
- - - - -
a9faaa7c by Salvatore Bonaccorso at 2022-09-26T20:57:13+02:00
Add CVE-2022-3297/vim
- - - - -
a2a5d5f0 by Emilio Pozuelo Monfort at 2022-09-26T21:04:38+02:00
Reserve DLA-3121-1 for firefox-esr
- - - - -
9f27134a by Salvatore Bonaccorso at 2022-09-26T21:43:24+02:00
Take squid from dsa-needed listTake squid from dsa-needed listTake squid
from dsa-needed list
- - - - -
4c9650bc by Salvatore Bonaccorso at 2022-09-26T21:49:31+02:00
Add CVE-2022-40358/ajaxplorer
- - - - -
6cc58774 by Salvatore Bonaccorso at 2022-09-26T21:50:32+02:00
Process some NFUs
- - - - -
e39db614 by security tracker role at 2022-09-26T20:10:28+00:00
automatic update
- - - - -
0dd8ebf2 by Salvatore Bonaccorso at 2022-09-26T22:21:03+02:00
Process some NFUs
- - - - -
81189765 by Salvatore Bonaccorso at 2022-09-26T22:23:50+02:00
Add new rdiffweb issues
- - - - -
715b15f5 by Salvatore Bonaccorso at 2022-09-26T22:24:24+02:00
Process some NFUs
- - - - -
9aac8c69 by Salvatore Bonaccorso at 2022-09-26T22:35:17+02:00
Process two centreon-web CVEs
- - - - -
faf969cd by Salvatore Bonaccorso at 2022-09-26T22:44:21+02:00
Add CVE-2022-3103/linux
- - - - -
a7c7cb8f by Anton Gladky at 2022-09-27T06:08:00+02:00
Reserve DLA-3122-1 for dovecot
- - - - -
1727f855 by Salvatore Bonaccorso at 2022-09-27T07:55:25+02:00
Add CVE-2022-36944/scala
- - - - -
df1fb580 by Salvatore Bonaccorso at 2022-09-27T08:13:50+02:00
Add CVE-2022-21797/joblib
- - - - -
b000276d by Salvatore Bonaccorso at 2022-09-27T08:27:21+02:00
Add CVE-2022-3165/qemu
- - - - -
1c01e41b by Salvatore Bonaccorso at 2022-09-27T08:31:34+02:00
Add CVE-2022-3303/linux
- - - - -
8b77f09f by Salvatore Bonaccorso at 2022-09-27T08:34:54+02:00
Add Debian bug reference for CVE-2022-21797/joblib
- - - - -
3e2a9a29 by security tracker role at 2022-09-27T08:10:20+00:00
automatic update
- - - - -
f9960163 by Moritz Muehlenhoff at 2022-09-27T10:24:42+02:00
add additional firefox reference
- - - - -
6c1d499d by Salvatore Bonaccorso at 2022-09-27T10:45:10+02:00
Add CVE-2022-3298/rdiffweb
- - - - -
442752a8 by Salvatore Bonaccorso at 2022-09-27T10:54:54+02:00
Process some NFUs
- - - - -
bb56c2a3 by Salvatore Bonaccorso at 2022-09-27T11:06:23+02:00
Add CVE-2022-41556/lighttpd
- - - - -
f48f1c2f by Salvatore Bonaccorso at 2022-09-27T11:08:04+02:00
Add lighttpd to dsa-needed list
- - - - -
fd6b8c8a by Emilio Pozuelo Monfort at 2022-09-27T13:41:11+02:00
CVE-2022-33980/commons-configuration2 n/a on buster
- - - - -
25dfd340 by Moritz Muehlenhoff at 2022-09-27T14:16:42+02:00
bullseye triage
- - - - -
34bc0789 by Emilio Pozuelo Monfort at 2022-09-27T14:58:40+02:00
Mark CVE-2022-38791/mariadb-10.3 as addressed in DLA-3114-1
- - - - -
7c6fb17f by Emilio Pozuelo Monfort at 2022-09-27T14:58:41+02:00
Triage remaining mariadb-10.3 CVEs
- - - - -
47285e9e by Sylvain Beucler at 2022-09-27T15:25:22+02:00
dla: update nodejs notes
- - - - -
e879d9c9 by Salvatore Bonaccorso at 2022-09-27T17:28:21+02:00
Track fixed version for snakeyaml issues
- - - - -
085f9468 by Salvatore Bonaccorso at 2022-09-27T18:12:55+02:00
Track fixed version via unstable for CVE-2021-26291/maven
- - - - -
48b30cd1 by Salvatore Bonaccorso at 2022-09-27T18:13:39+02:00
Reference upstream tag for CVE-2021-26291/maven
- - - - -
cfbb21ed by Emilio Pozuelo Monfort at 2022-09-27T18:38:03+02:00
Add prereq note for CVE-2022-0135/virglrenderer
- - - - -
d0f51a71 by Moritz Muehlenhoff at 2022-09-27T18:49:34+02:00
ghostscript n/a
- - - - -
7ada4652 by Moritz Mühlenhoff at 2022-09-27T20:27:07+02:00
thunderbird DSA
- - - - -
ae7ffd2b by Moritz Muehlenhoff at 2022-09-27T20:31:45+02:00
libstb fixed in sid
- - - - -
165b4f03 by Salvatore Bonaccorso at 2022-09-27T20:46:53+02:00
Update tag information for CVE-2022-2085
- - - - -
b668bb7a by Salvatore Bonaccorso at 2022-09-27T20:54:00+02:00
Add new chromium issues
Link: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
- - - - -
61433596 by Salvatore Bonaccorso at 2022-09-27T21:01:08+02:00
Add chromium to dsa-needed list for needed release
- - - - -
906d6aaa by Salvatore Bonaccorso at 2022-09-27T22:01:00+02:00
Track fixed version for chromium issues via unstable
- - - - -
611098a8 by Salvatore Bonaccorso at 2022-09-27T22:01:20+02:00
Update unstable version for CVE-2022-3201/chromium
The CVE is listed again in the [1] announce. It is unclear if this is a
mistake or if the previous fix was possibly just incomplete and its now
only completely fixed in the 106.0.5249.61 upstream version.
Play on safe side for now until clarified, and mark the 106.0.5249.61-1
version as the one fixing (completely) CVE-2022-3201. That means that
the next DSA for chromium will update the version as well.
[1]: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
- - - - -
5e657b1a by security tracker role at 2022-09-27T20:10:22+00:00
automatic update
- - - - -
d7f1a1d8 by Salvatore Bonaccorso at 2022-09-27T22:51:54+02:00
Reserve DSA number for gdal update
- - - - -
fcd2a923 by Emilio Pozuelo Monfort at 2022-09-27T23:07:41+02:00
Reserve DLA-3123-1 for thunderbird
- - - - -
60f9da73 by Emilio Pozuelo Monfort at 2022-09-27T23:23:05+02:00
lts: add gdal
- - - - -
1ae5453f by Moritz Muehlenhoff at 2022-09-27T23:25:22+02:00
three openanolis bugzilla entries have been made public
- - - - -
dc055752 by Salvatore Bonaccorso at 2022-09-27T23:27:43+02:00
Add CVE-2022-1941/protobuf
- - - - -
48e0a94b by Salvatore Bonaccorso at 2022-09-28T06:41:20+02:00
Track fix for CVE-2022-1941/protobuf via experimental
- - - - -
551c0fad by security tracker role at 2022-09-28T08:10:13+00:00
automatic update
- - - - -
927fd4f5 by Alberto Garcia at 2022-09-28T11:22:07+02:00
webkit2gtk DSA-5240-1 and wpewebkit DSA-5241-1
- - - - -
1d6a1e2f by Salvatore Bonaccorso at 2022-09-28T13:50:56+02:00
Add Debian bug reference for CVE-2022-1227/golang-github-containers-psgo
- - - - -
b6d7ea27 by Salvatore Bonaccorso at 2022-09-28T13:51:25+02:00
Add Debian bug reference for CVE-2022-27649/libpod
- - - - -
550dd94c by Salvatore Bonaccorso at 2022-09-28T14:01:36+02:00
Process some NFUs
- - - - -
917d0ee8 by Salvatore Bonaccorso at 2022-09-28T14:02:29+02:00
Add CVE-2022-3324/vim
- - - - -
af8cadf8 by Salvatore Bonaccorso at 2022-09-28T14:03:47+02:00
Add CVE-2022-4081{6,7}/zammad
- - - - -
def6d7fd by Salvatore Bonaccorso at 2022-09-28T14:49:16+02:00
Process CVE-2022-38335 as NFU
- - - - -
2934a751 by Salvatore Bonaccorso at 2022-09-28T14:55:14+02:00
Reserve DSA number for maven-shared-utils update
- - - - -
75d78584 by Moritz Muehlenhoff at 2022-09-28T15:05:36+02:00
one additional vmwgfx issue
- - - - -
fbf86914 by Salvatore Bonaccorso at 2022-09-28T17:33:40+02:00
Track fixed version via unstable for CVE-2022-41556/lighttpd
- - - - -
2affac75 by Salvatore Bonaccorso at 2022-09-28T17:34:22+02:00
Add upstream tag information for CVE-2022-41556/lighttpd
- - - - -
a65ccc8c by Salvatore Bonaccorso at 2022-09-28T17:55:12+02:00
Reserve DSA number for lighttpd update
- - - - -
8037f82a by Emilio Pozuelo Monfort at 2022-09-28T18:20:37+02:00
lts: add lighttpd
- - - - -
1a858dcc by Salvatore Bonaccorso at 2022-09-28T21:06:14+02:00
Add CVE-2021-43980/tomcat
- - - - -
4cc5ac84 by Helmut Grohne at 2022-09-28T21:09:09+02:00
claim lighttpd dla
I've done the DSA already and am outgoing lighttpd maintainer.
- - - - -
f25e54d4 by Salvatore Bonaccorso at 2022-09-28T21:21:29+02:00
Track fixed version for CVE-2022-38749/snakeyaml via unstable
- - - - -
9ea4ffe1 by Moritz Mühlenhoff at 2022-09-28T21:36:08+02:00
chromium DSA
- - - - -
c33a8b31 by security tracker role at 2022-09-28T20:10:21+00:00
automatic update
- - - - -
9520e1be by Salvatore Bonaccorso at 2022-09-28T22:12:38+02:00
Process some NFUs
- - - - -
b0c71e2f by Salvatore Bonaccorso at 2022-09-28T22:25:51+02:00
Process NFUs
- - - - -
d06f0881 by Salvatore Bonaccorso at 2022-09-28T22:26:19+02:00
Add CVE-2022-3287/fwupd
- - - - -
7169d5c0 by Salvatore Bonaccorso at 2022-09-28T22:26:44+02:00
Add CVE-2022-39835/gajim
- - - - -
5e4ee80d by Salvatore Bonaccorso at 2022-09-28T22:27:07+02:00
Add CVE-2022-39261/php-twig
- - - - -
88a1328a by Salvatore Bonaccorso at 2022-09-28T22:43:05+02:00
Process some NFUs
- - - - -
98a1f255 by Emilio Pozuelo Monfort at 2022-09-29T00:55:19+02:00
Reserve DLA-3124-1 for webkit2gtk
- - - - -
69fb3a26 by Salvatore Bonaccorso at 2022-09-29T06:20:18+02:00
Update status for retbleed related CVEs for linux in buster with kernel-sec
- - - - -
54b64430 by Salvatore Bonaccorso at 2022-09-29T06:22:09+02:00
Mark CVE-2022-39842 as unimportant
- - - - -
c523a016 by Salvatore Bonaccorso at 2022-09-29T06:34:14+02:00
Track fixed version for CVE-2022-0918/389-ds-base via unstable
- - - - -
ccedbb89 by Salvatore Bonaccorso at 2022-09-29T06:36:38+02:00
Track fixed version for CVE-2022-41322/kitty via unstable
- - - - -
ea16a4d3 by Salvatore Bonaccorso at 2022-09-29T08:02:40+02:00
Add CVE-2022-3162{8,9}/php
- - - - -
13a7a2c3 by Salvatore Bonaccorso at 2022-09-29T09:34:31+02:00
Add CVE-2022-3100/barbican
- - - - -
f6e88d4d by security tracker role at 2022-09-29T08:10:16+00:00
automatic update
- - - - -
1e016aef by Salvatore Bonaccorso at 2022-09-29T10:21:34+02:00
Process some NFUs
- - - - -
d3ecbe1e by Salvatore Bonaccorso at 2022-09-29T10:28:44+02:00
Process two new rdiffweb CVEs
- - - - -
8ee8d0e6 by Salvatore Bonaccorso at 2022-09-29T11:11:29+02:00
Add Matrix SDK related CVEs
- - - - -
4257cbce by Salvatore Bonaccorso at 2022-09-29T11:12:07+02:00
Add CVE-2022-39173/wolfssl
- - - - -
f569f38a by Salvatore Bonaccorso at 2022-09-29T11:21:01+02:00
Process some NFUs
- - - - -
02d2c710 by Moritz Muehlenhoff at 2022-09-29T17:22:02+02:00
bullseye triage
- - - - -
eed4018f by Salvatore Bonaccorso at 2022-09-29T19:14:16+02:00
Track fixed version for two nodejs issues
- - - - -
5eccf413 by Salvatore Bonaccorso at 2022-09-29T20:48:21+02:00
tracker_service: Switch to use cve.org URL for source reference
As we are going to switch with the transition to cve.org feeds switch
now already for referring CVEs in the MITRE database in the source field
of CVE entries.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
ed7ca4a2 by Salvatore Bonaccorso at 2022-09-29T21:11:12+02:00
report-vuln: Switch to use cve.org URL for reference building
Similar as done for 5eccf413c07f ("tracker_service: Switch to use
cve.org URL for source reference") switch now already to the cve.org URL
for referencing the CVE entries.
A later change will switch to fetch the needed information as well from
the new sources once they get available during the transition from
cve.mitre.org to cve.org.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
f3432fee by Salvatore Bonaccorso at 2022-09-29T21:33:48+02:00
Update information for CVE-2022-3162{8,9}/php
- - - - -
f573623c by security tracker role at 2022-09-29T20:10:20+00:00
automatic update
- - - - -
0f944712 by Salvatore Bonaccorso at 2022-09-29T22:26:35+02:00
Process one NFU
- - - - -
4790e5bd by Moritz Muehlenhoff at 2022-09-29T22:34:45+02:00
ffmpeg n/a in released suites
- - - - -
c3e2bdfb by Salvatore Bonaccorso at 2022-09-29T22:42:49+02:00
Add CVE-2022-3352/vim
- - - - -
90fe230e by Salvatore Bonaccorso at 2022-09-29T22:50:29+02:00
Process some NFUs
- - - - -
1222485d by Salvatore Bonaccorso at 2022-09-29T22:57:44+02:00
Add CVE-2022-29503/uclibc
- - - - -
16d0404c by Thorsten Alteholz at 2022-09-30T00:11:19+02:00
Reserve DLA-3125-1 for libvncserver
- - - - -
ff05dca9 by Thorsten Alteholz at 2022-09-30T00:16:27+02:00
Reserve DLA-3126-1 for libsndfile
- - - - -
618258de by Utkarsh Gupta at 2022-09-30T06:11:02+05:30
Mark CVE-2019-25050/gdal as not-affected for buster
- - - - -
7a1b4c31 by Salvatore Bonaccorso at 2022-09-30T08:21:03+02:00
Add CVE-2022-39264/nheko
- - - - -
ed0dae81 by Salvatore Bonaccorso at 2022-09-30T08:33:15+02:00
Adjust source package name for commons-configuration2
- - - - -
f18e2f32 by Moritz Muehlenhoff at 2022-09-30T09:00:31+02:00
vim fixed in sid
- - - - -
d2ccceb8 by Moritz Muehlenhoff at 2022-09-30T09:03:14+02:00
more vim issues fixed in sid
- - - - -
e28976fa by Moritz Muehlenhoff at 2022-09-30T09:08:03+02:00
new mediawiki issues
- - - - -
36d4e70b by Salvatore Bonaccorso at 2022-09-30T09:42:09+02:00
Add twig source package tracking for CVE-2022-39261
- - - - -
47393ca1 by Salvatore Bonaccorso at 2022-09-30T09:50:55+02:00
Add CVE-2022-41850/linux
- - - - -
622b46c4 by Salvatore Bonaccorso at 2022-09-30T09:52:58+02:00
Add CVE-2022-41849/linux
- - - - -
e18d2e82 by Salvatore Bonaccorso at 2022-09-30T09:54:59+02:00
Add CVE-2022-41848/linux
- - - - -
a83dbea2 by Salvatore Bonaccorso at 2022-09-30T09:56:18+02:00
Add Debian bug reference for CVE-2022-39261/php-twig
- - - - -
73bc5f38 by security tracker role at 2022-09-30T08:10:24+00:00
automatic update
- - - - -
18a7d776 by Salvatore Bonaccorso at 2022-09-30T10:12:40+02:00
Process some NFUs
- - - - -
b3a45ca5 by Salvatore Bonaccorso at 2022-09-30T10:13:21+02:00
Add CVE-2022-3364/rdiffweb
- - - - -
a39868dd by Moritz Muehlenhoff at 2022-09-30T11:37:42+02:00
new gitlab issues
- - - - -
df231937 by Salvatore Bonaccorso at 2022-09-30T14:37:02+02:00
Add fixed version via unstable for CVE-2022-39261/php-twig
- - - - -
93c327e4 by Anton Gladky at 2022-09-30T16:31:16+02:00
LTS: claim curl in dla-needed.txt
- - - - -
100646a6 by Moritz Muehlenhoff at 2022-09-30T16:54:20+02:00
mark k8s as fixed
- - - - -
fa962ff2 by Moritz Muehlenhoff at 2022-09-30T17:04:53+02:00
scala n/a
- - - - -
0374758e by Moritz Muehlenhoff at 2022-09-30T17:12:05+02:00
bugnums
- - - - -
0eaf6527 by Emilio Pozuelo Monfort at 2022-09-30T17:33:19+02:00
lts: take tzdata and libdatetime-timezone-perl
- - - - -
edcd45e8 by Thorsten Alteholz at 2022-09-30T17:55:12+02:00
Reserve DLA-3127-1 for libhttp-daemon-perl
- - - - -
bf97bb4c by Emilio Pozuelo Monfort at 2022-09-30T17:56:51+02:00
Reserve DLA-3114-2 for mariadb-10.3
- - - - -
534e35fa by Salvatore Bonaccorso at 2022-09-30T18:03:38+02:00
Track fixed version for CVE-2022-38752/snakeyaml via unstable
- - - - -
eb718c63 by Moritz Muehlenhoff at 2022-09-30T18:16:16+02:00
mark one snakeyaml issue as unimportant
- - - - -
d2fc632c by Emilio Pozuelo Monfort at 2022-09-30T20:11:00+02:00
lts: deduplicate gdal entry
- - - - -
2ef7229c by Salvatore Bonaccorso at 2022-09-30T20:57:17+02:00
Process some NFUs
- - - - -
a585c81d by Salvatore Bonaccorso at 2022-09-30T20:58:19+02:00
Add CVE-2022-39254/python-matrix-nio
- - - - -
6bb36e86 by Salvatore Bonaccorso at 2022-09-30T20:58:53+02:00
Add CVE-2022-39250/node-matrix-js-sdk
- - - - -
a0f5878d by security tracker role at 2022-09-30T20:10:27+00:00
automatic update
- - - - -
f16155f0 by Moritz Muehlenhoff at 2022-09-30T23:35:03+02:00
xpdf n/a
- - - - -
1f052b1e by Moritz Muehlenhoff at 2022-09-30T23:35:49+02:00
jupyter-notebook fixed in sid
- - - - -
7b0f7bb6 by Utkarsh Gupta at 2022-10-01T04:18:37+05:30
Reserve DLA-3128-1 for node-thenify
- - - - -
e2f02788 by Utkarsh Gupta at 2022-10-01T04:29:19+05:30
Reserve DLA-3129-1 for gdal
- - - - -
e360e97d by Thorsten Alteholz at 2022-10-01T01:13:54+02:00
Reserve DLA-3130-1 for tinyxml
- - - - -
b0c7d630 by Salvatore Bonaccorso at 2022-10-01T07:10:03+02:00
Add CVE-2022-3371/rdiffweb
- - - - -
979b475a by Salvatore Bonaccorso at 2022-10-01T07:13:33+02:00
Process some NFUs
- - - - -
ce1c8524 by Salvatore Bonaccorso at 2022-10-01T09:04:40+02:00
Track fixed version for CVE-2022-40468/tinyproxy via unstable
- - - - -
057f046d by security tracker role at 2022-10-01T08:10:13+00:00
automatic update
- - - - -
e07b2c97 by Salvatore Bonaccorso at 2022-10-01T10:22:15+02:00
Process some NFUs
- - - - -
6310ed78 by Ben Hutchings at 2022-10-01T14:49:34+02:00
Reserve DLA-3131-1 for linux
- - - - -
10509185 by Salvatore Bonaccorso at 2022-10-01T16:13:10+02:00
Add two new CVEs for chromium
- - - - -
dbfb3978 by Salvatore Bonaccorso at 2022-10-01T16:17:32+02:00
Update information for CVE-2020-20445/ffmpeg
- - - - -
762cdb05 by security tracker role at 2022-10-01T20:10:17+00:00
automatic update
- - - - -
0c9816db by security tracker role at 2022-10-02T08:10:13+00:00
automatic update
- - - - -
feec1874 by Salvatore Bonaccorso at 2022-10-02T17:18:13+02:00
Add CVE-2022-4200{3,4}/jackson-databind
- - - - -
271b6ca4 by Salvatore Bonaccorso at 2022-10-02T17:27:54+02:00
Mark CVE-2022-38529 as no-dsa for bullseye
- - - - -
79f04fb8 by Moritz Mühlenhoff at 2022-10-02T19:49:59+02:00
chromium DSA
- - - - -
62e8ecdc by Moritz Muehlenhoff at 2022-10-02T20:06:25+02:00
one modsecurity-crs issue fixed in sid
- - - - -
54fe6ddb by Moritz Muehlenhoff at 2022-10-02T20:21:20+02:00
bugnums
- - - - -
6e864294 by Salvatore Bonaccorso at 2022-10-02T20:49:08+02:00
Adjust bugnumber for rust-cargo reports
- - - - -
ee760d19 by Salvatore Bonaccorso at 2022-10-02T20:54:31+02:00
Track fixed version for CVE-2022-39254/python-matrix-nio via unstable
- - - - -
3da77060 by security tracker role at 2022-10-02T20:10:23+00:00
automatic update
- - - - -
343fee11 by Markus Koschany at 2022-10-02T23:39:43+02:00
snakeyaml: Link to patches and test cases.
- - - - -
ec516007 by Markus Koschany at 2022-10-02T23:41:33+02:00
Reserve DLA-3132-1 for snakeyaml
- - - - -
88d26354 by Markus Koschany at 2022-10-02T23:45:33+02:00
Update status of asterisk and claim vim and wordpress.
- - - - -
0ffec4fe by Salvatore Bonaccorso at 2022-10-03T07:42:22+02:00
Process some NFUs
- - - - -
f81458e3 by Helmut Grohne at 2022-10-03T08:11:06+02:00
triage/fix lighttpd CVEs in buster
- - - - -
c41fd934 by Abhijith PA at 2022-10-03T11:54:28+05:30
update note. Claim trafficserver,squid
- - - - -
f599a628 by Sébastien Delafond at 2022-10-03T08:27:46+02:00
Add and claim php-twig
- - - - -
8caef9cb by Helmut Grohne at 2022-10-03T09:48:48+02:00
issue DLA-3133-1 for lighttpd fixing CVE-2022-37797
- - - - -
a7e3a4a4 by Anton Gladky at 2022-10-03T10:01:51+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
563ac9f8 by security tracker role at 2022-10-03T08:10:13+00:00
automatic update
- - - - -
9c4a710d by Emilio Pozuelo Monfort at 2022-10-03T10:14:37+02:00
Reserve DLA-3134-1 for tzdata
- - - - -
c3b40580 by Emilio Pozuelo Monfort at 2022-10-03T10:33:13+02:00
Reserve DLA-3135-1 for libdatetime-timezone-perl
- - - - -
99ff65e7 by Salvatore Bonaccorso at 2022-10-03T11:00:29+02:00
Partially revert fixed version marking in buster for lighttpd
- - - - -
52b9feeb by Anton Gladky at 2022-10-03T12:02:15+02:00
Remove lts-frontdesk.py (integrated into the dispatch-front-desk script)
- - - - -
fec88202 by Anton Gladky at 2022-10-03T12:03:08+02:00
LTS: dispatch frontdesk slots for 2023/H1
- - - - -
cc7a7b4d by Sylvain Beucler at 2022-10-03T12:53:56+02:00
CVE-2022-35256/nodejs: reference patches, buster not-affected
- - - - -
ac1e0a17 by Sylvain Beucler at 2022-10-03T13:03:36+02:00
CVE-2022-35255/nodejs: reference patches, buster not-affected
- - - - -
c0a421e4 by Salvatore Bonaccorso at 2022-10-03T15:00:05+02:00
Track fixed version for CVE-2021-44537/owncloud-client via unstable
- - - - -
c95f9814 by Emilio Pozuelo Monfort at 2022-10-03T17:17:49+02:00
lts: take bind9
- - - - -
5405e55f by Emilio Pozuelo Monfort at 2022-10-03T18:47:04+02:00
lts: triage CVE-2022-3080/bind9 as n/a on buster
- - - - -
469f9d42 by Salvatore Bonaccorso at 2022-10-03T20:51:44+02:00
Add reference to upstream commit for CVE-2022-3100
- - - - -
f5be1d26 by Salvatore Bonaccorso at 2022-10-03T21:05:47+02:00
Add upstream tag information for CVE-2022-3875{0,1}
- - - - -
748bd05a by Salvatore Bonaccorso at 2022-10-03T21:08:35+02:00
Update information for CVE-2022-41556
- - - - -
56a7ad0b by Salvatore Bonaccorso at 2022-10-03T21:14:50+02:00
Track fixed version for mediawiki issues via unstable
- - - - -
55b04dd5 by Salvatore Bonaccorso at 2022-10-03T21:16:14+02:00
Track fixed version via unstable for four modsecurity-crs issues
- - - - -
f73a54f6 by Salvatore Bonaccorso at 2022-10-03T21:52:19+02:00
Reference upstream commit for CVE-2022-2308/linux
- - - - -
e9b712c0 by Moritz Mühlenhoff at 2022-10-03T22:07:48+02:00
tinyexr spu
- - - - -
f6c778ad by security tracker role at 2022-10-03T20:10:27+00:00
automatic update
- - - - -
55d774d9 by Anton Gladky at 2022-10-03T22:27:52+02:00
LTS: triage clickhouse
- - - - -
5ac0d0b0 by Anton Gladky at 2022-10-03T22:39:42+02:00
LTS: triage fwupd
- - - - -
e60a01cc by Anton Gladky at 2022-10-03T22:46:49+02:00
LTS: triage knot-resolver
- - - - -
84709f8f by Anton Gladky at 2022-10-03T23:08:57+02:00
LTS: triage libpgjava
- - - - -
a7f1f2d4 by Salvatore Bonaccorso at 2022-10-03T23:32:13+02:00
Process some NFUs
- - - - -
c74e6f70 by Salvatore Bonaccorso at 2022-10-04T08:24:07+02:00
Track proposed update for libconfuse in bullseye-pu
- - - - -
0bdf82d7 by Salvatore Bonaccorso at 2022-10-04T08:57:59+02:00
Add CVE-2022-2042{1,2,3,4}/linux
- - - - -
0517befc by Moritz Muehlenhoff at 2022-10-04T09:01:35+02:00
new strongswan issue
- - - - -
30754f57 by Emilio Pozuelo Monfort at 2022-10-04T09:34:23+02:00
lts: take barbican
- - - - -
1eb65ad0 by Emilio Pozuelo Monfort at 2022-10-04T09:47:24+02:00
Reserve DLA-3136-1 for barbican
- - - - -
cd6a512a by security tracker role at 2022-10-04T08:10:15+00:00
automatic update
- - - - -
dd97be51 by Emilio Pozuelo Monfort at 2022-10-04T10:30:07+02:00
CVE-2022-2881/bind9 n/a on buster
- - - - -
fab16fb0 by Moritz Muehlenhoff at 2022-10-04T10:43:58+02:00
NFU
- - - - -
4563639e by Salvatore Bonaccorso at 2022-10-04T10:49:42+02:00
Add CVE-2022-1270/graphicsmagick
- - - - -
c978f0e8 by Salvatore Bonaccorso at 2022-10-04T14:14:36+02:00
Add CVE-2022-41420/nasm
- - - - -
3c3566fd by Moritz Muehlenhoff at 2022-10-04T14:18:13+02:00
squid fixed in sid
- - - - -
a4c23ca4 by Salvatore Bonaccorso at 2022-10-04T18:24:08+02:00
Add CVE-2022-41323/python-django
- - - - -
d54a9c94 by Sylvain Beucler at 2022-10-04T19:47:42+02:00
CVE-2021-44531,CVE-2021-44532,CVE-2021-44533/nodejs: buster ignored + add references
- - - - -
3e0a91d3 by Moritz Muehlenhoff at 2022-10-04T20:36:18+02:00
remove <postponed> entries for mw issues fixed in mediawiki DSA
- - - - -
5e363525 by Moritz Mühlenhoff at 2022-10-04T20:43:08+02:00
mediawiki DSA
- - - - -
876c51e7 by Salvatore Bonaccorso at 2022-10-04T21:02:09+02:00
Mark puppet as removed from unstable
- - - - -
6e7f47a4 by Salvatore Bonaccorso at 2022-10-04T21:11:30+02:00
Add barbican to dsa-needed list
- - - - -
4bf0f979 by Moritz Mühlenhoff at 2022-10-04T21:12:00+02:00
barbican DSA
- - - - -
3161a143 by Salvatore Bonaccorso at 2022-10-04T21:13:39+02:00
Revert "Add barbican to dsa-needed list"
This reverts commit 6e7f47a447ba557a876c7853405f554e248bd56d.
DSA got reserved and released.
- - - - -
57e7a03d by Moritz Mühlenhoff at 2022-10-04T21:17:59+02:00
associate puppet issues with src:puppet-agent
- - - - -
15f2defb by Henri Salo at 2022-10-04T22:18:47+03:00
CVE-2022-41672/airflow
- - - - -
62b12db6 by Salvatore Bonaccorso at 2022-10-04T21:22:35+02:00
Add reference to upstream commit for CVE-2022-1270/graphicsmagick
- - - - -
e35b4b00 by Salvatore Bonaccorso at 2022-10-04T21:33:50+02:00
Reference patch for CVE-2022-40617/strongswan
- - - - -
bd13b5f0 by Salvatore Bonaccorso at 2022-10-04T21:47:05+02:00
Track as well puppetserver itp bug for puppetserver CVEs
- - - - -
1a7478ee by Salvatore Bonaccorso at 2022-10-04T21:48:44+02:00
Add Debian bug reference for CVE-2022-40617/strongswan
- - - - -
2b50e7dd by Salvatore Bonaccorso at 2022-10-04T21:50:19+02:00
Drop tracking of CVE-2022-1480 for chromium (CVE rejected)
CVE got rejected as further investigation by the CNA showed that it was
not a security issue.
Remove as well listing of CVE in the list for DSA 5125-1.
- - - - -
cffb0d90 by Salvatore Bonaccorso at 2022-10-04T21:58:19+02:00
Add strongswan to dsa-needed list
- - - - -
4da1e1de by Salvatore Bonaccorso at 2022-10-04T21:59:54+02:00
Process some NFUs
- - - - -
ac1405c7 by Salvatore Bonaccorso at 2022-10-04T22:02:30+02:00
Add CVE-2022-41443/phpipam
- - - - -
7832c4cd by Salvatore Bonaccorso at 2022-10-04T22:04:22+02:00
Re-associate some NFUs with phpipam, itp'ed
- - - - -
479032bc by security tracker role at 2022-10-04T20:10:24+00:00
automatic update
- - - - -
041621d6 by Salvatore Bonaccorso at 2022-10-04T22:20:01+02:00
Add Debian bug reference for libmodbus issue
- - - - -
5ce17ba5 by Salvatore Bonaccorso at 2022-10-04T22:20:03+02:00
Add Debian bug reference for CVE-2022-2447/keystone
- - - - -
43eab32f by Salvatore Bonaccorso at 2022-10-04T22:20:05+02:00
Add Debian bug reference for nomad issues
- - - - -
40a25e2a by Salvatore Bonaccorso at 2022-10-04T22:20:06+02:00
Add Debian bug reference for python-opcua issue
- - - - -
a44e3227 by Salvatore Bonaccorso at 2022-10-04T22:20:08+02:00
Add Debian bug reference for snort issues
- - - - -
4c13cc27 by Salvatore Bonaccorso at 2022-10-04T22:20:09+02:00
Add Debian bug reference for pngcheck issue
- - - - -
80541194 by Salvatore Bonaccorso at 2022-10-04T22:20:11+02:00
Add Debian bug reference for flask-security issue
- - - - -
daa292f8 by Anton Gladky at 2022-10-04T22:28:27+02:00
LTS: triage strongswan
- - - - -
86eb5298 by Anton Gladky at 2022-10-04T22:28:28+02:00
LTS: triage man2html
- - - - -
0c5e97f2 by Sébastien Delafond at 2022-10-05T07:31:41+02:00
Reserve DSA-5248-1 for php-twig
- - - - -
c1161831 by Salvatore Bonaccorso at 2022-10-05T08:38:54+02:00
Expand todo item for further investigation of four CVEs
- - - - -
2d4fa864 by security tracker role at 2022-10-05T08:10:16+00:00
automatic update
- - - - -
2720f59f by Salvatore Bonaccorso at 2022-10-05T10:37:38+02:00
Initial tracking for three new golang issues
- - - - -
f760deca by Salvatore Bonaccorso at 2022-10-05T10:46:30+02:00
Update information for CVE-2022-41715/go
- - - - -
64c0d64a by Salvatore Bonaccorso at 2022-10-05T11:07:58+02:00
Update information for CVE-2022-2879/go
- - - - -
079fff81 by Salvatore Bonaccorso at 2022-10-05T11:09:56+02:00
Update information for CVE-2022-2880/go
- - - - -
f5700365 by Moritz Muehlenhoff at 2022-10-05T12:18:18+02:00
barbican fixed in sid
- - - - -
90fa8546 by Moritz Muehlenhoff at 2022-10-05T12:27:29+02:00
bullseye triage
- - - - -
4f5f9af6 by Sylvain Beucler at 2022-10-05T15:46:06+02:00
Reserve DLA-3137-1 for nodejs
- - - - -
f01dd7bf by Salvatore Bonaccorso at 2022-10-05T16:15:33+02:00
Track fix via experimental for CVE-2022-21821/nvidia-cuda-toolkit
- - - - -
f2089065 by Moritz Muehlenhoff at 2022-10-05T17:02:42+02:00
bullseye triage
- - - - -
eb5f84c2 by Emilio Pozuelo Monfort at 2022-10-05T17:19:12+02:00
Reserve DLA-3138-1 for bind9
- - - - -
54f1dec3 by Salvatore Bonaccorso at 2022-10-05T20:32:49+02:00
Add two new isc-dhcp issues
- - - - -
f6af30b3 by Salvatore Bonaccorso at 2022-10-05T20:33:54+02:00
Add temporary description for CVE-2022-292{8,9}/isc-dhcp
- - - - -
d3609fed by Salvatore Bonaccorso at 2022-10-05T20:41:11+02:00
Add additional references for isc-dhcp issues
- - - - -
a7e8ee19 by Salvatore Bonaccorso at 2022-10-05T20:43:45+02:00
Add three new dbus issues
- - - - -
e4ed54ae by Salvatore Bonaccorso at 2022-10-05T20:45:06+02:00
Add Debian bug reference for isc-dhcp issues
- - - - -
4964df44 by Salvatore Bonaccorso at 2022-10-05T20:50:27+02:00
Add dbus to dsa-needed list
- - - - -
db0a270b by Salvatore Bonaccorso at 2022-10-05T20:52:00+02:00
Add isc-dhcp to dsa-needed list
- - - - -
4278421b by Salvatore Bonaccorso at 2022-10-05T21:47:03+02:00
Track fixed version via unstable for CVE-2022-40617/strongswan
- - - - -
774a0214 by security tracker role at 2022-10-05T20:10:27+00:00
automatic update
- - - - -
746e95e2 by Moritz Muehlenhoff at 2022-10-06T15:22:05+02:00
add dbus references
- - - - -
621c5b8b by Moritz Muehlenhoff at 2022-10-06T15:43:50+02:00
NFUs
- - - - -
0c9de616 by Yves-Alexis Perez at 2022-10-06T17:58:49+02:00
allocate DSA for strongSwan
- - - - -
86884dee by Moritz Mühlenhoff at 2022-10-06T20:43:00+02:00
dbus DSA
- - - - -
0d0f6c1d by Salvatore Bonaccorso at 2022-10-06T20:58:19+02:00
Reserve DSA number for isc-dhcp update
- - - - -
2bc8787a by Chris Lamb at 2022-10-06T12:08:37-07:00
data/dla-needed.txt: Claim strongswan.
- - - - -
7a9d7ce5 by Chris Lamb at 2022-10-06T12:09:52-07:00
data/dla-needed.txt: Claim libpgjava.
- - - - -
719ce418 by Chris Lamb at 2022-10-06T12:11:43-07:00
data/dla-needed.txt: Claim knot-resolver.
- - - - -
22cdd6b0 by Laszlo Boszormenyi (GCS) at 2022-10-06T21:35:49+02:00
Add CVE-2022-3171/protobuf
- - - - -
3f5468e9 by Salvatore Bonaccorso at 2022-10-06T21:57:52+02:00
Track upstream commits for dbus issues CVE-2022-4201{0,1,2}
- - - - -
c178c86a by Salvatore Bonaccorso at 2022-10-06T21:59:17+02:00
Adjust version for protobuf version in experimental for CVE-2022-3171
There is not version 3.21.7 upstream but upstream version 3.21.7 fixes
the CVE-2022-3171. 3.21.7-1 landed accordingly in experimental.
Link: https://tracker.debian.org/news/1370218/accepted-protobuf-3217-1-source-into-experimental/
Fixes: 22cdd6b06d59 ("Add CVE-2022-3171/protobuf")
- - - - -
0275d7b2 by security tracker role at 2022-10-06T20:10:23+00:00
automatic update
- - - - -
3c8184c6 by Anton Gladky at 2022-10-06T22:28:36+02:00
LTS: triage gajim
- - - - -
c5768503 by Anton Gladky at 2022-10-06T22:28:38+02:00
Ignore all pluxml issues in buster
- - - - -
3ba8c53e by Anton Gladky at 2022-10-06T22:30:34+02:00
LTS: triage joblib
- - - - -
fe280448 by Anton Gladky at 2022-10-06T22:38:49+02:00
LTS: triage modsecurity-crs
- - - - -
0ce52c58 by Salvatore Bonaccorso at 2022-10-06T22:49:20+02:00
Revert "Ignore all pluxml issues in buster"
This reverts commit c5768503adc6f0129b960b73b20616b22bd16585.
The format should be with a note in ()-brackets and sorting top down per
suite.
- - - - -
e832020f by Salvatore Bonaccorso at 2022-10-06T22:52:35+02:00
Process some NFUs
- - - - -
e4a73dbf by Salvatore Bonaccorso at 2022-10-06T23:00:49+02:00
Process some NFUs
- - - - -
641bcacc by Salvatore Bonaccorso at 2022-10-06T23:06:16+02:00
Process some NFUs
- - - - -
b32d6795 by Salvatore Bonaccorso at 2022-10-06T23:08:05+02:00
Process three new rdiffweb issues, itp'ed
- - - - -
9a397624 by Salvatore Bonaccorso at 2022-10-06T23:08:47+02:00
Add CVE-2022-39988/centreon-web, itp'ed
- - - - -
2d64d643 by Salvatore Bonaccorso at 2022-10-07T06:38:10+02:00
Process NFUs
- - - - -
ad1a1edf by Salvatore Bonaccorso at 2022-10-07T08:41:20+02:00
Process some NFUs
- - - - -
1a0056d0 by Salvatore Bonaccorso at 2022-10-07T08:47:14+02:00
Add CVE-2022-31008/rabbitmq-server
- - - - -
fdac35fc by Salvatore Bonaccorso at 2022-10-07T09:03:53+02:00
Add CVE-2022-3276/puppet-module-puppetlabs-mysql
- - - - -
95dfc58a by Salvatore Bonaccorso at 2022-10-07T09:20:17+02:00
Add CVE-2022-32166/openvswitch
- - - - -
12ee2b42 by Helmut Grohne at 2022-10-07T09:29:56+02:00
data/dla-needed.txt: Claim glib.
- - - - -
78898522 by Salvatore Bonaccorso at 2022-10-07T09:59:10+02:00
Add CVE-2022-21222/node-css-what
- - - - -
9dc26baf by security tracker role at 2022-10-07T08:10:26+00:00
automatic update
- - - - -
26fa1937 by Salvatore Bonaccorso at 2022-10-07T10:19:40+02:00
Process some NFUs
- - - - -
43d2cf9e by Salvatore Bonaccorso at 2022-10-07T10:22:31+02:00
Add CVE-2022-39284/codeigniter
- - - - -
f6b0cf1f by Salvatore Bonaccorso at 2022-10-07T10:27:48+02:00
Add CVE-2021-3782/wayland
- - - - -
ddcd2597 by Moritz Muehlenhoff at 2022-10-07T14:39:19+02:00
linux n/a
- - - - -
1dfe2d27 by Salvatore Bonaccorso at 2022-10-07T14:57:10+02:00
Sync status for CVE-2022-20409 with kernel-sec tracking
- - - - -
b8d5b68e by Salvatore Bonaccorso at 2022-10-07T17:28:40+02:00
Track fixed version for CVE-2022-292{8,9}/isc-dhcp via unstable
- - - - -
72d0c7ad by Chris Lamb at 2022-10-07T10:20:40-07:00
Reserve DLA-3139-1 for knot-resolver
- - - - -
f4381446 by Chris Lamb at 2022-10-07T10:48:41-07:00
Reserve DLA-3140-1 for libpgjava
- - - - -
28563bd5 by Helmut Grohne at 2022-10-07T21:04:18+02:00
ignore CVE-2020-1751 in glibc as LTS does not support powerpc
Please don't scream at me for updating stretch and jessie in the main
tracker. If I were to leave these untouched here and change them in the
elts tracker, in the best case, it would ignore the updates and keep
displaying no-dsa. In the worst case, it would reject the data failing
some uniqueness check. Been there on Tuesday...
- - - - -
2aea3214 by security tracker role at 2022-10-07T20:10:22+00:00
automatic update
- - - - -
7a49f162 by Salvatore Bonaccorso at 2022-10-07T22:16:31+02:00
Process some NFUs
- - - - -
ad0a77a3 by Salvatore Bonaccorso at 2022-10-07T22:32:24+02:00
Process some NFUs
- - - - -
d340057e by Salvatore Bonaccorso at 2022-10-07T22:48:14+02:00
Add CVE-2022-39237/golang-github-sylabs-sif
Explicitly tracking as well singularity-container as it uses AFAIC the
vendored copy and is unfixed as well.
- - - - -
d2441fe1 by Anton Gladky at 2022-10-07T23:24:47+02:00
Ignore all pluxml issues in buster. Second try
- - - - -
80bae9b5 by Salvatore Bonaccorso at 2022-10-08T10:03:31+02:00
Add CVE-2022-3424/linux
- - - - -
4b2518e4 by security tracker role at 2022-10-08T08:10:13+00:00
automatic update
- - - - -
ac8b222c by Salvatore Bonaccorso at 2022-10-08T10:46:48+02:00
Add CVE-2021-41569/libiberty
- - - - -
7710fc49 by Salvatore Bonaccorso at 2022-10-08T10:46:50+02:00
Add tracking for binutils in CVE-2021-3826
- - - - -
0bdac785 by Emilio Pozuelo Monfort at 2022-10-08T11:11:54+02:00
lts: take dbus
- - - - -
e895dfca by Salvatore Bonaccorso at 2022-10-08T16:17:23+02:00
Track fixed version for CVE-2022-1615/samba via unstable
- - - - -
f4576e1c by Sylvain Beucler at 2022-10-08T18:55:30+02:00
dla: claim ruby-nokogiri
- - - - -
9df7b62f by Sylvain Beucler at 2022-10-08T19:56:28+02:00
CVE-2019-5477/ruby-nokogiri: reference patch
- - - - -
4e7b668f by Salvatore Bonaccorso at 2022-10-08T21:32:05+02:00
Add CVE-2022-3435/linux
- - - - -
3bf4b6ad by security tracker role at 2022-10-08T20:10:22+00:00
automatic update
- - - - -
5242e61e by Salvatore Bonaccorso at 2022-10-09T09:00:16+02:00
Process one NFU
- - - - -
bb126b2e by Salvatore Bonaccorso at 2022-10-09T09:37:27+02:00
Track fixed version for some golang-1.18 issues fixed via unstable
- - - - -
cd6cd447 by security tracker role at 2022-10-09T08:10:14+00:00
automatic update
- - - - -
0d2a4ddc by Salvatore Bonaccorso at 2022-10-09T11:23:37+02:00
Add fixed version via unstable for CVE-2022-21797/joblib
- - - - -
7c8dfe31 by Anton Gladky at 2022-10-09T19:55:06+02:00
LTS: Add rexical and assign to Sylvain
- - - - -
8c124745 by Salvatore Bonaccorso at 2022-10-09T21:05:26+02:00
Process one NFU
- - - - -
0731432b by Salvatore Bonaccorso at 2022-10-09T21:06:03+02:00
Add CVE-2022-3275/puppet-module-puppetlabs-apt
- - - - -
9c1ad3fa by Salvatore Bonaccorso at 2022-10-09T21:06:44+02:00
Add various CVEs for codeigniter, itp'ed
- - - - -
c4047e0f by Salvatore Bonaccorso at 2022-10-09T21:10:18+02:00
Add CVE-2021-41803/consul
- - - - -
3f5c08b7 by security tracker role at 2022-10-09T20:10:21+00:00
automatic update
- - - - -
3649a150 by Anton Gladky at 2022-10-09T22:25:35+02:00
LTS: triage ghostwriter
- - - - -
e34bdba1 by Anton Gladky at 2022-10-09T22:25:35+02:00
LTS: triage tinyproxy
- - - - -
1167fd65 by Anton Gladky at 2022-10-09T22:25:35+02:00
LTS: triage r-cran-commonmark
- - - - -
df82c36f by Anton Gladky at 2022-10-09T22:25:36+02:00
LTS: triage virglrenderer
- - - - -
d6eb36ba by Anton Gladky at 2022-10-09T22:25:36+02:00
LTS: triage mplayer
- - - - -
5bef28bb by Anton Gladky at 2022-10-09T22:25:36+02:00
LTS: triage python-scciclient
- - - - -
94674c1e by Anton Gladky at 2022-10-10T06:23:32+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
0456e591 by Salvatore Bonaccorso at 2022-10-10T07:23:50+02:00
Add CVE-2022-42703/linux
- - - - -
d60a1ff4 by Salvatore Bonaccorso at 2022-10-10T07:27:20+02:00
Add additional reference for CVE-2022-42703
- - - - -
65ef4c9a by Salvatore Bonaccorso at 2022-10-10T07:29:34+02:00
Process one NFU
- - - - -
422573d6 by Salvatore Bonaccorso at 2022-10-10T08:25:49+02:00
Update information for CVE-2022-3433 and CVE-2021-41119
- - - - -
1d02955c by Salvatore Bonaccorso at 2022-10-10T08:38:11+02:00
Update information for CVE-2022-3433/haskell-aeson
- - - - -
b3f5ee37 by Moritz Muehlenhoff at 2022-10-10T09:23:56+02:00
keystone fixed in sid
- - - - -
d81082db by Salvatore Bonaccorso at 2022-10-10T09:29:02+02:00
Re-associate source package for CVE-2022-2447 to python-keystonemiddleware
- - - - -
f01a6588 by Moritz Muehlenhoff at 2022-10-10T09:46:51+02:00
new hsqldb issue
- - - - -
e69fefd3 by Moritz Muehlenhoff at 2022-10-10T09:48:55+02:00
new libcommons-jxpath-java issue
- - - - -
3fbd471e by security tracker role at 2022-10-10T08:10:18+00:00
automatic update
- - - - -
2fc77cb4 by Moritz Muehlenhoff at 2022-10-10T10:22:58+02:00
NFUs
- - - - -
26bc14ac by Moritz Muehlenhoff at 2022-10-10T11:37:31+02:00
dompdf n/a
- - - - -
84134c5e by Moritz Muehlenhoff at 2022-10-10T12:07:53+02:00
more libcommons-jxpath-java issues
- - - - -
9df40ceb by Markus Koschany at 2022-10-10T15:17:01+02:00
wordpress,6.0.2,5.0.17: Link to upstream fix
This changeset addresses at least one security issue mentioned in upstream's
security advisory. Not sure if upstream will request more CVE or if the
temporary CVE covers all three security vulnerabilities.
- - - - -
c633bbc5 by Markus Koschany at 2022-10-10T15:21:03+02:00
CVE-2019-17670,wordpress: remove no-dsa tag for upcoming release
- - - - -
24bdaa92 by Markus Koschany at 2022-10-10T15:22:08+02:00
Reserve DLA-3141-1 for wordpress
- - - - -
a5b0477c by Markus Koschany at 2022-10-10T15:22:49+02:00
Mark temporary wordpress CVE postponed. Probably fixed by 5.0.17
Let's wait for more details and mark it as fixed later.
- - - - -
725f0300 by Moritz Muehlenhoff at 2022-10-10T16:11:05+02:00
new zoneminder issues
NFUs
- - - - -
0da5926e by Emilio Pozuelo Monfort at 2022-10-10T16:46:23+02:00
Reserve DLA-3142-1 for dbus
- - - - -
29baac09 by Chris Lamb at 2022-10-10T09:22:20-07:00
Reserve DLA-3143-1 for strongswan
- - - - -
09e390e6 by Emilio Pozuelo Monfort at 2022-10-10T19:34:48+02:00
Reserve DLA-3144-1 for connman
- - - - -
91945f55 by Chris Lamb at 2022-10-10T12:15:30-07:00
Triage CVE-2021-3826 in libiberty for buster LTS.
- - - - -
4a3d07b9 by Chris Lamb at 2022-10-10T12:16:00-07:00
Triage CVE-2022-3277 in neutron for buster LTS.
- - - - -
c061a278 by Chris Lamb at 2022-10-10T12:16:35-07:00
Triage CVE-2021-37819 in pdftk-java for buster LTS.
- - - - -
190ecc94 by Chris Lamb at 2022-10-10T12:18:48-07:00
Triage CVE-2022-31033 in ruby-mechanize for buster LTS.
- - - - -
db03dbd3 by Chris Lamb at 2022-10-10T12:22:08-07:00
data/dla-needed.txt: Triage isc-dhcp for buster LTS (CVE-2022-2928 & CVE-2022-2929)
- - - - -
6954c2c4 by Chris Lamb at 2022-10-10T12:25:30-07:00
data/dla-needed.txt: Triage twig for buster LTS (CVE-2022-39261)
- - - - -
26e31b17 by Chris Lamb at 2022-10-10T12:25:35-07:00
data/dla-needed.txt: Claim twig.
- - - - -
7f2f27bd by security tracker role at 2022-10-10T20:10:27+00:00
automatic update
- - - - -
03d2fdf3 by Salvatore Bonaccorso at 2022-10-10T22:11:28+02:00
Add CVE-2022-3438/rdiffweb
- - - - -
4ff746be by Salvatore Bonaccorso at 2022-10-10T22:20:40+02:00
Process three NFUs
- - - - -
36d4dc59 by Salvatore Bonaccorso at 2022-10-10T22:36:53+02:00
Add Debian bug reference for zoneminder issues, #1021565
- - - - -
4edee137 by Salvatore Bonaccorso at 2022-10-10T22:50:38+02:00
Add CVE-2022-39244/pjproject
- - - - -
e543e55b by Salvatore Bonaccorso at 2022-10-10T22:53:16+02:00
Add CVE-2022-39269/pjproject
- - - - -
3bbd9a8b by Markus Koschany at 2022-10-10T23:31:15+02:00
git: remove no-dsa tags for upcoming security update
- - - - -
91bc9baf by Utkarsh Gupta at 2022-10-11T03:38:20+05:30
Take isc-dhcp and joblib
- - - - -
6e0b134b by Markus Koschany at 2022-10-11T00:10:43+02:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
45d963fa by Markus Koschany at 2022-10-11T00:11:12+02:00
Reserve DLA-3145-1 for git
- - - - -
1c059b48 by Utkarsh Gupta at 2022-10-11T05:12:23+05:30
Reserve DLA-3146-1 for isc-dhcp
- - - - -
5a2db7a9 by Salvatore Bonaccorso at 2022-10-11T09:33:53+02:00
Track fixed version for CVE-2022-21222/node-css-what via unstable
Note that the claim that it is fixed in 2.1.3 is not true and the ReDoS
issue only got fixed for the problematic regexp
(#?(?:\\.|[\w\u00b0-\uFFFF\-])*)
with the rewrite of the module.
- - - - -
75777c21 by security tracker role at 2022-10-11T08:10:17+00:00
automatic update
- - - - -
13175522 by Moritz Muehlenhoff at 2022-10-11T11:21:55+02:00
NFUs
- - - - -
7142cf64 by Moritz Muehlenhoff at 2022-10-11T13:07:43+02:00
mark python-matrix-nio as ignored for bullseye
- - - - -
3d423a1c by Moritz Muehlenhoff at 2022-10-11T13:21:13+02:00
NFUs
- - - - -
a1642d76 by Moritz Muehlenhoff at 2022-10-11T15:01:55+02:00
new xen issues
- - - - -
8f8dff8b by Moritz Muehlenhoff at 2022-10-11T15:29:17+02:00
new node-xmldom issue
- - - - -
7d1bb72a by Moritz Muehlenhoff at 2022-10-11T15:51:38+02:00
new poppler issue
two xpdf n/a
- - - - -
729a137c by Moritz Muehlenhoff at 2022-10-11T16:17:42+02:00
new erlang issue
- - - - -
8afeff15 by Moritz Muehlenhoff at 2022-10-11T16:48:33+02:00
new openssl issue
- - - - -
52f46448 by Chris Lamb at 2022-10-11T08:08:14-07:00
Reserve DLA-3147-1 for twig
- - - - -
68fe923c by Moritz Muehlenhoff at 2022-10-11T17:29:24+02:00
NFUs
- - - - -
f6c3b65d by Chris Lamb at 2022-10-11T08:30:04-07:00
Triage CVE-2022-41323 in python-django for buster LTS.
- - - - -
3dae0fad by Emilio Pozuelo Monfort at 2022-10-11T20:27:49+02:00
Reference additional commit for CVE-2022-39176/bluez
- - - - -
30a504e0 by Markus Koschany at 2022-10-11T20:34:27+02:00
CVE-2022-41765,mediawiki: Link to fixing commit
- - - - -
705cac49 by Markus Koschany at 2022-10-11T20:40:35+02:00
CVE-2022-41767,mediawiki: Link to fixing commit
- - - - -
bc70e37d by security tracker role at 2022-10-11T20:10:26+00:00
automatic update
- - - - -
8ddd9937 by Salvatore Bonaccorso at 2022-10-11T22:11:39+02:00
Process NFUs
- - - - -
e4d707d9 by Salvatore Bonaccorso at 2022-10-11T22:13:02+02:00
Mark CVE-2022-24697 as NFU
- - - - -
f598a353 by Salvatore Bonaccorso at 2022-10-11T22:26:34+02:00
Move tracking for CVE-2022-33749 to src:xen-api
Link: https://github.com/xapi-project/xen-api
- - - - -
0ed05ebc by Salvatore Bonaccorso at 2022-10-11T22:35:07+02:00
Add fixing commit references for node-xmldom issue
- - - - -
4d7eafe8 by Salvatore Bonaccorso at 2022-10-11T22:51:02+02:00
Track fixed version via unstable for erlang issue
This follows from the upstream announce on the fixed verison for the
24.x branch. We still need to isolate the fixes to potentially backport
to older versions if needed.
- - - - -
639e02ab by Salvatore Bonaccorso at 2022-10-11T22:52:12+02:00
Add Debian bug reference for CVE-2022-37616/node-xmldom
- - - - -
8c12148c by Moritz Muehlenhoff at 2022-10-11T22:58:55+02:00
new libreoffice issue
- - - - -
ff8fccb1 by Moritz Muehlenhoff at 2022-10-11T22:59:22+02:00
reported xpdf/CVE-2022-24106 to poppler upstream
- - - - -
a7f3932d by Salvatore Bonaccorso at 2022-10-11T23:05:36+02:00
Process several NFUs
- - - - -
7f43eed3 by Salvatore Bonaccorso at 2022-10-11T23:09:32+02:00
Add Debian bug reference for CVE-2022-3358/openssl
- - - - -
ca52d85e by Markus Koschany at 2022-10-12T00:16:50+02:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
a5605dba by Markus Koschany at 2022-10-12T00:17:31+02:00
Reserve DLA-3148-1 for mediawiki
- - - - -
c8178658 by security tracker role at 2022-10-12T08:10:13+00:00
automatic update
- - - - -
fe93e3e2 by Moritz Muehlenhoff at 2022-10-12T12:02:46+02:00
NFUs
- - - - -
999ec605 by Moritz Muehlenhoff at 2022-10-12T12:22:05+02:00
new libosip2 issue
- - - - -
b2177663 by Moritz Muehlenhoff at 2022-10-12T12:59:10+02:00
new nomad issue
- - - - -
c4ce3cee by Moritz Muehlenhoff at 2022-10-12T13:05:24+02:00
"new" ini4j issue
- - - - -
e3d9e484 by Moritz Muehlenhoff at 2022-10-12T14:07:11+02:00
bullseye triage
- - - - -
6db8a9d9 by Moritz Muehlenhoff at 2022-10-12T14:42:49+02:00
node-xmldom fixed in sid
- - - - -
ad6f9e69 by Moritz Muehlenhoff at 2022-10-12T14:56:41+02:00
NFUs
- - - - -
79d4bf5d by Moritz Muehlenhoff at 2022-10-12T15:00:21+02:00
nuget n/a
- - - - -
a4b235a9 by Sylvain Beucler at 2022-10-12T16:17:12+02:00
Reserve DLA-3149-1 for ruby-nokogiri
- - - - -
9cfd8525 by Sylvain Beucler at 2022-10-12T16:18:19+02:00
Reserve DLA-3150-1 for rexical
- - - - -
dbdec2aa by Moritz Mühlenhoff at 2022-10-12T17:07:36+02:00
node-xmldom spu
- - - - -
49a9e406 by Salvatore Bonaccorso at 2022-10-12T17:26:42+02:00
Add CVE-2022-34667/nvidia-cuda-toolkit
- - - - -
da0c6de7 by Salvatore Bonaccorso at 2022-10-12T17:28:37+02:00
Process some NFUs
- - - - -
de62c13f by Moritz Muehlenhoff at 2022-10-12T17:32:07+02:00
erlang no-dsa
- - - - -
4409fd62 by Chris Lamb at 2022-10-12T08:33:35-07:00
data/dla-needed.txt: Triage libreoffice for buster LTS (CVE-2022-3140)
- - - - -
2c81c872 by Chris Lamb at 2022-10-12T08:33:55-07:00
Triage CVE-2022-41550 in libosip2 for buster LTS.
- - - - -
efe16ad3 by Chris Lamb at 2022-10-12T08:34:56-07:00
Triage CVE-2022-37616 in node-xmldom for buster LTS.
- - - - -
0a777192 by Chris Lamb at 2022-10-12T08:35:14-07:00
Triage CVE-2021-3782 in wayland for buster LTS.
- - - - -
99384111 by Chris Lamb at 2022-10-12T08:37:32-07:00
data/dla-needed.txt: Triage ini4j for buster LTS (CVE-2022-41404)
- - - - -
206b35c7 by Salvatore Bonaccorso at 2022-10-12T18:21:48+02:00
Add Debian bug reference for CVE-2022-41550
- - - - -
820bbde1 by Salvatore Bonaccorso at 2022-10-12T18:25:11+02:00
Add CVE-2022-40664/shiro
- - - - -
368a4f7e by Salvatore Bonaccorso at 2022-10-12T18:34:22+02:00
Process several NFUs
- - - - -
0d2bd3b6 by Moritz Mühlenhoff at 2022-10-12T19:31:12+02:00
libreoffice DSA
- - - - -
8b4168a5 by Moritz Muehlenhoff at 2022-10-12T20:07:29+02:00
bugnums
- - - - -
f2df475c by Abhijith PA at 2022-10-13T00:58:08+05:30
Reserve DLA-3151-1 for squid
- - - - -
7b158703 by Abhijith PA at 2022-10-13T01:26:51+05:30
data/ela-needed.txt: claim tinyproxy
- - - - -
0495cd19 by security tracker role at 2022-10-12T20:10:20+00:00
automatic update
- - - - -
3251aeb7 by Salvatore Bonaccorso at 2022-10-12T22:13:39+02:00
Process some NFUs
- - - - -
6b52082a by Salvatore Bonaccorso at 2022-10-12T22:22:26+02:00
Track fixed version for CVE-2022-39237/singularity-container
- - - - -
cfd28396 by Salvatore Bonaccorso at 2022-10-12T22:31:59+02:00
Process NFUs
- - - - -
3038646b by Salvatore Bonaccorso at 2022-10-12T22:32:35+02:00
Add CVE-2022-40871/dolibarr
- - - - -
c6f5403e by Salvatore Bonaccorso at 2022-10-12T23:16:52+02:00
Add new chromium issues
Link: https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html
- - - - -
fd362c4c by Salvatore Bonaccorso at 2022-10-12T23:18:03+02:00
Add chromium to dsa-needed list
- - - - -
84cbb55f by Salvatore Bonaccorso at 2022-10-13T09:48:29+02:00
Add CVE-2022-42906/powerline-gitstatus
- - - - -
123fdc15 by security tracker role at 2022-10-13T08:10:15+00:00
automatic update
- - - - -
bec77709 by Abhijith PA at 2022-10-13T13:50:26+05:30
Unless there is modified error pages which contain special
non-standard variables. This is not an issue. tinyproxy mostly
run locally or in trusted small network than a full-fledged
proxy server.
Mark CVE-2022-40468 as postponed
- - - - -
a4d55272 by Abhijith PA at 2022-10-13T13:56:03+05:30
Remove tinyproxy [bec7770]
Claim gajim
- - - - -
612b8fc7 by Moritz Muehlenhoff at 2022-10-13T12:49:57+02:00
new lava issue
- - - - -
b7f5ba5d by Moritz Muehlenhoff at 2022-10-13T12:57:56+02:00
new freerdp issues (fixed in sid)
- - - - -
f07e5e09 by Moritz Muehlenhoff at 2022-10-13T13:02:14+02:00
chromium fixed in sid
- - - - -
1c3e2197 by Moritz Muehlenhoff at 2022-10-13T13:38:49+02:00
NFUs
- - - - -
bc720e5e by Chris Lamb at 2022-10-13T09:04:08-07:00
Triage CVE-2022-37026 in erlang for buster LTS.
- - - - -
e42bbb09 by Chris Lamb at 2022-10-13T09:04:41-07:00
Triage CVE-2022-39282 & CVE-2022-39283 in freerdp2 for buster LTS.
- - - - -
46d220ae by Emilio Pozuelo Monfort at 2022-10-13T20:50:09+02:00
Fix starlabs advisory URLs
- - - - -
6ab110a6 by Moritz Mühlenhoff at 2022-10-13T21:01:11+02:00
chromium DSA
- - - - -
6cebc00a by Moritz Muehlenhoff at 2022-10-13T21:22:40+02:00
bugnums
- - - - -
ea253cda by Markus Koschany at 2022-10-13T21:45:15+02:00
Update NOTE for CVE-2022-34169,libxalan2-java.
- - - - -
2f09da58 by security tracker role at 2022-10-13T20:10:21+00:00
automatic update
- - - - -
1cc05a83 by Salvatore Bonaccorso at 2022-10-13T22:40:57+02:00
Track new Linux WLAN security issues
- - - - -
789fbba8 by Salvatore Bonaccorso at 2022-10-13T22:45:05+02:00
Process some NFUs
- - - - -
0bf9d08a by Salvatore Bonaccorso at 2022-10-13T23:12:32+02:00
Process two NFUs
- - - - -
995a0c96 by Salvatore Bonaccorso at 2022-10-13T23:14:40+02:00
Update status for CVE-2022-41674 and CVE-2022-427{19,20,21,22}
- - - - -
b6c291d1 by Salvatore Bonaccorso at 2022-10-13T23:20:40+02:00
Process some NFUs
- - - - -
5fae59f1 by Salvatore Bonaccorso at 2022-10-13T23:21:22+02:00
Add two new SWFTools issues
- - - - -
74acdff5 by Salvatore Bonaccorso at 2022-10-13T23:32:53+02:00
Track fixed version for CVE-2022-1325/cimg via unstable
- - - - -
e597bf16 by security tracker role at 2022-10-14T08:10:12+00:00
automatic update
- - - - -
9804a0ff by Moritz Muehlenhoff at 2022-10-14T11:07:55+02:00
NFUs
- - - - -
fed16615 by Moritz Muehlenhoff at 2022-10-14T11:23:25+02:00
new golang-golang-x-text issue
NFU
- - - - -
6a29d976 by Moritz Muehlenhoff at 2022-10-14T11:24:25+02:00
new NSS issue
- - - - -
58b7c16a by Moritz Muehlenhoff at 2022-10-14T11:50:20+02:00
add new libxstream-java issues as <undetermined>, not much clarity yet
- - - - -
53a03763 by Moritz Muehlenhoff at 2022-10-14T12:28:48+02:00
NFUs
- - - - -
5ad93a88 by Emilio Pozuelo Monfort at 2022-10-14T13:10:30+02:00
CVE-2022-2962/qemu: add fixing commit
- - - - -
91444920 by Emilio Pozuelo Monfort at 2022-10-14T13:16:10+02:00
CVE-2022-2962/qemu n/a on buster
- - - - -
f30568fc by Moritz Muehlenhoff at 2022-10-14T15:57:49+02:00
new commons-text issue
- - - - -
df892199 by Moritz Muehlenhoff at 2022-10-14T20:50:56+02:00
bugnums
additional reference for latest lnux/wifi issues
- - - - -
99dfb1f5 by security tracker role at 2022-10-14T20:10:27+00:00
automatic update
- - - - -
c403105b by Aron Xu at 2022-10-15T14:10:45+08:00
dsa-needed: de-claim gerbv
- - - - -
77c2bcaf by security tracker role at 2022-10-15T08:10:11+00:00
automatic update
- - - - -
78e8283b by Salvatore Bonaccorso at 2022-10-15T10:12:50+02:00
Track fixed version for powerline-gitstatus via unstable
- - - - -
433ab96a by Salvatore Bonaccorso at 2022-10-15T10:18:26+02:00
Remove dots from notes to "unbreak" hyperlinks in webfrontend
- - - - -
e93d8e78 by Salvatore Bonaccorso at 2022-10-15T10:22:41+02:00
Add upstream tag information for CVE-2022-32149
- - - - -
4a0c8913 by Salvatore Bonaccorso at 2022-10-15T12:13:24+02:00
Use full commit ID for CVE-2022-2962
- - - - -
51fcfe2e by Moritz Muehlenhoff at 2022-10-15T19:33:48+02:00
NFUs
- - - - -
63ef9d41 by Moritz Muehlenhoff at 2022-10-15T19:34:19+02:00
golang-golang-x-text fixed in sid
- - - - -
cf2952c6 by Moritz Muehlenhoff at 2022-10-15T19:34:56+02:00
docker fixed in sid
- - - - -
140bbd6f by Moritz Muehlenhoff at 2022-10-15T19:35:53+02:00
wolfssl fixed in sid
- - - - -
9f90001b by Moritz Muehlenhoff at 2022-10-15T19:47:37+02:00
NFUs
more harmless otfcc issues (not built)
- - - - -
f3dd038b by security tracker role at 2022-10-15T20:10:23+00:00
automatic update
- - - - -
f6254d17 by Moritz Muehlenhoff at 2022-10-15T22:37:41+02:00
python-django DSA
- - - - -
9d7809eb by Moritz Muehlenhoff at 2022-10-15T23:22:47+02:00
add exploit reference
- - - - -
abd9a987 by Adrian Bunk at 2022-10-16T05:13:48+03:00
Update CVE-2022-24795 information
- - - - -
5fd46de1 by security tracker role at 2022-10-16T08:10:11+00:00
automatic update
- - - - -
5a85ed64 by Salvatore Bonaccorso at 2022-10-16T11:54:13+02:00
Track fixed version for CVE-2022-42889/commons-text via unstable
- - - - -
9cd1d635 by Salvatore Bonaccorso at 2022-10-16T12:00:14+02:00
Add new issue in gitea
- - - - -
4687474d by Salvatore Bonaccorso at 2022-10-16T12:00:51+02:00
Process two new NFUs
- - - - -
58279b73 by Salvatore Bonaccorso at 2022-10-16T12:21:15+02:00
Mark CVE-2022-24106 as unimportant
- - - - -
88ee82f7 by Salvatore Bonaccorso at 2022-10-16T18:18:03+02:00
Track CVE fixes for libde2565 via unstable
- - - - -
f0d7d9e7 by Salvatore Bonaccorso at 2022-10-16T18:33:53+02:00
Add CVE-2022-352{1,2,3,4}/linux
- - - - -
ac80404a by Salvatore Bonaccorso at 2022-10-16T18:40:33+02:00
Track linux fixes via unstable upload
- - - - -
0cd4968b by Anton Gladky at 2022-10-16T21:28:10+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
6647e5bf by Anton Gladky at 2022-10-16T21:43:45+02:00
LTS: claim imagemagick in dla-needed.txt
- - - - -
e795a393 by security tracker role at 2022-10-16T20:10:23+00:00
automatic update
- - - - -
b705f7af by Salvatore Bonaccorso at 2022-10-16T22:17:38+02:00
Add CVE-2022-3526/linux
- - - - -
f6d2cdf8 by Salvatore Bonaccorso at 2022-10-16T22:28:16+02:00
Add CVE-2022-3527/iproute2
- - - - -
eca988ed by Salvatore Bonaccorso at 2022-10-16T22:31:13+02:00
Add CVE-2022-3528/iproute2
- - - - -
eed14a28 by Moritz Mühlenhoff at 2022-10-16T22:32:50+02:00
python-dnslib spu
- - - - -
36583e00 by Salvatore Bonaccorso at 2022-10-16T22:34:56+02:00
Add CVE-2022-3529/iproute2
- - - - -
4e9ea7f7 by Salvatore Bonaccorso at 2022-10-16T22:34:57+02:00
Add CVE-2022-3530/iproute2
- - - - -
fc052938 by security tracker role at 2022-10-17T08:10:12+00:00
automatic update
- - - - -
7e2cfc0f by Helmut Grohne at 2022-10-17T12:22:40+02:00
drop glibc annotations relevant to ELTS
I talked this through with Emilio: We cannot presently override these in
the ELTS tracker (due to failing uniqueness constraints). Changing them
here is not appropriate. Thus delete them here and add them in the ELTs
tracker.
- - - - -
24ec254d by Helmut Grohne at 2022-10-17T17:39:19+02:00
Reserve DLA-3152-1 for glibc
- - - - -
04405b4a by Salvatore Bonaccorso at 2022-10-17T20:32:43+02:00
Add libksba to dsa-needed list
- - - - -
cd39d4d5 by Salvatore Bonaccorso at 2022-10-17T20:34:26+02:00
Add CVE-2022-3515/libksba
- - - - -
8d98b79e by Salvatore Bonaccorso at 2022-10-17T21:08:16+02:00
Add upstream tag information for CVE-2022-41032/nuget
- - - - -
54bd2a11 by Salvatore Bonaccorso at 2022-10-17T22:07:52+02:00
Reserve DSA number for libksba update
- - - - -
0327667c by security tracker role at 2022-10-17T20:10:21+00:00
automatic update
- - - - -
99182332 by Salvatore Bonaccorso at 2022-10-17T22:21:25+02:00
Process some NFUs
- - - - -
1bf84ac9 by Markus Koschany at 2022-10-17T22:23:03+02:00
Claim libksba in dla-needed.txt
Urgent release. Previously discussed with sec-team and maintainer.
- - - - -
27a1b35e by Salvatore Bonaccorso at 2022-10-17T22:25:20+02:00
Add CVE-2022-3567/linux
- - - - -
7ebe09fe by Salvatore Bonaccorso at 2022-10-17T22:27:58+02:00
Add VE-2022-3566/linux
- - - - -
d058f6fb by Salvatore Bonaccorso at 2022-10-17T22:30:46+02:00
Add CVE-2022-3565/linux
- - - - -
2d41ee72 by Salvatore Bonaccorso at 2022-10-17T22:35:35+02:00
Add CVE-2022-3564/linux
- - - - -
56d5f4d0 by Salvatore Bonaccorso at 2022-10-17T22:39:04+02:00
Add CVE-2022-3563/bluez
- - - - -
387de45e by Salvatore Bonaccorso at 2022-10-17T22:49:26+02:00
Add CVE-2022-3559/exim4
- - - - -
de04b3e6 by Salvatore Bonaccorso at 2022-10-17T23:02:27+02:00
Add CVE-2022-355{4,5}/libx11
- - - - -
1c1c12ef by Salvatore Bonaccorso at 2022-10-17T23:13:01+02:00
Add CVE-2022-3553/xorg-server
- - - - -
74d4a34d by Markus Koschany at 2022-10-17T23:19:05+02:00
Reserve DLA-3153-1 for libksba
- - - - -
f207f63e by Salvatore Bonaccorso at 2022-10-17T23:24:49+02:00
Add CVE-2022-3552 as NFU
- - - - -
e2d2c7f5 by Salvatore Bonaccorso at 2022-10-17T23:24:49+02:00
Add CVE-2022-355{0,1}/xorg-server
- - - - -
efe15585 by Salvatore Bonaccorso at 2022-10-17T23:26:12+02:00
Process some more NFUs
- - - - -
816fcfd8 by Salvatore Bonaccorso at 2022-10-17T23:31:30+02:00
Add CVE-2022-3531/linux
- - - - -
a704e724 by Salvatore Bonaccorso at 2022-10-17T23:36:15+02:00
Add CVE-2022-3535/linux
- - - - -
d11488c5 by Salvatore Bonaccorso at 2022-10-17T23:36:38+02:00
Add CVE-2022-3532/linux
- - - - -
d56040d0 by Salvatore Bonaccorso at 2022-10-17T23:42:10+02:00
Add CVE-2022-3543/linux
- - - - -
2ed78b04 by Salvatore Bonaccorso at 2022-10-17T23:51:57+02:00
Track fixed version for CVE-2022-2625 via bullseye point release
- - - - -
1a22b2dd by Markus Koschany at 2022-10-18T01:19:36+02:00
CVE-2022-34169,bcel: fixed in unstable
Mark CVE-2022-34169 fixed in version 6.5.0-2 in bcel
- - - - -
f1bc902c by Salvatore Bonaccorso at 2022-10-18T06:51:36+02:00
Sync fixed version for sid for CVE-2022-2663 with kernel-sec
- - - - -
c23d06fe by Salvatore Bonaccorso at 2022-10-18T07:05:32+02:00
Add CVE-2022-2963/jasper
- - - - -
0c0877a1 by Salvatore Bonaccorso at 2022-10-18T07:06:38+02:00
Add CVE-2022-3466/cri-o
- - - - -
1a38ae98 by Emilio Pozuelo Monfort at 2022-10-18T09:01:59+02:00
Triage CVE-2022-2963/jasper as unimportant
A memory leak just before calling exit() has no security
impact.
- - - - -
3378fd9d by security tracker role at 2022-10-18T08:10:15+00:00
automatic update
- - - - -
e46a4493 by Emilio Pozuelo Monfort at 2022-10-18T10:26:29+02:00
lts: add node-xmldom
- - - - -
13ddb1fd by Emilio Pozuelo Monfort at 2022-10-18T10:29:05+02:00
Mark CVE-2022-34667/nvidia-cuda-toolkit as no-dsa on buster
- - - - -
d945e62f by Salvatore Bonaccorso at 2022-10-18T14:34:56+02:00
Process one NFU
- - - - -
67279254 by Emilio Pozuelo Monfort at 2022-10-18T16:59:36+02:00
Reserve DLA-3154-1 for node-xmldom
- - - - -
06a682df by Sylvain Beucler at 2022-10-18T17:23:09+02:00
dla: claim bluez
- - - - -
9e7d6efb by Salvatore Bonaccorso at 2022-10-18T17:24:00+02:00
Track fixed version for CVE-2022-1328/neomutt via unstable
- - - - -
33ca8193 by Salvatore Bonaccorso at 2022-10-18T17:25:13+02:00
Track fixed version for CVE-2022-0367/libmodbus via unstable
- - - - -
227dc750 by Salvatore Bonaccorso at 2022-10-18T17:27:25+02:00
Mark CVE-2022-3563 as no-dsa
- - - - -
ac0b00e1 by Emilio Pozuelo Monfort at 2022-10-18T17:38:13+02:00
lts: remove CVE-2017-2625 from DLA-2006-1
The patch was included in the source package but not applied.
- - - - -
711779dc by Salvatore Bonaccorso at 2022-10-18T17:43:27+02:00
Add CVE-2022-39198 as NFU
- - - - -
a87cef43 by Chris Lamb at 2022-10-18T08:53:19-07:00
data/dla-needed.txt: Claim python-django.
- - - - -
d2dd4856 by Salvatore Bonaccorso at 2022-10-18T17:55:14+02:00
Add CVE-2022-3545/linux
- - - - -
c2b134bc by Sylvain Beucler at 2022-10-18T18:51:53+02:00
CVE-2018-10911/bluez: clarify buster triage
- - - - -
4303c8ef by Salvatore Bonaccorso at 2022-10-18T19:14:51+02:00
Add CVE-2022-2602/linux
- - - - -
0ff19462 by Salvatore Bonaccorso at 2022-10-18T19:34:20+02:00
Add oss-security reference for CVE-2022-2602
- - - - -
6fa79b59 by Sylvain Beucler at 2022-10-18T19:50:32+02:00
CVE-2021-3658/bluez: precise buster triage
- - - - -
f86cc00b by Markus Koschany at 2022-10-18T19:53:59+02:00
Reserve DLA-3155-1 for bcel
- - - - -
d55a9604 by Markus Koschany at 2022-10-18T20:00:48+02:00
Reserve DSA-5256-1 bcel
- - - - -
cc1637f4 by Salvatore Bonaccorso at 2022-10-18T20:44:23+02:00
Reserve DSA number for linux update
- - - - -
f375f005 by Salvatore Bonaccorso at 2022-10-18T21:11:16+02:00
Add CVE-2022-39260 and CVE-2022-39253
- - - - -
845dbc2f by Chris Lamb at 2022-10-18T12:32:41-07:00
Triage CVE-2022-28347 in python-django for buster LTS.
- - - - -
37b54c81 by Moritz Mühlenhoff at 2022-10-18T21:42:45+02:00
python-opcua removed
- - - - -
47c6ba5e by Moritz Mühlenhoff at 2022-10-18T21:43:26+02:00
additional commons-text reference
- - - - -
751d27a9 by Chris Lamb at 2022-10-18T12:47:03-07:00
Update note for python-django.
- - - - -
421f887d by security tracker role at 2022-10-18T20:10:19+00:00
automatic update
- - - - -
ce4c9248 by Salvatore Bonaccorso at 2022-10-18T22:16:12+02:00
Process two NFUs
- - - - -
f805057f by Salvatore Bonaccorso at 2022-10-18T22:20:34+02:00
Process some NFUs
- - - - -
12ef9d9e by Moritz Mühlenhoff at 2022-10-18T22:25:32+02:00
new firefox-esr issues
- - - - -
279ddb74 by Moritz Mühlenhoff at 2022-10-18T22:28:03+02:00
new firefox issues
- - - - -
cabe63e4 by Salvatore Bonaccorso at 2022-10-18T22:34:35+02:00
Track fixed version for zoneminder issues via unstable
- - - - -
cfb7f17f by Salvatore Bonaccorso at 2022-10-18T22:36:47+02:00
Remove doubled entry for firefox-esr in CVE-2022-42927
- - - - -
58474929 by Salvatore Bonaccorso at 2022-10-18T23:18:39+02:00
Add CVE-2022-3544/linux
- - - - -
c25c4f2a by Salvatore Bonaccorso at 2022-10-18T23:24:16+02:00
Track fixed version for CVE-2022-29187/git via unstable
- - - - -
5a899ff6 by Salvatore Bonaccorso at 2022-10-18T23:31:08+02:00
Add CVE-2022-3542/linux
- - - - -
36bf8491 by Markus Koschany at 2022-10-18T23:32:03+02:00
Update status of asterisk
- - - - -
e5ca1efd by Salvatore Bonaccorso at 2022-10-19T07:36:59+02:00
Track firefox-esr issues from mfsa2022-45 fixed via unstable
- - - - -
4cfa0a2c by Salvatore Bonaccorso at 2022-10-19T07:38:24+02:00
Track fixed version for CVE-2022-42902/lava via unstable
- - - - -
fce0b862 by Salvatore Bonaccorso at 2022-10-19T07:42:49+02:00
Track fixed version for firefox issues covered in mfsa2022-44
- - - - -
ed9264ea by Salvatore Bonaccorso at 2022-10-19T08:44:31+02:00
Add CVE-2022-3541/linux
- - - - -
86a60ca1 by Salvatore Bonaccorso at 2022-10-19T08:54:07+02:00
Add CVE-2022-3517/node-minimatch
- - - - -
15d8d504 by Salvatore Bonaccorso at 2022-10-19T09:00:04+02:00
Add CVE-2022-3586/linux
- - - - -
dabd7ded by Salvatore Bonaccorso at 2022-10-19T09:23:22+02:00
Add CVE-2022-3577/linux
- - - - -
0a9a0a33 by Salvatore Bonaccorso at 2022-10-19T09:25:12+02:00
Add CVE-2022-37601 as NFU
- - - - -
dd140d90 by Salvatore Bonaccorso at 2022-10-19T09:44:33+02:00
Process some NFUs
- - - - -
43f4a1a2 by Salvatore Bonaccorso at 2022-10-19T09:47:21+02:00
Add CVE-2022-41751/jhead
- - - - -
ae55aba5 by Salvatore Bonaccorso at 2022-10-19T10:01:56+02:00
Add Debian bug reference for CVE-2022-41751/jhead
- - - - -
b679747d by security tracker role at 2022-10-19T08:10:33+00:00
automatic update
- - - - -
a36128b0 by Salvatore Bonaccorso at 2022-10-19T10:13:02+02:00
Reserve DSA number for squid update
- - - - -
abef1b21 by Salvatore Bonaccorso at 2022-10-19T10:31:54+02:00
Add CVE-2022-3595/linux
- - - - -
09dda46b by Salvatore Bonaccorso at 2022-10-19T10:37:43+02:00
Add CVE-2022-3594/linux
- - - - -
893f1cc8 by Salvatore Bonaccorso at 2022-10-19T10:41:49+02:00
Add CVE-2022-3593/iproute2
- - - - -
fdbb25ae by Emilio Pozuelo Monfort at 2022-10-19T10:55:26+02:00
lts: take firefox-esr
- - - - -
d2f0f6da by Salvatore Bonaccorso at 2022-10-19T12:48:24+02:00
Record that fixes for jhead are incomplete
- - - - -
e70f6e5c by Salvatore Bonaccorso at 2022-10-19T14:07:17+02:00
Track commits for git issues
- - - - -
e1405d50 by Salvatore Bonaccorso at 2022-10-19T14:50:39+02:00
Add CVE-2022-42969/python-py and mark it unimportant
- - - - -
cd541555 by Salvatore Bonaccorso at 2022-10-19T14:56:31+02:00
Add Debian bug reference for git issues
- - - - -
d0ad8a38 by Salvatore Bonaccorso at 2022-10-19T16:03:06+02:00
Process some NFUs
- - - - -
cdf98f52 by Salvatore Bonaccorso at 2022-10-19T16:08:40+02:00
Track new virtualbox issues from Oracle cpuoct2022
- - - - -
ccac1277 by Moritz Mühlenhoff at 2022-10-19T21:23:33+02:00
firefox-esr DSA
- - - - -
a562161f by Salvatore Bonaccorso at 2022-10-19T21:29:24+02:00
Add new mysql-8.0 issues
- - - - -
b9ef7bb0 by Salvatore Bonaccorso at 2022-10-19T21:38:33+02:00
Process some NFUs
- - - - -
f4069bea by Salvatore Bonaccorso at 2022-10-19T21:39:27+02:00
Add CVE-2022-0699/shapelib
- - - - -
bc154042 by Moritz Mühlenhoff at 2022-10-19T21:41:55+02:00
NFUs
- - - - -
10070e83 by Moritz Mühlenhoff at 2022-10-19T21:47:28+02:00
new java issues
- - - - -
3edc75fd by Moritz Mühlenhoff at 2022-10-19T21:54:40+02:00
xen postponed
- - - - -
7698e8cc by security tracker role at 2022-10-19T20:10:31+00:00
automatic update
- - - - -
bad4d713 by Moritz Mühlenhoff at 2022-10-19T22:17:46+02:00
additional commons-text reference
- - - - -
d03cc7df by Thorsten Alteholz at 2022-10-19T23:48:16+02:00
claim openvswitch
- - - - -
5e398ee0 by Emilio Pozuelo Monfort at 2022-10-20T08:47:29+02:00
Reserve DLA-3156-1 for firefox-esr
- - - - -
000f8b9f by Salvatore Bonaccorso at 2022-10-20T08:59:34+02:00
Add CVE-2021-20251/samba
- - - - -
53c17fe3 by security tracker role at 2022-10-20T08:10:16+00:00
automatic update
- - - - -
bb897c4a by Emilio Pozuelo Monfort at 2022-10-20T19:31:46+02:00
lts: take openjdk-11
- - - - -
a04e63e1 by Moritz Mühlenhoff at 2022-10-20T22:37:46+02:00
openjdk-11 fixed in sid, postponed for stable
- - - - -
402ffef6 by Salvatore Bonaccorso at 2022-10-20T22:48:53+02:00
Process NFUs
- - - - -
f9eb202b by Salvatore Bonaccorso at 2022-10-20T22:48:54+02:00
Add CVE-2022-353{3,4}/libbpf
I'm not tracking them as well for the source in src:linux on purpose
here. libbpf is externaly build and not from src:linux. Technically one
can argue this still makes it src:linux with unimportant severity in the
tracker, but ommiting to avoid cluttering the linux CVEs which are
relevant.
- - - - -
84f78b73 by Salvatore Bonaccorso at 2022-10-20T23:33:50+02:00
Process some NFUs
- - - - -
a025702b by Salvatore Bonaccorso at 2022-10-20T23:36:08+02:00
Add CVE-2021-36369/dropbear
- - - - -
06458634 by Salvatore Bonaccorso at 2022-10-21T00:15:17+02:00
Mark CVE-2021-3604 as NFU
- - - - -
f5f316a1 by Moritz Mühlenhoff at 2022-10-21T00:37:44+02:00
openjdk-17 fixed in sid, postponed for bullseye
- - - - -
d4ea407c by Moritz Mühlenhoff at 2022-10-21T00:40:53+02:00
node-minimatch spu
- - - - -
a29feaaa by Salvatore Bonaccorso at 2022-10-21T06:51:24+02:00
Correct uploaded tinyexr version uploaded via bullseye-pu
- - - - -
d272581c by Salvatore Bonaccorso at 2022-10-21T06:55:54+02:00
Add initial tracking for CVE-2022-37454
- - - - -
7b1e5180 by Salvatore Bonaccorso at 2022-10-21T07:15:53+02:00
Add CVE-2022-42467
- - - - -
eac949fd by Salvatore Bonaccorso at 2022-10-21T07:16:38+02:00
Add CVE-2022-42466 as NFU
- - - - -
a5b6a70b by Salvatore Bonaccorso at 2022-10-21T11:46:55+02:00
Process several NFUs
- - - - -
04aebe76 by Salvatore Bonaccorso at 2022-10-21T20:41:36+02:00
Drop notes from CVE-2022-20424 (confirmed duplicate)
Confirmed to be a duplicate by the assigning CNA and CVE record at
https://www.cve.org/CVERecord?id=CVE-2022-20424 has been updated (and so
will be in next automatic update). Thus drop all notes already.
- - - - -
748e1678 by Salvatore Bonaccorso at 2022-10-21T21:49:47+02:00
add CVE-2022-43406 as NFU
- - - - -
fd201511 by Salvatore Bonaccorso at 2022-10-21T22:04:00+02:00
Track fixed version for linux issues via unstable
- - - - -
8c6c3d29 by security tracker role at 2022-10-21T20:10:19+00:00
automatic update
- - - - -
8450f718 by Salvatore Bonaccorso at 2022-10-21T22:22:37+02:00
Process some NFUs
- - - - -
588547c1 by Salvatore Bonaccorso at 2022-10-21T23:03:45+02:00
Add CVE-2022-3646/linux
- - - - -
2a85991d by Salvatore Bonaccorso at 2022-10-21T23:26:27+02:00
Add CVE-2022-3642/linux
- - - - -
e8e66d02 by Salvatore Bonaccorso at 2022-10-21T23:27:12+02:00
Add some new tiff issues
Those need more inspection for severity.
- - - - -
b6bdb66b by Salvatore Bonaccorso at 2022-10-21T23:28:38+02:00
Process some NFUs
- - - - -
58c25e3f by Salvatore Bonaccorso at 2022-10-22T09:13:59+02:00
Track fixed version for CVE-2020-36471/rust-generator via unstable
- - - - -
bb07a697 by Salvatore Bonaccorso at 2022-10-22T09:42:22+02:00
Process some NFUs
- - - - -
e0091bfc by Salvatore Bonaccorso at 2022-10-22T09:49:35+02:00
Add CVE-2022-3607/octoprint
- - - - -
5f4a56f7 by Salvatore Bonaccorso at 2022-10-22T09:50:17+02:00
Process some NFUs
- - - - -
8275bc0d by security tracker role at 2022-10-22T08:10:16+00:00
automatic update
- - - - -
2b411255 by Salvatore Bonaccorso at 2022-10-22T11:30:16+02:00
Remove notes from CVE-2022-1970
- - - - -
dd06eac8 by Salvatore Bonaccorso at 2022-10-22T11:35:46+02:00
Add CVE-2022-3344/linux
- - - - -
92b8f4fd by Salvatore Bonaccorso at 2022-10-22T11:50:57+02:00
Add CVE-2022-4030{3,4}/libxml2
- - - - -
3c187418 by Salvatore Bonaccorso at 2022-10-22T12:04:03+02:00
Add Debian bug references for libxml2 issues
- - - - -
02fe58cf by Salvatore Bonaccorso at 2022-10-22T13:45:37+02:00
Track fixed version for CVE-2021-4186{7,8}/onionshare
Those two were fixed in 2.4 upstream. Note that other CVEs listed from
the #1014966 bug have "has been patched in 2.5", but this information
seems incorrect in the CVE description. All the related GHSA's do not
mention them yet as fixed. There is not much information on those to be
tracked.
- - - - -
3fab45c0 by Salvatore Bonaccorso at 2022-10-22T14:23:45+02:00
Track fixed version for CVE-2020-16156/perl
- - - - -
cf8bf435 by Salvatore Bonaccorso at 2022-10-22T14:40:42+02:00
Reference additional commit for CVE-2022-41751
- - - - -
a75da6b9 by Salvatore Bonaccorso at 2022-10-22T17:37:06+02:00
Add CVE-2022-3649/linux
- - - - -
c6a44cb6 by Salvatore Bonaccorso at 2022-10-22T17:41:18+02:00
Add CVE-2022-3647/redis
Rationale to make this unimportant: At the point at which crash for the
CVE is reached, redis did already crash due to calling an invalid
function pointer. The CVE is for the crash inside the crash report when
the backtrace function will try to defereference this invalid pointer.
So the consequence will be that the crash inside the crash report will
kill the processes without having all the crash report information.
- - - - -
43393639 by Salvatore Bonaccorso at 2022-10-22T17:49:20+02:00
Add CVE-2022-3640/linux
- - - - -
cd62ac22 by Sylvain Beucler at 2022-10-22T18:17:20+02:00
CVE-2022-3563/bluez: buster not-affected
- - - - -
88603f8c by Salvatore Bonaccorso at 2022-10-22T21:16:32+02:00
Add CVE-2022-3639/gitlab
- - - - -
423e517a by Salvatore Bonaccorso at 2022-10-22T21:16:34+02:00
Add CVE-2022-3638/nginx
- - - - -
1839a54f by Salvatore Bonaccorso at 2022-10-22T21:16:35+02:00
Add CVE-2022-3637/bluez
- - - - -
7d7c8e9e by Salvatore Bonaccorso at 2022-10-22T21:16:37+02:00
Add CVE-2022-3636/linux
- - - - -
03ee90b4 by Salvatore Bonaccorso at 2022-10-22T21:17:59+02:00
Update status for CVE-2022-3563/bluez
Thanks: Sylvain Beucler
- - - - -
a9d720bf by Salvatore Bonaccorso at 2022-10-22T21:27:13+02:00
Add CVE-2022-3635/linux
- - - - -
88e2d718 by Salvatore Bonaccorso at 2022-10-22T21:32:50+02:00
Add CVE-2022-3633
- - - - -
89c91e79 by Salvatore Bonaccorso at 2022-10-22T21:37:24+02:00
Add CVE-2022-3630/linux
- - - - -
5edd7615 by Salvatore Bonaccorso at 2022-10-22T21:41:33+02:00
Add CVE-2022-3629/linux
- - - - -
e25e19cb by Salvatore Bonaccorso at 2022-10-22T21:42:35+02:00
Adjust source package name for CVE-2022-41343
- - - - -
85d98027 by Salvatore Bonaccorso at 2022-10-23T06:53:56+02:00
Reserve DSA entry for linux regression update
- - - - -
1dbaa47c by Salvatore Bonaccorso at 2022-10-23T07:20:40+02:00
Track fixed openjdk-8 issues via unstable
- - - - -
32710ccd by Salvatore Bonaccorso at 2022-10-23T09:05:41+02:00
Add CVE-2022-3625/linux
- - - - -
3ca306c2 by Salvatore Bonaccorso at 2022-10-23T09:09:08+02:00
Add CVE-2022-3624/linux
- - - - -
191760e2 by Salvatore Bonaccorso at 2022-10-23T09:12:05+02:00
Add CVE-2022-3623/linux
- - - - -
c5b744af by Salvatore Bonaccorso at 2022-10-23T09:14:21+02:00
Add CVE-2022-3621
- - - - -
4dd314af by Salvatore Bonaccorso at 2022-10-23T16:55:02+02:00
Add CVE-2022-3620/exim4
- - - - -
7f7beff7 by Salvatore Bonaccorso at 2022-10-23T17:25:15+02:00
Add CVE-2022-3619/linux
- - - - -
d04c4a9f by Salvatore Bonaccorso at 2022-10-23T17:29:09+02:00
Add CVE-2022-3606/libbpf
- - - - -
bef0596a by Salvatore Bonaccorso at 2022-10-23T17:33:29+02:00
Add initial tracking for new set of gpac issues
- - - - -
61331769 by Salvatore Bonaccorso at 2022-10-23T17:41:39+02:00
Process NFUs
- - - - -
ff3ac434 by Salvatore Bonaccorso at 2022-10-23T17:42:12+02:00
Add CVE-2022-3327/rdiffweb
- - - - -
09635905 by Moritz Mühlenhoff at 2022-10-23T20:13:01+02:00
lava DSA
- - - - -
3c660b8a by Moritz Muehlenhoff at 2022-10-23T21:00:42+02:00
bullseye triage
- - - - -
afffd8f3 by Salvatore Bonaccorso at 2022-10-23T21:10:15+02:00
Add CVE-2022-401{49,50}/libjettison-java
- - - - -
18073d6c by Salvatore Bonaccorso at 2022-10-23T21:10:17+02:00
Process NFUs
- - - - -
6ca0decc by Salvatore Bonaccorso at 2022-10-23T21:21:55+02:00
Add Debian bug references for libjettison-java issues
- - - - -
b76937aa by security tracker role at 2022-10-23T20:10:23+00:00
automatic update
- - - - -
8db5037c by Moritz Muehlenhoff at 2022-10-23T23:24:55+02:00
bullseye triage
- - - - -
aa9dbf4d by Anton Gladky at 2022-10-23T23:32:18+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
865ee048 by Emilio Pozuelo Monfort at 2022-10-24T00:11:49+02:00
CVE-2022-3554 & CVE-2022-3555/libx11 postponed on buster
- - - - -
d3f7d750 by Emilio Pozuelo Monfort at 2022-10-24T00:13:53+02:00
lts: take xorg-server
- - - - -
fcd0fc3e by Moritz Muehlenhoff at 2022-10-24T00:24:19+02:00
bugnums
- - - - -
f0ed3b03 by Moritz Muehlenhoff at 2022-10-24T00:26:20+02:00
mark two activemq issues as fixed, thanks to Pierre Gruet
- - - - -
55943056 by Salvatore Bonaccorso at 2022-10-24T07:42:59+02:00
Take libxml2 from dsa-needed list
- - - - -
9bb734f1 by Salvatore Bonaccorso at 2022-10-24T07:46:25+02:00
Track CVE-2020-1941 as fixed earlier (5.15.12 upstream)
- - - - -
726e88a5 by Abhijith PA at 2022-10-24T11:18:55+05:30
Reclaim packages
- - - - -
4ab4a045 by Salvatore Bonaccorso at 2022-10-24T10:16:04+02:00
Add CVE-2022-3238/linux
- - - - -
ed903dd2 by Emilio Pozuelo Monfort at 2022-10-24T10:17:26+02:00
lts: triage openjdk-11 issues as postponed
We follow upstream releases for OpenJDK, and thus follow stable.
- - - - -
494fb806 by Moritz Muehlenhoff at 2022-10-24T10:41:46+02:00
shapelib fixed in sid
- - - - -
58c0d545 by Sylvain Beucler at 2022-10-24T11:39:55+02:00
Reserve DLA-3157-1 for bluez
- - - - -
68ac7208 by Sylvain Beucler at 2022-10-24T12:24:29+02:00
CVE-2022-3637/bluez: buster not-affected
- - - - -
ff3d0db7 by Emilio Pozuelo Monfort at 2022-10-24T16:27:34+02:00
lts: triage CVE-2022-3190/wireshark as postponed on buster
- - - - -
d414a00d by Emilio Pozuelo Monfort at 2022-10-24T16:43:42+02:00
lts: take wkhtmltopdf
- - - - -
5664c6f9 by Emilio Pozuelo Monfort at 2022-10-24T18:21:17+02:00
Reserve DLA-3158-1 for wkhtmltopdf
- - - - -
59bc2f9e by Thorsten Alteholz at 2022-10-24T19:31:03+02:00
follow sec team and mark CVE-2019-25076 as no-dsa for Buster
- - - - -
f733eabd by Thorsten Alteholz at 2022-10-24T19:31:42+02:00
claim virglrenderer
- - - - -
53011fdd by Salvatore Bonaccorso at 2022-10-24T20:37:43+02:00
Update onionshare CVEs according to upstream provided information
Link: https://github.com/onionshare/onionshare/issues/1633
- - - - -
de6f37f5 by Salvatore Bonaccorso at 2022-10-24T21:04:37+02:00
CVE-2022-3637: Adjust upstream tag for introducing commit
- - - - -
69a813e0 by Salvatore Bonaccorso at 2022-10-24T21:15:25+02:00
Add references to upstream commits for CVE-2022-216{89,90}/onionshare
- - - - -
3b7d6af3 by Salvatore Bonaccorso at 2022-10-24T21:29:09+02:00
Add temporary entry for wordpress 6.0.3 release
- - - - -
128549d1 by Salvatore Bonaccorso at 2022-10-24T21:46:38+02:00
Add CVE-2022-4197{3,4}/multipath-tools
- - - - -
7d96b81d by Salvatore Bonaccorso at 2022-10-24T21:55:14+02:00
Add CVE-2022-34870
- - - - -
de34552d by security tracker role at 2022-10-24T20:10:26+00:00
automatic update
- - - - -
d28fbec4 by Salvatore Bonaccorso at 2022-10-24T22:14:48+02:00
Reference introducing commits for CVE-2022-4197{3,4}/multipath-tools
- - - - -
49d4cddd by Salvatore Bonaccorso at 2022-10-24T22:23:27+02:00
Add CVE-2022-43680/expat
- - - - -
f805cbcb by Salvatore Bonaccorso at 2022-10-24T22:24:29+02:00
Add Debian bug reference for CVE-2022-4197{3,4}/multipath-tools
- - - - -
36790a7e by Salvatore Bonaccorso at 2022-10-24T22:29:24+02:00
Add CVE-2021-46848/libtasn1-6
- - - - -
048fb394 by Salvatore Bonaccorso at 2022-10-24T22:36:30+02:00
Process some NFUs
- - - - -
d31a91e6 by Salvatore Bonaccorso at 2022-10-24T22:43:44+02:00
Track fixed version for CVE-2018-25047/smarty{3,4} via unstable
- - - - -
03cc8e20 by Salvatore Bonaccorso at 2022-10-24T22:46:54+02:00
Add Debian bug reference for CVE-2022-43680/expat
- - - - -
b0ecdab2 by Salvatore Bonaccorso at 2022-10-25T07:07:31+02:00
Add thunderbird CVEs from mfsa2022-46
- - - - -
33509f50 by Salvatore Bonaccorso at 2022-10-25T07:09:48+02:00
Issues from mfsa2022-46 for thunderbird fixed in unstable
- - - - -
f75a9f52 by Moritz Muehlenhoff at 2022-10-25T09:00:30+02:00
bullseye triage
- - - - -
3e26834a by Emilio Pozuelo Monfort at 2022-10-25T09:28:27+02:00
Reserve DLA-3159-1 for libbluray
- - - - -
65455ccb by Salvatore Bonaccorso at 2022-10-25T11:25:33+02:00
Add CVE-2022-3592/samba
- - - - -
8ff497ea by Salvatore Bonaccorso at 2022-10-25T11:27:51+02:00
Add CVE-2022-3437/samba
- - - - -
32c7a629 by Salvatore Bonaccorso at 2022-10-25T12:23:29+02:00
Track fixed version via unstable for CVE-2022-3437/samba
- - - - -
9ce5b6e9 by Moritz Muehlenhoff at 2022-10-25T12:33:08+02:00
bullseye triage
- - - - -
282961ba by Moritz Muehlenhoff at 2022-10-25T13:59:05+02:00
new batik issue
- - - - -
01ea474a by Emilio Pozuelo Monfort at 2022-10-25T14:33:10+02:00
lts: take thunderbird
- - - - -
5f6a901b by Salvatore Bonaccorso at 2022-10-25T16:25:19+02:00
Add CVE-2022-42890/batik
- - - - -
78eb4664 by Salvatore Bonaccorso at 2022-10-25T16:31:43+02:00
Add oss-security reference for CVE-2022-41704
- - - - -
6537d968 by Salvatore Bonaccorso at 2022-10-25T16:36:40+02:00
Add CVE-2022-3650/ceph
- - - - -
ce135dac by Moritz Muehlenhoff at 2022-10-25T20:03:31+02:00
exim fixed in sid
- - - - -
e0e44c93 by Moritz Muehlenhoff at 2022-10-25T21:57:01+02:00
mark libpod as fixed in experimental and add further references, thanks Antoine!
- - - - -
6c841fb2 by security tracker role at 2022-10-25T20:10:25+00:00
automatic update
- - - - -
9d9554b5 by Salvatore Bonaccorso at 2022-10-25T22:15:27+02:00
Mark CVE-2022-3620/exim4 as unimportant
As the Debian binary packages themself are not built with DMARC support.
- - - - -
6f89ffc3 by Salvatore Bonaccorso at 2022-10-25T22:23:02+02:00
Update information for CVE-2022-2989/libpod
The fix source wise did actually not land in 4.2.0+ds1-1, but was only
in a v4.2.0-rhel branch. There is an equivalent commit in v4.3.0-rc1
upstream.
Link: https://github.com/containers/podman/commit/5c7f28336171f0a5137edd274e45608120d31289
- - - - -
09c6ccce by Salvatore Bonaccorso at 2022-10-25T22:41:34+02:00
Add fixed version for CVE-2022-3592/samba via experimental
- - - - -
729b917a by Salvatore Bonaccorso at 2022-10-26T07:38:51+02:00
Add new chromium issues
- - - - -
2bdb7161 by Emilio Pozuelo Monfort at 2022-10-26T07:47:35+02:00
lts: take tzdata and libdatetime-timezone-perl
- - - - -
d13f3ce7 by Salvatore Bonaccorso at 2022-10-26T08:02:09+02:00
Track fixed version for chromium issues via unstable
- - - - -
7d7d1a7c by security tracker role at 2022-10-26T08:10:15+00:00
automatic update
- - - - -
378bfa24 by Salvatore Bonaccorso at 2022-10-26T10:22:31+02:00
Process some NFUs
- - - - -
5b6f85d1 by Salvatore Bonaccorso at 2022-10-26T10:32:16+02:00
Remove notes for CVE-2022-3593 and CVE-2022-35{27,28,29,30}
They were associated to iproute2 issues, marked unimportant but
apparently rejected now. Strange thing is that they relate to a CVE as
duplicate which is in a completely different product.
MITRE is notified about the potential problem.
- - - - -
29b55cac by Salvatore Bonaccorso at 2022-10-26T11:26:26+02:00
Add CVE-2022-43750/linux
- - - - -
20a473db by Salvatore Bonaccorso at 2022-10-26T13:21:06+02:00
Process one NFU
- - - - -
ac3f2154 by Markus Koschany at 2022-10-26T14:12:27+02:00
Reserve DLA-3160-1 for tomcat9
- - - - -
3aeb0011 by Salvatore Bonaccorso at 2022-10-26T16:41:35+02:00
Add CVE-2022-42916/curl
- - - - -
159b5c82 by Salvatore Bonaccorso at 2022-10-26T16:44:45+02:00
Add CVE-2022-42915/curl
- - - - -
0a66da9c by Salvatore Bonaccorso at 2022-10-26T16:52:17+02:00
Add CVE-2022-35260/curl
- - - - -
04fb7653 by Salvatore Bonaccorso at 2022-10-26T16:57:35+02:00
Add CVE-2022-32221/curl
- - - - -
ced19c85 by Emilio Pozuelo Monfort at 2022-10-26T19:16:55+02:00
Reserve DLA-3161-1 for tzdata
- - - - -
fabfdd15 by Emilio Pozuelo Monfort at 2022-10-26T19:20:32+02:00
Reserve DLA-3162-1 for libdatetime-timezone-perl
- - - - -
7bbaeedc by Markus Koschany at 2022-10-26T19:44:47+02:00
Reserve DLA-3163-1 for wordpress
- - - - -
6521a864 by Markus Koschany at 2022-10-26T19:52:59+02:00
Mark temporary CVE assignment as postponed for Buster
Wait until we have more information. Most likely fixed with upstream version 5.0.18
- - - - -
396e0466 by Moritz Mühlenhoff at 2022-10-26T20:21:33+02:00
chromium DSA
- - - - -
6fb434b3 by security tracker role at 2022-10-26T20:10:22+00:00
automatic update
- - - - -
b5e86133 by Salvatore Bonaccorso at 2022-10-26T22:36:03+02:00
Process NFUs
- - - - -
9140ca1e by Salvatore Bonaccorso at 2022-10-26T22:43:17+02:00
Process NFUs
- - - - -
a596ee78 by Laszlo Boszormenyi (GCS) at 2022-10-27T00:57:00+02:00
Track fixed version for CVE-2022-43680/expat via unstable
- - - - -
55992668 by Markus Koschany at 2022-10-27T01:45:13+02:00
CVE-2022-3559,exim4: Buster is no-dsa
Minor issue
- - - - -
d4bff1a2 by Markus Koschany at 2022-10-27T01:45:13+02:00
Claim batik in dla-needed.txt
- - - - -
a7294d3b by Markus Koschany at 2022-10-27T01:45:14+02:00
CVE-2021-46848,libtasn1-6: Buster is no-dsa
Minor issue
- - - - -
b76aab48 by Salvatore Bonaccorso at 2022-10-27T06:27:10+02:00
Track fixed version via unstable for CVE-2022-39209/cmark-gfm
- - - - -
a075a913 by Salvatore Bonaccorso at 2022-10-27T06:28:02+02:00
Track fixed version for CVE-2022-30333/rar via unstable
- - - - -
2ddecc98 by Salvatore Bonaccorso at 2022-10-27T06:28:43+02:00
Track fixed version for CVE-2022-41751/jhead via unstable
- - - - -
fe5d1e9f by Salvatore Bonaccorso at 2022-10-27T08:32:41+02:00
Add CVE-2022-3697/ansible
- - - - -
8e028103 by Emilio Pozuelo Monfort at 2022-10-27T08:36:38+02:00
lts: take curl
- - - - -
faf49d27 by security tracker role at 2022-10-27T08:10:15+00:00
automatic update
- - - - -
0de69910 by Emilio Pozuelo Monfort at 2022-10-27T10:31:05+02:00
lts: CVE-2022-42916/curl n/a on buster
- - - - -
ecf26d88 by Salvatore Bonaccorso at 2022-10-27T11:01:52+02:00
Add CVE-2022-3705/vim
- - - - -
13d24bca by Moritz Mühlenhoff at 2022-10-27T12:26:12+02:00
additional sqlite reference
- - - - -
f952b859 by Moritz Mühlenhoff at 2022-10-27T16:13:36+02:00
two etcd issues fixed in experimental
- - - - -
92d3b469 by Moritz Mühlenhoff at 2022-10-27T16:46:10+02:00
one libde265 issue fixed in sid
- - - - -
06e7cc80 by Markus Koschany at 2022-10-27T18:05:46+02:00
Add expat to dla-needed.txt
- - - - -
d4e9c895 by Markus Koschany at 2022-10-27T18:06:58+02:00
Add dropbear to dla-needed.txt
- - - - -
257634c3 by Markus Koschany at 2022-10-27T18:16:25+02:00
Add graphicsmagick to dla-needed.txt
- - - - -
83af9505 by Markus Koschany at 2022-10-27T18:34:48+02:00
CVE-2022-41842,libcommons-jxpath-java: Link to proposed upstream changes
The upstream discussion is ongoing. They intend to implement either a whitelist
or a blacklist. Maven requires jxpath as a build-dependency. We should wait for
the outcome of that discussion
- - - - -
4c46ba1e by Markus Koschany at 2022-10-27T18:42:12+02:00
Add libcommons-jxpath-java to dla-needed.txt
- - - - -
5bf26c2c by Chris Lamb at 2022-10-27T10:25:22-07:00
dla-needed.txt: Update note for python-django.
- - - - -
eea9c40b by Chris Lamb at 2022-10-27T10:36:55-07:00
dla-needed.txt: No, CVE-2022-28346 is fixed in stretch like the others.
- - - - -
4a0a2559 by Chris Lamb at 2022-10-27T11:18:45-07:00
Reserve DLA-3164-1 for python-django
- - - - -
73017f53 by Salvatore Bonaccorso at 2022-10-27T20:34:38+02:00
Add upstream tag information for CVE-2020-21599
- - - - -
313600d4 by Salvatore Bonaccorso at 2022-10-27T21:11:59+02:00
Add CVE-2022-3704/rails
- - - - -
2f15f0b6 by Moritz Mühlenhoff at 2022-10-27T21:15:43+02:00
batik fixed in sid
- - - - -
9e7d3165 by Salvatore Bonaccorso at 2022-10-27T21:47:08+02:00
Process one NFU
- - - - -
96fa6f55 by Salvatore Bonaccorso at 2022-10-27T21:48:33+02:00
Track proposed update for powerline-gitstatus via bullseye-pu
- - - - -
b8506162 by Salvatore Bonaccorso at 2022-10-27T22:01:50+02:00
Add CVE-2022-3474/bazel
- - - - -
42fcc87f by security tracker role at 2022-10-27T20:10:24+00:00
automatic update
- - - - -
dbc98a9a by Salvatore Bonaccorso at 2022-10-27T22:12:19+02:00
Process some NFUs
- - - - -
5b8aef77 by Salvatore Bonaccorso at 2022-10-27T22:12:20+02:00
Add CVE-2022-3363/rdiffweb
- - - - -
d4d262da by Salvatore Bonaccorso at 2022-10-27T22:14:21+02:00
Process some NFUs
- - - - -
de5f7258 by Utkarsh Gupta at 2022-10-28T02:02:00+05:30
Take expat
- - - - -
ceda112d by Moritz Mühlenhoff at 2022-10-27T22:45:36+02:00
thunderbird DSA
- - - - -
4e33720d by Salvatore Bonaccorso at 2022-10-27T22:48:10+02:00
Add CVE-2022-3725/wireshark
- - - - -
c4abbbd9 by Salvatore Bonaccorso at 2022-10-27T22:59:47+02:00
Add CVE-2022-3719/exiv2
- - - - -
8556a2e4 by Utkarsh Gupta at 2022-10-28T07:09:49+05:30
Take dropbear and ruby-sinatra
- - - - -
c25e0c74 by Utkarsh Gupta at 2022-10-28T07:10:52+05:30
Reserve DLA-3165-1 for expat
- - - - -
29216582 by Utkarsh Gupta at 2022-10-28T09:21:37+05:30
Reserve DLA-3166-1 for ruby-sinatra
- - - - -
b20f0937 by Salvatore Bonaccorso at 2022-10-28T07:06:44+02:00
Add fixed version for curl issues fixed via unstable
- - - - -
3fbfc044 by Henri Salo at 2022-10-28T08:55:36+03:00
Fix typo
- - - - -
12684b83 by Salvatore Bonaccorso at 2022-10-28T09:24:27+02:00
Add expat to dsa-needed list
- - - - -
6bf12a0e by security tracker role at 2022-10-28T08:10:15+00:00
automatic update
- - - - -
4f2ed7d5 by Salvatore Bonaccorso at 2022-10-28T10:14:59+02:00
Process one NFU
- - - - -
147b30eb by Salvatore Bonaccorso at 2022-10-28T10:18:23+02:00
Process more NFUs
- - - - -
679b7649 by Moritz Mühlenhoff at 2022-10-28T13:16:49+02:00
new chromium issue
- - - - -
76903b7f by Salvatore Bonaccorso at 2022-10-28T13:51:42+02:00
Add CVE-2022-371{7,8}/exiv2
- - - - -
21c6818a by Salvatore Bonaccorso at 2022-10-28T15:42:47+02:00
Track fixed version via unstable for CVE-2022-3723/chromium
- - - - -
596fff4c by Salvatore Bonaccorso at 2022-10-28T17:05:36+02:00
Reference upstream commits for CVE-2022-43680
- - - - -
d3dcab75 by Salvatore Bonaccorso at 2022-10-28T21:29:23+02:00
Track fixed version via unstable for CVE-2022-31627/php8.1
- - - - -
957c8e2f by Salvatore Bonaccorso at 2022-10-28T21:31:03+02:00
Track fixed version for CVE-2022-3162{8,9}/php8.1 via unstable
- - - - -
bd3f45ca by Salvatore Bonaccorso at 2022-10-28T21:32:20+02:00
Track fixed version for firmware-nonfree issues via unstable
- - - - -
5a58ada3 by Salvatore Bonaccorso at 2022-10-28T21:39:06+02:00
Add CVE-2022-31630/php information
- - - - -
437b0661 by Salvatore Bonaccorso at 2022-10-28T21:43:51+02:00
Add php information for CVE-2022-37454
- - - - -
668da901 by Salvatore Bonaccorso at 2022-10-28T21:45:57+02:00
Add PHP 7.4.x information for CVE-2022-37454
- - - - -
26ffd477 by Salvatore Bonaccorso at 2022-10-28T22:08:30+02:00
Update status for CVE-2022-37454 for python
- - - - -
b9975146 by security tracker role at 2022-10-28T20:10:25+00:00
automatic update
- - - - -
725140bb by Salvatore Bonaccorso at 2022-10-28T22:37:30+02:00
Process some NFUs
- - - - -
b4d03985 by Salvatore Bonaccorso at 2022-10-28T22:51:24+02:00
Process some NFUs
- - - - -
44cb9f07 by Salvatore Bonaccorso at 2022-10-28T23:00:20+02:00
Add CVE-2022-3616/cfrpki
- - - - -
1bea25a4 by Salvatore Bonaccorso at 2022-10-28T23:01:19+02:00
Process NFUs
- - - - -
dd31aba0 by Salvatore Bonaccorso at 2022-10-28T23:02:57+02:00
Track three new CVEs for nextcloud-server, itp'ed
- - - - -
fc1131ab by Salvatore Bonaccorso at 2022-10-28T23:06:12+02:00
Add CVE-2022-39348/twisted
- - - - -
9259172c by security tracker role at 2022-10-29T08:10:11+00:00
automatic update
- - - - -
ab1b8f57 by Salvatore Bonaccorso at 2022-10-29T10:23:24+02:00
Add new wabt issues
There is a newer version as mentioned (1.0.30) but which still does not
seem to contain the required changes.
- - - - -
c2bdcc6a by Salvatore Bonaccorso at 2022-10-29T10:24:47+02:00
Process some NFUs
- - - - -
20f25538 by Thorsten Alteholz at 2022-10-29T10:47:57+02:00
Reserve DLA-3167-1 for ncurses
- - - - -
f406d0b2 by Thorsten Alteholz at 2022-10-29T10:53:38+02:00
Reserve DLA-3168-1 for openvswitch
- - - - -
99397b29 by Tobias Frost at 2022-10-29T11:01:35+02:00
claim clickhouse
- - - - -
37c96dbf by Salvatore Bonaccorso at 2022-10-29T14:41:22+02:00
Track pysha3 bug under CVE-2022-37454
- - - - -
a094c54e by Stefano Rivera at 2022-10-29T14:46:45+02:00
pypy3 is affected too
- - - - -
e40b472a by Salvatore Bonaccorso at 2022-10-29T14:52:15+02:00
Add CVE-2022-3628/linux
- - - - -
b83fe42f by Salvatore Bonaccorso at 2022-10-29T14:53:44+02:00
Process CVE-2022-26884 as NFU
- - - - -
1edaaf84 by Markus Koschany at 2022-10-29T17:11:26+02:00
Reserve DLA-3169-1 for batik
- - - - -
2aef89bf by Stefano Rivera at 2022-10-29T17:54:12+02:00
Ignore CVE-2022-37454 for pypy3 in buster
- - - - -
70b09b51 by Salvatore Bonaccorso at 2022-10-29T19:38:24+02:00
Add pysha3 to dsa-needed list
- - - - -
19669ea5 by security tracker role at 2022-10-29T20:10:21+00:00
automatic update
- - - - -
54cf1099 by Moritz Mühlenhoff at 2022-10-29T22:30:52+02:00
chromium DSA
- - - - -
4da53d3a by Markus Koschany at 2022-10-29T22:42:01+02:00
Add libxml2 to dla-needed.txt
- - - - -
f86442f8 by Markus Koschany at 2022-10-29T22:42:36+02:00
CVE-2022-41973 CVE-2022-41974,multipath-tools: Link to upstream pull request
- - - - -
5ac4f6c9 by Markus Koschany at 2022-10-29T22:46:30+02:00
Add multipath-tools to dla-needed.txt
- - - - -
a383f282 by Markus Koschany at 2022-10-29T23:47:04+02:00
CVE-2022-0699,shapelib: Mark Buster as no-dsa
Minor issue
- - - - -
d71191ca by Markus Koschany at 2022-10-29T23:48:18+02:00
Reserve DSA-5264-1 batik
- - - - -
6160ed2b by Markus Koschany at 2022-10-29T23:49:14+02:00
Reserve DSA-5265-1 tomcat9
- - - - -
48b2b005 by Moritz Muehlenhoff at 2022-10-29T23:56:04+02:00
various Linux exploit references
- - - - -
e2c289cb by Moritz Muehlenhoff at 2022-10-29T23:57:52+02:00
ruby-rails-html-sanitizer fixed in sid
- - - - -
65671f15 by Markus Koschany at 2022-10-30T00:44:08+02:00
Add twisted to dla-needed.txt
- - - - -
5690aea4 by Markus Koschany at 2022-10-30T00:44:09+02:00
CVE-2022-3479,nss: Buster is not affected
The vulnerable code was introduced later
- - - - -
ceaf1d35 by Salvatore Bonaccorso at 2022-10-30T07:59:14+01:00
Reference required commits for CVE-2022-41973 and CVE-2022-41974
- - - - -
223e6a17 by Salvatore Bonaccorso at 2022-10-30T08:17:22+01:00
CVE-2022-41973: Add comment on switching to /run instead of /dev/shm
- - - - -
dfbabd55 by Abhijith PA at 2022-10-30T12:55:36+05:30
Mark CVE-2022-39835 as no-dsa
Code refactoring on later version makes very hard to backport
- - - - -
fa4abc7e by Salvatore Bonaccorso at 2022-10-30T08:37:58+01:00
Reference advisory for CVE-2020-13947
- - - - -
73573217 by Salvatore Bonaccorso at 2022-10-30T08:38:41+01:00
Reference announce for CVE-2020-1941
- - - - -
b1442b86 by Abhijith PA at 2022-10-30T13:12:55+05:30
data/dla-needed.txt: claim ghostwriter
- - - - -
6e803421 by security tracker role at 2022-10-30T08:10:21+00:00
automatic update
- - - - -
3567e770 by Salvatore Bonaccorso at 2022-10-30T09:26:42+01:00
Add CVE-2022-44034/linux
- - - - -
457c79fc by Salvatore Bonaccorso at 2022-10-30T09:29:36+01:00
Add CVE-2022-44033/linux
- - - - -
ce26f48f by Salvatore Bonaccorso at 2022-10-30T09:32:22+01:00
Add CVE-2022-44032/linux
- - - - -
091d4b77 by Salvatore Bonaccorso at 2022-10-30T09:39:35+01:00
Process NFUs
- - - - -
36d38a8b by Abhijith PA at 2022-10-30T14:11:00+05:30
Mark CVE-2022-24724 as not-affected for buster and bulleye.
ghostwriter don't embed cmark-gfm in those releases.
- - - - -
da016f61 by Salvatore Bonaccorso at 2022-10-30T10:00:43+01:00
Add CVE-2022-3757/exiv2
- - - - -
b00642ad by Salvatore Bonaccorso at 2022-10-30T10:01:16+01:00
Add CVE-2022-3756/exiv2
- - - - -
a31aedbf by Salvatore Bonaccorso at 2022-10-30T10:02:21+01:00
Add CVE-2022-3755/exiv2
- - - - -
7edfa7e3 by Salvatore Bonaccorso at 2022-10-30T11:37:22+01:00
Track proposed tinyxml update via bullseye-pu
- - - - -
a9e96867 by Dominik George at 2022-10-30T11:51:41+01:00
Grab exiv2 and python-scciclient
- - - - -
7996f12a by Emilio Pozuelo Monfort at 2022-10-30T12:16:33+01:00
Reserve DLA-3170-1 for thunderbird
- - - - -
a10d34d3 by Salvatore Bonaccorso at 2022-10-30T13:32:36+01:00
Track fixed version for CVE-2022-37454/pypy3
- - - - -
b6d44598 by Stefano Rivera at 2022-10-30T15:33:13+02:00
Reserve DLA-3171-1 for distro-info-data
- - - - -
38744cd0 by Salvatore Bonaccorso at 2022-10-30T14:56:39+01:00
Reserve DSA number for expat update
- - - - -
8ec0d204 by Markus Koschany at 2022-10-30T15:12:33+01:00
Add jackson-databind to dla-needed.txt
- - - - -
487f789d by Markus Koschany at 2022-10-30T15:12:33+01:00
Add libjettison-java to dla-needed.txt
- - - - -
737764c4 by Markus Koschany at 2022-10-30T15:12:50+01:00
Claim libxml2 in dla-needed.txt
- - - - -
aa3a3ba4 by Markus Koschany at 2022-10-30T16:52:29+01:00
Reserve DLA-3172-1 for libxml2
- - - - -
0804c84d by Moritz Muehlenhoff at 2022-10-30T17:52:46+01:00
take pysha3, ffmpeg
- - - - -
5682a426 by Moritz Mühlenhoff at 2022-10-30T19:58:46+01:00
pysha3 DSA
- - - - -
3b4e3e7d by Moritz Mühlenhoff at 2022-10-30T20:15:30+01:00
tiff fixed in sid
- - - - -
ac7c89cd by Salvatore Bonaccorso at 2022-10-30T20:55:31+01:00
Two CVEs fixed for samba with unstable upload of 4.17.2 based version
- - - - -
f6bc1b69 by Salvatore Bonaccorso at 2022-10-30T20:58:49+01:00
Track fixed verison for CVE-2021-20277 and CVE-2020-27840
- - - - -
333a7c35 by Markus Koschany at 2022-10-30T23:44:38+01:00
CVE-2022-3276,puppet-module-puppetlabs-mysql: Link to possible fix
- - - - -
7eeec719 by Markus Koschany at 2022-10-31T00:12:53+01:00
Triage gpac for buster as EOL
- - - - -
b526dc08 by Markus Koschany at 2022-10-31T00:14:40+01:00
Add pysha3 to dla-needed.txt
- - - - -
2b1b1f38 by Markus Koschany at 2022-10-31T00:16:42+01:00
Update status of vim in dla-needed.txt
- - - - -
b4d3872d by Markus Koschany at 2022-10-31T00:26:52+01:00
Add python-django to dla-needed.txt
- - - - -
573651fc by Markus Koschany at 2022-10-31T00:27:56+01:00
Add node-css-what to dla-needed.txt
- - - - -
0b2e1714 by Markus Koschany at 2022-10-31T00:34:02+01:00
Add lava to dla-needed.txt
- - - - -
c1716b9f by Markus Koschany at 2022-10-31T00:37:47+01:00
Add git to dla-needed.txt
- - - - -
d87a6c7f by Markus Koschany at 2022-10-31T00:38:54+01:00
Add tiff to dla-needed.txt
- - - - -
aea067cf by Ben Hutchings at 2022-10-31T00:50:23+01:00
Reserve DLA-3173-1 for linux-5.10
- - - - -
1db7cb04 by Salvatore Bonaccorso at 2022-10-31T06:49:31+01:00
CVE-2022-3276: Reference comment to required changes
- - - - -
4f8d262b by Salvatore Bonaccorso at 2022-10-31T06:51:21+01:00
Add annotation for end-of-life marking
- - - - -
a078ad85 by Salvatore Bonaccorso at 2022-10-31T08:06:51+01:00
Track fixed version for CVE-2022-3705/vim
- - - - -
d8f21266 by Salvatore Bonaccorso at 2022-10-31T08:28:30+01:00
Add CVE-2022-1415 as NFU
- - - - -
dc139021 by Salvatore Bonaccorso at 2022-10-31T08:29:23+01:00
Add CVE-2022-3500 as NFU
- - - - -
7da36de5 by Salvatore Bonaccorso at 2022-10-31T08:38:53+01:00
Add CVE-2022-3707/linux
- - - - -
b0513b34 by security tracker role at 2022-10-31T08:10:23+00:00
automatic update
- - - - -
0ee0cb88 by Salvatore Bonaccorso at 2022-10-31T10:17:22+01:00
Process some NFUs
- - - - -
1cfaca81 by Stefano Rivera at 2022-10-31T11:24:39+02:00
Claim pysha3
- - - - -
e14d8d98 by Stefano Rivera at 2022-10-31T11:24:53+02:00
Add and claim python3.7 (as discussed on IRC)
- - - - -
08647d86 by Stefano Rivera at 2022-10-31T11:30:16+02:00
Clarify pypy3.6 in history
- - - - -
380c2080 by Sylvain Beucler at 2022-10-31T11:10:29+01:00
CVE-2022-37454/python3*: introduced in 3.6
- - - - -
edf4189a by Stefano Rivera at 2022-10-31T12:44:44+02:00
Reserve DLA-3174-1 for pysha3
- - - - -
9e691a37 by Ola Lundqvist at 2022-10-31T12:39:58+01:00
Triaged cmark-gfm for LTS (buster) and concluded CVE-2022-24724 and CVE-2022-39209 to be minor issues. Same conclusion as for similar packages.
- - - - -
9ecf7397 by Ola Lundqvist at 2022-10-31T12:43:48+01:00
Added protobuf to dla-needed.
- - - - -
7ab81f4b by Ola Lundqvist at 2022-10-31T12:45:14+01:00
Added consul to dla-needed.
- - - - -
fabc7c5a by Markus Koschany at 2022-10-31T13:36:30+01:00
CVE-2022-41853,hsqldb: Link to possible fixing commit
- - - - -
38f016b3 by Sylvain Beucler at 2022-10-31T14:18:51+01:00
CVE-2022-37454/php*: introduced in 7.2
- - - - -
a38a497a by Ola Lundqvist at 2022-10-31T14:35:45+01:00
Added hsqldb to dla-needed for further investigation. It is possibly a breaking change. A possible outcome is to ignore the issue.
- - - - -
3fbc4c14 by Ola Lundqvist at 2022-10-31T14:35:45+01:00
Adding jhead to dla-needed. One can argue that you have to trick someone to use some specific command option but arbitrary command execution should be fixed.
- - - - -
4cda4ada by Ola Lundqvist at 2022-10-31T15:08:25+01:00
Added rabbitmq-server to dla-needed. It should be checked further since the solution involves a new configuration option.
- - - - -
54134012 by Ola Lundqvist at 2022-10-31T15:11:18+01:00
Added libapreq2 to dla-needed. Webserver crash is not a good thing so it should be solved.
- - - - -
0ec4db72 by Salvatore Bonaccorso at 2022-10-31T15:12:33+01:00
Add CVE-2022-40284/ntfs-3g
- - - - -
35eb7223 by Sylvain Beucler at 2022-10-31T15:29:27+01:00
CVE-2022-20128,CVE-2022-3168/android-platform-tools (adb): reference public disclosure
- - - - -
b8c1e028 by Ola Lundqvist at 2022-10-31T15:51:43+01:00
Triaged python-cmarkgfm for LTS (buster) and concluded CVE-2022-24724 and CVE-2022-39209 to be minor issues. Same conclusion as cmark-gfm.
- - - - -
a63903c0 by Ola Lundqvist at 2022-10-31T15:59:09+01:00
Added php7.3 to dla-needed.
- - - - -
9fd20b1f by Sylvain Beucler at 2022-10-31T16:36:30+01:00
CVE-2022-3276/puppet-module-puppetlabs-mysql: reference commits following upstream confirmation
- - - - -
fd693cb3 by Salvatore Bonaccorso at 2022-10-31T19:21:26+01:00
Remove two check items for CVE-2022-3168 and CVE-2022-20128
Entries looks correct with temporary tracking of fixed version in
experimental.
Thanks: Sylvain Beucler
- - - - -
be1ec401 by Anton Gladky at 2022-10-31T19:24:32+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
47b9536d by Salvatore Bonaccorso at 2022-10-31T19:25:40+01:00
Track upstream commits for CVE-2022-40284/ntfs-3g
- - - - -
ab74f9d7 by Salvatore Bonaccorso at 2022-10-31T19:28:21+01:00
Track fixed version for CVE-2022-40284/ntfs-3g via unstable
- - - - -
e852f8e0 by Salvatore Bonaccorso at 2022-10-31T19:29:49+01:00
Track fixed version for libxml2 issues via unstable
- - - - -
5822ccf1 by Ola Lundqvist at 2022-10-31T20:35:02+01:00
Added ntfs-3g to dla-needed.
- - - - -
2c6923bf by Ola Lundqvist at 2022-10-31T20:49:44+01:00
Marked CVE-2022-42920 for node-minimatch as no-dsa for buster following decision for bullseye.
- - - - -
12a48cc6 by security tracker role at 2022-10-31T20:10:17+00:00
automatic update
- - - - -
77facee8 by Ola Lundqvist at 2022-10-31T21:12:41+01:00
Added ceph to dla-needed. Do not have good enough experience with ceph to conclude whether the vulnerability can be exploited in a Debian system.
- - - - -
b75a1cff by Salvatore Bonaccorso at 2022-10-31T21:20:06+01:00
Process several NFUs
- - - - -
45d0f666 by Salvatore Bonaccorso at 2022-10-31T21:29:40+01:00
Process some NFUs
- - - - -
0076ed8e by Sylvain Beucler at 2022-10-31T22:23:20+01:00
CVE-2022-31008/rabbitmq-server: references patches reducing the affected versions range
not triaging, letting LTS front-desk and/or security-team confirm that buster&bullseye shouldn't be affected
- - - - -
e30faf70 by Salvatore Bonaccorso at 2022-10-31T22:29:41+01:00
Add ntfs-3g to dsa-needed list
- - - - -
23c08961 by Salvatore Bonaccorso at 2022-10-31T22:30:14+01:00
Take ntfs-3g from dsa-needed list
- - - - -
a9ec9555 by Salvatore Bonaccorso at 2022-11-01T06:17:51+01:00
Mark pysha3 as removed from unstable
- - - - -
e974ebb3 by Anton Gladky at 2022-11-01T06:19:34+01:00
Fix dla-needed after git conflicts
- - - - -
19db2921 by Abhijith PA at 2022-11-01T11:19:16+05:30
Mark CVE-2022-31778 as ignored for buster
- - - - -
7241fcb9 by Salvatore Bonaccorso at 2022-11-01T07:01:30+01:00
CVE-2022-39253/git and CVE-2022-39260/git fixed via unstable upload
- - - - -
3c4e80d1 by Stefano Rivera at 2022-11-01T08:39:36+02:00
Reserve DLA-3175-1 for python3.7
- - - - -
5d9c3b73 by Salvatore Bonaccorso at 2022-11-01T08:46:45+01:00
Add CVE-2022-42919/python
- - - - -
6a3e1470 by security tracker role at 2022-11-01T08:10:18+00:00
automatic update
- - - - -
8735fd26 by Salvatore Bonaccorso at 2022-11-01T09:22:39+01:00
Process NFUs
- - - - -
d7900dc7 by Salvatore Bonaccorso at 2022-11-01T09:24:25+01:00
Remove notes for CVE-2021-44597 (rejected, duplicate of CVE-2021-43857)
- - - - -
9d834944 by Moritz Muehlenhoff at 2022-11-01T11:37:51+01:00
new jupyter-core issue
- - - - -
b9488dbb by Moritz Muehlenhoff at 2022-11-01T12:27:10+01:00
libtasn1-6 spu
- - - - -
30828be4 by Moritz Muehlenhoff at 2022-11-01T17:12:58+01:00
new openssl issues
- - - - -
cc17fc41 by Moritz Muehlenhoff at 2022-11-01T17:14:36+01:00
add openssl commit references
- - - - -
a416f4f0 by Salvatore Bonaccorso at 2022-11-01T17:49:21+01:00
Reference upstream tag information for two openssl commits
- - - - -
49a622a5 by Salvatore Bonaccorso at 2022-11-01T17:52:31+01:00
Add CVE-2022-42327/xen
- - - - -
0b52a5f5 by Salvatore Bonaccorso at 2022-11-01T17:53:56+01:00
Add CVE-2022-423{5,6}/xen
- - - - -
f079043b by Salvatore Bonaccorso at 2022-11-01T17:55:08+01:00
Add CVE-2022-42324/xen
- - - - -
bfc243db by Salvatore Bonaccorso at 2022-11-01T17:56:03+01:00
Add CVE-2022-4232{2,3}/xen
- - - - -
5d3b84cd by Salvatore Bonaccorso at 2022-11-01T17:57:47+01:00
Add CVE-2022-42321/xen
- - - - -
0005da52 by Salvatore Bonaccorso at 2022-11-01T17:58:38+01:00
Add CVE-2022-42320/xen
- - - - -
45be1e37 by Salvatore Bonaccorso at 2022-11-01T17:59:33+01:00
Add CVE-2022-42319/xen
- - - - -
cf47469a by Salvatore Bonaccorso at 2022-11-01T18:00:19+01:00
Add CVE-2022-42310/xen
- - - - -
7437b6a2 by Salvatore Bonaccorso at 2022-11-01T18:01:24+01:00
Add CVE-2022-42309/xen
- - - - -
69d77388 by Moritz Muehlenhoff at 2022-11-01T20:18:31+01:00
NFUs
- - - - -
711aa755 by Moritz Mühlenhoff at 2022-11-01T20:21:48+01:00
ffmpeg DSA
- - - - -
f1e22282 by Moritz Muehlenhoff at 2022-11-01T20:37:01+01:00
add pypy3 reference
- - - - -
503d1da1 by Moritz Muehlenhoff at 2022-11-01T20:38:56+01:00
add ffmpeg to dla-needed
- - - - -
62a79179 by Salvatore Bonaccorso at 2022-11-01T21:02:56+01:00
Reference additional blogpost for CVE-2022-3786 and CVE-2022-3602
- - - - -
52b9c936 by security tracker role at 2022-11-01T20:10:20+00:00
automatic update
- - - - -
fdd71750 by Salvatore Bonaccorso at 2022-11-01T21:30:13+01:00
Add CVE-2022-42252/tomcat
- - - - -
117cfe77 by Salvatore Bonaccorso at 2022-11-01T21:47:11+01:00
Process one NFU
- - - - -
c5b55dcd by Salvatore Bonaccorso at 2022-11-01T22:17:33+01:00
Process some NFUs
- - - - -
a7d5332f by Salvatore Bonaccorso at 2022-11-01T22:18:08+01:00
Add CVE-2022-43151/timg
- - - - -
f94fe04f by Salvatore Bonaccorso at 2022-11-01T22:30:34+01:00
Process some NFUs
- - - - -
6651c8b5 by Salvatore Bonaccorso at 2022-11-01T22:33:56+01:00
Track fixed version via unstable for openssl update
- - - - -
ebf968e5 by Salvatore Bonaccorso at 2022-11-01T22:40:26+01:00
Add two new airflow issues, itp'ed
- - - - -
7d3dc636 by Ola Lundqvist at 2022-11-01T23:45:24+01:00
Added a note to rabbitmq-server.
- - - - -
fa9f9510 by Ola Lundqvist at 2022-11-01T23:57:27+01:00
Marked CVE-2022-42252 as minor issue for buster with the reasoning that the issue only occur when the system is explicitly configured to ignore invalid headers.
- - - - -
d3516145 by Ola Lundqvist at 2022-11-02T00:06:13+01:00
Added jupyter-core to dla-needed.
- - - - -
4ea9d3fd by Salvatore Bonaccorso at 2022-11-02T07:14:17+01:00
Add CVE-2022-4231{1,2,3,4,5,6,7,8}/xen
- - - - -
7596246c by Salvatore Bonaccorso at 2022-11-02T08:19:05+01:00
Remove Debian bug reference for CVE-2022-3786
https://bugs.debian.org/1021620 is for CVE-2022-3358.
Thanks: Sebastian A. Siewior
- - - - -
e6c82d1d by Salvatore Bonaccorso at 2022-11-02T08:22:26+01:00
CVE-2022-3786/openssl: Reference secadv/20221101
- - - - -
92e47c85 by Salvatore Bonaccorso at 2022-11-02T08:32:16+01:00
Add references for two batik issues
- - - - -
eef31292 by security tracker role at 2022-11-02T08:10:21+00:00
automatic update
- - - - -
f2c049a8 by Salvatore Bonaccorso at 2022-11-02T09:38:53+01:00
Process some NFUs
- - - - -
d51ffb08 by Sylvain Beucler at 2022-11-02T09:45:02+01:00
CVE-2022-20128,CVE-2022-3168 (adb): also register with android-platform-system-core package (<= bullseye)
- - - - -
5ab6f8f3 by Moritz Muehlenhoff at 2022-11-02T10:04:12+01:00
bullseye triage
- - - - -
bf0b2e90 by Salvatore Bonaccorso at 2022-11-02T11:08:28+01:00
Track android-platform-system-core as removed
- - - - -
3edb5343 by Moritz Muehlenhoff at 2022-11-02T13:37:19+01:00
bulleye triage
- - - - -
f07da565 by Moritz Mühlenhoff at 2022-11-02T19:48:06+01:00
pypy3 DSA
- - - - -
0be551ce by Moritz Mühlenhoff at 2022-11-02T20:02:06+01:00
clickhouse spu
- - - - -
e807d609 by security tracker role at 2022-11-02T20:10:23+00:00
automatic update
- - - - -
8d3bb50e by Salvatore Bonaccorso at 2022-11-02T21:12:55+01:00
Add CVE-2022-3827/centeron-web, itp'ed
- - - - -
90e11463 by Salvatore Bonaccorso at 2022-11-02T21:13:57+01:00
Process some NFUs
- - - - -
564c30f5 by Salvatore Bonaccorso at 2022-11-02T21:41:10+01:00
Add Debian bug reference for CVE-2022-39348/twisted
- - - - -
70fe4aa4 by Salvatore Bonaccorso at 2022-11-02T22:01:29+01:00
Add tag reference for upstream commit for CVE-2022-39286/jupyter-core
- - - - -
510b94f1 by Salvatore Bonaccorso at 2022-11-02T22:18:26+01:00
Add reference for Debian bug for CVE-2022-39286/jupyter-core
- - - - -
75b648b5 by Salvatore Bonaccorso at 2022-11-02T22:32:01+01:00
Process some NFUs
- - - - -
0caa551c by Salvatore Bonaccorso at 2022-11-02T22:34:35+01:00
Add CVE-2022-43995/sudo
- - - - -
6c385a07 by Salvatore Bonaccorso at 2022-11-02T22:37:04+01:00
Add CVE-2022-344{3,4}/chromium
- - - - -
829927b2 by Ola Lundqvist at 2022-11-02T22:45:17+01:00
Added android-platform-system-core to dla-needed with a note that it can be considered for ignoring if the Debian Security team see the CVEs as minor issues. It is a non-trivial decision.
- - - - -
d2f6ceed by Ola Lundqvist at 2022-11-02T22:45:18+01:00
Added ruby-rails-html-sanitizer to dla-needed.
- - - - -
77e0c77f by Ola Lundqvist at 2022-11-02T22:51:43+01:00
Removed rabbitmq-server from dla-needed. Noted the related CVE as not-affected for buster. Also added a note that buster is in fact affected by a worse problem that the CVE described but that is still minor and therefore no extra CVE should be necessary for that.
- - - - -
25e0822e by Salvatore Bonaccorso at 2022-11-02T22:55:10+01:00
Add CVE-2022-4325{4,5}/gpac
- - - - -
88ac6fa0 by Ola Lundqvist at 2022-11-02T23:01:43+01:00
Marked CVE-2022-42919 as not affected for buster.
- - - - -
2f686fce by Salvatore Bonaccorso at 2022-11-03T06:28:57+01:00
CVE-2022-31008 remove comment
CVE is specific to the respective plugins with which have the
obfuscation functionality implemented.
- - - - -
cdb1460d by Salvatore Bonaccorso at 2022-11-03T08:35:01+01:00
Add CVE-2022-3841 as NFU
- - - - -
19700527 by security tracker role at 2022-11-03T08:10:14+00:00
automatic update
- - - - -
1d9597a8 by Moritz Muehlenhoff at 2022-11-03T09:20:11+01:00
additional openssl reference
- - - - -
699fbfe7 by Moritz Muehlenhoff at 2022-11-03T09:24:12+01:00
new pixman issue
- - - - -
3573770b by Moritz Muehlenhoff at 2022-11-03T09:47:12+01:00
new alpine issue
NFUs
- - - - -
670a6a94 by Moritz Muehlenhoff at 2022-11-03T09:51:04+01:00
NFUs
- - - - -
6105ba74 by Moritz Muehlenhoff at 2022-11-03T09:55:27+01:00
python-scciclient fixed in sid
- - - - -
b2586775 by Salvatore Bonaccorso at 2022-11-03T10:19:10+01:00
Remove notes from CVE-2022-3554 and CVE-2022-3555
They were withdrawn by its CNA as further investigation showed that it
was not a security issue.
- - - - -
6feed6fc by Sylvain Beucler at 2022-11-03T10:20:17+01:00
dla: android-platform-system-core: contribute additional note
(I registered the CVEs in the tracker this week)
- - - - -
27ae159c by Moritz Muehlenhoff at 2022-11-03T11:20:57+01:00
new libde265 issues
- - - - -
3bf23c09 by Moritz Muehlenhoff at 2022-11-03T11:31:51+01:00
new gitlab issues
- - - - -
bde03440 by Moritz Muehlenhoff at 2022-11-03T12:35:05+01:00
NFUs
gitlab n/a
- - - - -
462d2059 by Sylvain Beucler at 2022-11-03T12:48:05+01:00
CVE-2022-42919/python*: clarify notes
- - - - -
1e179266 by Chris Lamb at 2022-11-03T12:01:34+00:00
dla-needed.txt: (Re-)claim python-django
- - - - -
3ec53c92 by Sylvain Beucler at 2022-11-03T16:28:48+01:00
dla: attribute kopanocore status
- - - - -
38dbe76e by Sylvain Beucler at 2022-11-03T16:54:05+01:00
dla: claim ffmpeg
- - - - -
2c92f29b by Moritz Muehlenhoff at 2022-11-03T17:30:48+01:00
python3.10 fixed in sid
- - - - -
e85e9a9e by Moritz Muehlenhoff at 2022-11-03T17:31:34+01:00
python3.11 fixed in sid
- - - - -
256dda50 by Sylvain Beucler at 2022-11-03T17:50:51+01:00
DLA-3010-1/ffmpeg: reference 3 CVEs
- - - - -
fd3d2462 by Sylvain Beucler at 2022-11-03T17:55:14+01:00
CVE-2020-20896/ffmpeg: fix stretch triage
- - - - -
0074db8c by Salvatore Bonaccorso at 2022-11-03T20:39:52+01:00
Add CVE-2022-4289{5,6}/linux
- - - - -
2b5267fa by security tracker role at 2022-11-03T20:10:31+00:00
automatic update
- - - - -
b8214981 by Salvatore Bonaccorso at 2022-11-03T21:15:53+01:00
Process NFUs
- - - - -
5ef6cca2 by Ola Lundqvist at 2022-11-03T21:20:08+01:00
Marked CVE-2021-46853 as no-dsa following the decision for buster.
- - - - -
e201f029 by Salvatore Bonaccorso at 2022-11-03T21:29:50+01:00
Process some NFUs
- - - - -
165dbef7 by Salvatore Bonaccorso at 2022-11-03T21:29:52+01:00
Add new glpi CVEs
- - - - -
8984d6bb by Salvatore Bonaccorso at 2022-11-03T21:29:53+01:00
Add CVE-2022-39369/php-cas
- - - - -
4ad01db2 by Ola Lundqvist at 2022-11-03T21:32:13+01:00
Marked CVE-2022-42906 as ignored for buster. For bullseye it was marked as no-dsa and minor issue. Considering that the solution require the user to reconfigure the system meaning it is not backwards compatible together that it is considered minor for bullseye the decision is to ignore it for buster.
- - - - -
6cf2e537 by Salvatore Bonaccorso at 2022-11-03T22:36:25+01:00
Add tag information for upstream commit for CVE-2022-44638
- - - - -
fb537498 by Salvatore Bonaccorso at 2022-11-03T22:49:09+01:00
Add upstream commit references for CVE-2021-46853 and CVE-2021-38370
- - - - -
32d3dca7 by Salvatore Bonaccorso at 2022-11-03T22:51:39+01:00
Add Debian bug reference for CVE-2022-44638/pixman
- - - - -
0c47a033 by Salvatore Bonaccorso at 2022-11-03T23:01:32+01:00
Add Debian bug reference for CVE-2022-2097/openssl
- - - - -
07a1fd77 by Tobias Frost at 2022-11-03T23:27:56+01:00
Reserve DLA-3176-1 for clickhouse
- - - - -
c2daf96b by Dominik George at 2022-11-04T08:47:34+01:00
Remove freerdp stretch/jessie entries from CVE list
- - - - -
d8a2086a by security tracker role at 2022-11-04T08:10:15+00:00
automatic update
- - - - -
2320e111 by Salvatore Bonaccorso at 2022-11-04T09:18:20+01:00
Process some NFUs
- - - - -
461da654 by Sylvain Beucler at 2022-11-04T09:23:32+01:00
CVE-2022-2879,CVE-2022-2880,CVE-2022-41715/golang-1.11: buster postponed
- - - - -
ca091fd2 by Salvatore Bonaccorso at 2022-11-04T09:27:34+01:00
Process some more NFUs
- - - - -
6d486c5e by Salvatore Bonaccorso at 2022-11-04T09:34:37+01:00
Reserve DSA number for ntfs-3g update
- - - - -
a73f1be6 by Chris Lamb at 2022-11-04T12:47:36+00:00
Reserve DLA-3177-1 for python-django
- - - - -
da5a54c8 by Chris Lamb at 2022-11-04T12:48:44+00:00
dla-needed.txt: Update note for Django.
- - - - -
14f929ca by Sylvain Beucler at 2022-11-04T15:04:32+01:00
Reserve DLA-3178-1 for ffmpeg
- - - - -
52f7600f by Alberto Garcia at 2022-11-04T16:27:02+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2022-0010
- - - - -
159ff561 by Sylvain Beucler at 2022-11-04T17:28:34+01:00
dla: claim phpseclib/php-phpseclib
- - - - -
02cd83d1 by Sylvain Beucler at 2022-11-04T17:28:36+01:00
CVE-2021-30130/phpseclib,php-phpseclib: attempt to clarify
- - - - -
2b503a09 by Salvatore Bonaccorso at 2022-11-04T19:38:35+01:00
Add additional reference for CVE-2022-37454
- - - - -
a4ed22d4 by security tracker role at 2022-11-04T20:10:21+00:00
automatic update
- - - - -
670f22e7 by Salvatore Bonaccorso at 2022-11-04T21:11:09+01:00
Assign both webkit2gtk and wpewebkit
- - - - -
f1571d64 by Salvatore Bonaccorso at 2022-11-04T21:15:52+01:00
Add CVE-2021-34055/jhead
- - - - -
0e19352e by Salvatore Bonaccorso at 2022-11-04T21:34:28+01:00
Add CVE-2022-43945/linux
- - - - -
412d4eac by Salvatore Bonaccorso at 2022-11-04T21:36:18+01:00
Remove NFU note from three CVEs
Further investigation showed that it was not a security issue and the
assigning CNA has withdrawn it.
- - - - -
315c22fa by Salvatore Bonaccorso at 2022-11-04T21:40:37+01:00
Add missing tracking for webkit2gtk and wpewebkit for CVE-2022-32888 and CVE-2022-32923
- - - - -
016160b3 by Salvatore Bonaccorso at 2022-11-04T21:47:23+01:00
Process some NFUs
- - - - -
fbb3de1a by Salvatore Bonaccorso at 2022-11-04T21:50:32+01:00
Add CVE-2022-3721/froxlor
- - - - -
6c205e6b by Alberto Garcia at 2022-11-05T02:03:33+01:00
Update DLA-3124-1 with the CVEs from the 2022-0010 WebKit advisory
- - - - -
722f491c by security tracker role at 2022-11-05T08:10:12+00:00
automatic update
- - - - -
806812c4 by Salvatore Bonaccorso at 2022-11-05T09:21:28+01:00
Process some NFUs
- - - - -
65739c6c by Salvatore Bonaccorso at 2022-11-05T14:08:18+01:00
Drop tracking for python-dnslib for bullseye-pu
Link: https://bugs.debian.org/1021851#10
- - - - -
76383380 by Salvatore Bonaccorso at 2022-11-05T14:33:47+01:00
Track fixed version for clickhouse via unstable
- - - - -
490c4996 by Salvatore Bonaccorso at 2022-11-05T14:51:03+01:00
Track fixed version via unstable for three linux CVEs
- - - - -
4a36f21d by Salvatore Bonaccorso at 2022-11-05T16:43:54+01:00
Reference Qualys report directly for CVE-2022-4197{3,4}/multipath-tools
- - - - -
2a57b2e4 by Moritz Mühlenhoff at 2022-11-05T19:42:06+01:00
take xen
- - - - -
87f14581 by Moritz Mühlenhoff at 2022-11-05T19:49:21+01:00
NFUs
- - - - -
de347afe by Salvatore Bonaccorso at 2022-11-05T20:29:41+01:00
Reserve DSA number for libxml2 update
- - - - -
7454a0b9 by Salvatore Bonaccorso at 2022-11-05T20:45:01+01:00
Update information for CVE-2022-42920 and CVE-2022-34169
- - - - -
c3969c86 by Salvatore Bonaccorso at 2022-11-05T20:50:18+01:00
Add CVE-2022-43548/nodejs
- - - - -
304f8022 by security tracker role at 2022-11-05T20:10:21+00:00
automatic update
- - - - -
d8609ce1 by Salvatore Bonaccorso at 2022-11-05T21:13:33+01:00
Add Debian bug reference for CVE-2022-43548/nodejs
- - - - -
f3ff42e5 by Ola Lundqvist at 2022-11-05T22:02:18+01:00
Added webkit2ktk following the decision to add it to dsa-needed.
- - - - -
094f3e24 by Ola Lundqvist at 2022-11-05T22:24:34+01:00
Added nodejs to dla-needed following the decision to add it to dsa-needed..
- - - - -
1c7d0793 by Ola Lundqvist at 2022-11-05T22:32:39+01:00
Added php-cas to dla-needed with a note that it should be investigated further because the fix is not backwards compatible.
- - - - -
d3fa28df by Ola Lundqvist at 2022-11-05T22:43:20+01:00
Added sudo to dla-needed. It may not be the most important fix but sudo is a very important function so better to be sure.
- - - - -
7b0dc57e by Ola Lundqvist at 2022-11-05T22:55:01+01:00
Added pixman to dla-needed. It was hard to judge the severity of the issue so decided that it is better to fix the issue than not to and the fix is trivial.
- - - - -
5d6e1da8 by Chris Lamb at 2022-11-06T07:18:25+00:00
dla-needed.txt: Update note for pixman.
- - - - -
b3859778 by Chris Lamb at 2022-11-06T07:19:44+00:00
data/dla-needed.txt: Claim pixman.
- - - - -
a6d94f93 by Chris Lamb at 2022-11-06T07:21:15+00:00
data/dla-needed.txt: Claim sudo.
- - - - -
7ce8c703 by Salvatore Bonaccorso at 2022-11-06T08:45:42+01:00
Track fixed version via unstable for CVE-2022-43548/nodejs
- - - - -
574b0278 by Salvatore Bonaccorso at 2022-11-06T08:47:06+01:00
Add fixed version for rust-chrono issue
- - - - -
b1bf2f8a by Salvatore Bonaccorso at 2022-11-06T08:54:42+01:00
Mark CVE-2022-43995 as unimportant
sudo is compiled with PAM support in Debian, and the auth/passwd.c code
not built.
- - - - -
c439ca83 by Salvatore Bonaccorso at 2022-11-06T09:05:58+01:00
Add CVE-2022-3854/ceph
- - - - -
10e72a23 by security tracker role at 2022-11-06T08:10:22+00:00
automatic update
- - - - -
87faea98 by Salvatore Bonaccorso at 2022-11-06T13:41:33+01:00
Add CVE-2022-3869/froxlor, itp'ed
- - - - -
c92f7fca by Salvatore Bonaccorso at 2022-11-06T13:42:00+01:00
Process one NFU
- - - - -
971936b2 by Salvatore Bonaccorso at 2022-11-06T13:42:44+01:00
Track fixed version via unstable for CVE-2022-44638/pixman
- - - - -
cea650aa by Salvatore Bonaccorso at 2022-11-06T14:30:08+01:00
Process some NFUs
- - - - -
a8046100 by Salvatore Bonaccorso at 2022-11-06T15:00:25+01:00
Process NFUs
- - - - -
d0679807 by Salvatore Bonaccorso at 2022-11-06T15:01:34+01:00
Add CVE-2022-3509/protobuf
- - - - -
4dfcabbc by Salvatore Bonaccorso at 2022-11-06T15:02:11+01:00
Add CVE-2022-39327/azure-cli
- - - - -
187c8982 by Salvatore Bonaccorso at 2022-11-06T15:03:58+01:00
Use better naming for one NFU product
- - - - -
1fdd2e4f by Salvatore Bonaccorso at 2022-11-06T16:16:43+01:00
Process one NFU
- - - - -
20e5f730 by Salvatore Bonaccorso at 2022-11-06T16:17:18+01:00
Add CVE-2022-39379/fluentd
- - - - -
2852b9ed by Salvatore Bonaccorso at 2022-11-06T16:19:07+01:00
Re-associate CVE-2017-10906 with itp'ed entry for fluentd
- - - - -
b9e56cea by Salvatore Bonaccorso at 2022-11-06T16:53:05+01:00
Process several NFUs
- - - - -
3c16292e by Salvatore Bonaccorso at 2022-11-06T16:54:34+01:00
Add CVE-2022-37620/html-minifier, itp'ed
- - - - -
19a20ca3 by Salvatore Bonaccorso at 2022-11-06T16:55:25+01:00
Add CVE-2022-37598/ulify-js
- - - - -
8df0c773 by Salvatore Bonaccorso at 2022-11-06T16:57:09+01:00
Add CVE-2022-3742{4,5,6}/opennebula
- - - - -
eb72644c by Salvatore Bonaccorso at 2022-11-06T17:01:35+01:00
Add CVE-2022-2421/node-socket.io, itp'ed
- - - - -
c3c2367c by Salvatore Bonaccorso at 2022-11-06T17:02:34+01:00
Add fixed version via unstable for CVE-2015-8857/uglifyjs
- - - - -
8975bbe6 by Salvatore Bonaccorso at 2022-11-06T17:07:02+01:00
Add CVE-2021-40241/xfig
- - - - -
f3190bb9 by Salvatore Bonaccorso at 2022-11-06T17:11:01+01:00
Add CVE-2021-37789/libstb
- - - - -
81a80fcb by security tracker role at 2022-11-06T20:10:44+00:00
automatic update
- - - - -
2e815aa1 by Salvatore Bonaccorso at 2022-11-06T21:16:29+01:00
Add two new CVEs for mahara
- - - - -
d051ef8f by Salvatore Bonaccorso at 2022-11-06T21:17:32+01:00
Add Debian bug reference for CVE-2022-39369/php-cas
- - - - -
fb02c5d4 by Salvatore Bonaccorso at 2022-11-06T21:18:33+01:00
Add Debian bug reference for CVE-2022-39237/golang-github-sylabs-sif
- - - - -
beef90f9 by Salvatore Bonaccorso at 2022-11-06T21:19:26+01:00
Update status for CVE-2022-41766/mediawiki covering unstable
- - - - -
100a3b2f by Salvatore Bonaccorso at 2022-11-06T21:25:56+01:00
Add Debian bug reference for CVE-2022-41853/hsqldb
- - - - -
2756d5cc by Salvatore Bonaccorso at 2022-11-06T21:28:11+01:00
Add entry for DSA 5272-1 for xen
- - - - -
d48a4ff3 by Salvatore Bonaccorso at 2022-11-06T21:28:49+01:00
Add Debian bug reference for CVE-2022-42961/wolfssl
- - - - -
ff04982f by Salvatore Bonaccorso at 2022-11-06T21:31:55+01:00
Remove no-dsa/postponed annotation from CVE-2022-33745 and dsa-needed entry
- - - - -
9c71a3e8 by Anton Gladky at 2022-11-07T06:17:33+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
e75eaccc by Anton Gladky at 2022-11-07T07:09:02+01:00
Update packaeg meta information in dla-needed.txt
- - - - -
7e917c70 by Salvatore Bonaccorso at 2022-11-07T08:56:12+01:00
Add reference to upstream commit for CVE-2022-39369/php-cas
- - - - -
811cdf0d by security tracker role at 2022-11-07T08:10:13+00:00
automatic update
- - - - -
60d595ac by Salvatore Bonaccorso at 2022-11-07T09:18:11+01:00
Remove notes from rejected CVEs
Further investigation by its assigning CNA showed that they were not
security issues.
- - - - -
339832f9 by Salvatore Bonaccorso at 2022-11-07T09:36:04+01:00
Add CVE-2022-42905/wolfssl
- - - - -
25266674 by Salvatore Bonaccorso at 2022-11-07T09:37:25+01:00
Process some NFUs
- - - - -
09c39554 by Emilio Pozuelo Monfort at 2022-11-07T09:42:19+01:00
lts: retake xorg-server
- - - - -
954ccfc8 by Helmut Grohne at 2022-11-07T10:35:21+01:00
delete glibc annotations conflicting with elts tracker
- - - - -
e42b70f6 by Salvatore Bonaccorso at 2022-11-07T11:28:14+01:00
Track fixed version for CVE-2022-39369/php-cas via unstable
- - - - -
6cf9ce87 by Chris Lamb at 2022-11-07T10:44:27+00:00
Reserve DLA-3179-1 for pixman
- - - - -
5f9b9750 by Dominik George at 2022-11-07T12:33:54+01:00
Reserve DLA-3180-1 for python-scciclient
- - - - -
e018d7ab by Chris Lamb at 2022-11-07T12:01:32+00:00
Reserve DLA-3181-1 for sudo
- - - - -
1cabfaa4 by Sylvain Beucler at 2022-11-07T13:46:01+01:00
dla: add libde265
- - - - -
bcd9cc23 by Sylvain Beucler at 2022-11-07T15:36:55+01:00
dla: add puppet-module-puppetlabs-mysql
- - - - -
2e20a81f by Sylvain Beucler at 2022-11-07T16:40:33+01:00
dla: php-cas: add note
- - - - -
72eca0ba by Moritz Muehlenhoff at 2022-11-07T17:40:29+01:00
bullseye triage
- - - - -
6c4e6c5c by Salvatore Bonaccorso at 2022-11-07T21:02:30+01:00
Add upstream tag information for CVE-2022-3275
- - - - -
3f6df6b0 by security tracker role at 2022-11-07T20:10:25+00:00
automatic update
- - - - -
ed1658d7 by Salvatore Bonaccorso at 2022-11-07T21:12:39+01:00
Add Debian bug reference for CVE-2022-3275/puppet-module-puppetlabs-apt
- - - - -
d3dfd7f9 by Salvatore Bonaccorso at 2022-11-07T21:13:23+01:00
Process some NFUs
- - - - -
487e1a09 by Salvatore Bonaccorso at 2022-11-07T21:17:20+01:00
Remove notes from CVE-2022-3772
CVE got rejected as it is a duplicate of CVE-2020-36534.
- - - - -
82952a5e by Salvatore Bonaccorso at 2022-11-07T21:18:49+01:00
Remove notes from CVE-2022-3808
Withdrawn by the assigning CNA as it was not a security issue.
- - - - -
4c264161 by Salvatore Bonaccorso at 2022-11-07T21:28:53+01:00
Process some NFUs
- - - - -
84a2c78b by Salvatore Bonaccorso at 2022-11-07T21:32:54+01:00
Add CVE-2022-4479{2,3}/net-snmp
- - - - -
758d6dd5 by Salvatore Bonaccorso at 2022-11-07T21:38:43+01:00
Process soem NFUs
- - - - -
51427391 by Salvatore Bonaccorso at 2022-11-07T22:03:53+01:00
Process some NFUs
- - - - -
f694f871 by Salvatore Bonaccorso at 2022-11-07T22:04:41+01:00
Add CVE-2022-31256/sendmail
- - - - -
52eb4723 by Salvatore Bonaccorso at 2022-11-07T22:05:39+01:00
Add CVE-2022-28321/pam
- - - - -
ac4e5caf by Salvatore Bonaccorso at 2022-11-08T07:12:34+01:00
Add CVE-2022-3644
- - - - -
c653b76d by Salvatore Bonaccorso at 2022-11-08T07:14:15+01:00
Add CVE-2022-3872/qemu
- - - - -
1065b6a6 by security tracker role at 2022-11-08T08:10:17+00:00
automatic update
- - - - -
00ea0937 by Sylvain Beucler at 2022-11-08T12:01:58+01:00
dla: phpseclib,php-phpseclib: update status
- - - - -
81631ea8 by Sylvain Beucler at 2022-11-08T12:16:33+01:00
CVE-2022-3872/qemu: buster postponed
- - - - -
65770c45 by Salvatore Bonaccorso at 2022-11-08T13:13:59+01:00
Process some NFUs
- - - - -
2e85e39d by Sylvain Beucler at 2022-11-08T14:14:18+01:00
qemu: update buster triage 2021-2022 for LTS
- - - - -
e709418e by Markus Koschany at 2022-11-08T15:40:35+01:00
Reserve DLA-3182-1 for vim
- - - - -
ad21c7ea by Emilio Pozuelo Monfort at 2022-11-08T15:44:53+01:00
lts: take webkit2gtk
- - - - -
3e24d0f6 by Markus Koschany at 2022-11-08T16:18:04+01:00
Triage CVE of vim/buster
Triage several CVE as not affected because the vulnerable code was introduced
later
- - - - -
af7fcaff by Markus Koschany at 2022-11-08T16:30:31+01:00
Add vim to dla-needed.txt
- - - - -
0e237003 by Markus Koschany at 2022-11-08T16:30:53+01:00
Claim libjettison-java in dla-needed.txt
- - - - -
7563bbe4 by Sylvain Beucler at 2022-11-08T17:57:30+01:00
qemu: update buster triage 2019-2020 for LTS
- - - - -
9f1fc72e by Alberto Garcia at 2022-11-08T18:48:10+01:00
webkit2gtk DSA-5273-1 and wpewebkit DSA-5274-1
- - - - -
a5a10cee by Sylvain Beucler at 2022-11-08T20:08:34+01:00
dla: add qemu
- - - - -
00168749 by Salvatore Bonaccorso at 2022-11-08T20:54:46+01:00
Add Debian bug reference for CVE-2021-37789/libstb
- - - - -
bce19224 by Salvatore Bonaccorso at 2022-11-08T21:01:18+01:00
Mark for now CVE-2022-41852 as unimportant
According to the current upstream discussion the CVE might even be
rejected completely as the issue is not to be considered a security
vulnerability by upstream.
Link: https://github.com/apache/commons-jxpath/pull/26#issuecomment-1307567283
- - - - -
729ac14a by Salvatore Bonaccorso at 2022-11-08T21:08:18+01:00
Update information according to XSA-422
- - - - -
c38c374a by security tracker role at 2022-11-08T20:10:28+00:00
automatic update
- - - - -
f7e7b05b by Salvatore Bonaccorso at 2022-11-08T21:15:13+01:00
Process some NFUs
- - - - -
ed7ddb08 by Salvatore Bonaccorso at 2022-11-08T21:17:09+01:00
Correct association for CVE-2022-34556 to PicoC
- - - - -
07c5fb1e by Salvatore Bonaccorso at 2022-11-08T21:21:10+01:00
Process some NFUs
- - - - -
724450e2 by Salvatore Bonaccorso at 2022-11-08T21:33:12+01:00
Process some NFUs
- - - - -
9b563796 by Salvatore Bonaccorso at 2022-11-08T21:57:43+01:00
Process some NFUs
- - - - -
2fd8cd97 by Salvatore Bonaccorso at 2022-11-08T22:00:17+01:00
Add CVE-2022-36077/electron
- - - - -
63d6d0a8 by Moritz Mühlenhoff at 2022-11-08T22:13:45+01:00
take php7.4/php-cas, add pixman
- - - - -
10f31aaf by Moritz Muehlenhoff at 2022-11-08T22:20:44+01:00
fix up one entry
- - - - -
1a8aba6c by Salvatore Bonaccorso at 2022-11-08T23:14:22+01:00
Add Debian bug reference for libbpf issues
- - - - -
7c44a1dd by Thorsten Alteholz at 2022-11-08T23:47:09+01:00
claim graphicsmagick
- - - - -
56e94243 by Thorsten Alteholz at 2022-11-09T00:20:08+01:00
claim ntfs-3g
- - - - -
2b9d7bc9 by Salvatore Bonaccorso at 2022-11-09T07:55:50+01:00
Add new chromium issues
- - - - -
13bf1151 by Salvatore Bonaccorso at 2022-11-09T07:56:49+01:00
Add chromium to dsa-needed list
- - - - -
de61d2a7 by security tracker role at 2022-11-09T08:10:14+00:00
automatic update
- - - - -
2489f941 by Emilio Pozuelo Monfort at 2022-11-09T09:17:25+01:00
Reserve DLA-3183-1 for webkit2gtk
- - - - -
7f463269 by Salvatore Bonaccorso at 2022-11-09T10:36:38+01:00
Process some NFUs
- - - - -
3cbb7498 by Salvatore Bonaccorso at 2022-11-09T10:41:35+01:00
Add CVE-2022-45062/xfce4-settings
- - - - -
16ab7431 by Salvatore Bonaccorso at 2022-11-09T11:00:44+01:00
Add CVE-2022-45061/python
- - - - -
84597b34 by Salvatore Bonaccorso at 2022-11-09T11:12:12+01:00
Add Debian bug reference for CVE-2022-45062/xfce4-settings
- - - - -
704e11bc by Salvatore Bonaccorso at 2022-11-09T11:15:28+01:00
Add CVE-2022-450{59,60}/varnish
- - - - -
d4f36fb4 by Salvatore Bonaccorso at 2022-11-09T11:39:31+01:00
Add CVE-2022-3821/systemd
- - - - -
9aecc1a4 by Moritz Muehlenhoff at 2022-11-09T11:42:18+01:00
one varnish issue n/a for stable
- - - - -
34897e03 by Moritz Muehlenhoff at 2022-11-09T11:47:16+01:00
add varnish fixes
- - - - -
1e1b50cb by Moritz Muehlenhoff at 2022-11-09T11:54:20+01:00
bullseye triage
- - - - -
1b11ace8 by Salvatore Bonaccorso at 2022-11-09T13:07:30+01:00
Process NFUs
- - - - -
3543fa3f by Salvatore Bonaccorso at 2022-11-09T13:08:12+01:00
Add CVE-2022-39377/sysstat
- - - - -
6bca01ae by Salvatore Bonaccorso at 2022-11-09T13:08:38+01:00
Add CVE-2022-39328/grafana
- - - - -
2946a3e3 by Sylvain Beucler at 2022-11-09T13:39:55+01:00
lts-cve-triage.py: move down unexpected_nodsa
this sub-report rarely triggers action from front-desk and is of lower priority
- - - - -
d4683788 by Sylvain Beucler at 2022-11-09T13:42:47+01:00
CVE-2020-22027/ffmpeg: drop stretch triage
so it can be revisited in ELTS
3-4 lines is not particularly invasive, most probably stretch was not-affected really
- - - - -
9424f685 by Salvatore Bonaccorso at 2022-11-09T14:01:34+01:00
Track proposed python-scciclient update via bullseye-pu
- - - - -
237bccab by Moritz Muehlenhoff at 2022-11-09T14:13:56+01:00
bullseye triage
- - - - -
d6bf65d4 by Salvatore Bonaccorso at 2022-11-09T16:26:42+01:00
Add Debian bug references for varnish issues
- - - - -
5b048af4 by Sylvain Beucler at 2022-11-09T16:36:43+01:00
dla: add varnish
- - - - -
e451f2c1 by Salvatore Bonaccorso at 2022-11-09T16:57:57+01:00
Process some NFUs
- - - - -
ea2c44ae by Salvatore Bonaccorso at 2022-11-09T16:59:38+01:00
Process some NFUs
- - - - -
69c04ad5 by Sylvain Beucler at 2022-11-09T18:07:33+01:00
golang*: fix a few buster triage
- - - - -
133342c6 by Sylvain Beucler at 2022-11-09T18:07:33+01:00
dla: add golang-github-nats-io-jwt
- - - - -
6fe4f877 by Salvatore Bonaccorso at 2022-11-09T20:52:13+01:00
Add CVE-2022-41716/go
As the issue only affects Go programms on Windows mark it not-affected,
though unimportant severity would be possible, as source is present. But
going here for not-affected is more inline with previous tracking of
golang issues only affecting Go programms running on Windows.
Upstream it has been fixed in 1.19.3 and 1.18.8.
Link: https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ
- - - - -
bde0dd0a by security tracker role at 2022-11-09T20:10:21+00:00
automatic update
- - - - -
63f27d60 by Salvatore Bonaccorso at 2022-11-09T21:13:22+01:00
Track proposed update for xfig via bullseye-pu
- - - - -
a128900c by Salvatore Bonaccorso at 2022-11-09T21:14:56+01:00
Remove notes from CVE-2022-3638
Further investigation showed that there was no security issue. The
assigning CNA did withdrawn the CVE.
- - - - -
b1717784 by Salvatore Bonaccorso at 2022-11-09T21:36:55+01:00
Process some NFUs
- - - - -
9f7c4927 by Salvatore Bonaccorso at 2022-11-09T21:48:29+01:00
Mark CVE-2022-3787 as NFU
- - - - -
72986967 by Salvatore Bonaccorso at 2022-11-09T22:35:28+01:00
Add xorg-server to dsa-needed list
- - - - -
b71e1cea by Markus Koschany at 2022-11-10T01:25:32+01:00
CVE-2022-40149,libjettison-java: Fixed in unstable
- - - - -
f00a0f47 by security tracker role at 2022-11-10T08:10:12+00:00
automatic update
- - - - -
9075c927 by Salvatore Bonaccorso at 2022-11-10T09:48:18+01:00
Sync status for two linux issues with kernel-sec
- - - - -
eaf011be by Salvatore Bonaccorso at 2022-11-10T09:49:13+01:00
Add CVE-2022-3903/linux
- - - - -
45d3ccce by Salvatore Bonaccorso at 2022-11-10T10:08:11+01:00
Add CVE-2022-3930{6,7}/grafana
- - - - -
a52469d6 by Salvatore Bonaccorso at 2022-11-10T10:12:52+01:00
Process one NFU
- - - - -
ac776cb5 by Salvatore Bonaccorso at 2022-11-10T10:55:49+01:00
Process some NFUs
- - - - -
6317c91d by Markus Koschany at 2022-11-10T12:01:24+01:00
Reserve DLA-3184-1 for libjettison-java
- - - - -
67cfa5eb by Helmut Grohne at 2022-11-10T12:23:26+01:00
delete more conflicting glibc elts annotations
- - - - -
023a0626 by Helmut Grohne at 2022-11-10T12:30:50+01:00
claim vim dla
- - - - -
32b1ce60 by Salvatore Bonaccorso at 2022-11-10T12:32:11+01:00
Adjust tracking for CVE-2022-37601: Associate with node-loader-utils
- - - - -
1e284f74 by Salvatore Bonaccorso at 2022-11-10T12:32:12+01:00
Track two more CVEs for node-loader-utils
- - - - -
9e2378e1 by Salvatore Bonaccorso at 2022-11-10T12:34:31+01:00
Mark CVE-2022-37601/node-loader-utils as no-dsa
- - - - -
b49f0984 by Salvatore Bonaccorso at 2022-11-10T12:34:50+01:00
Track proposed node-loader-utils update via bullseye-pu
- - - - -
01f6c795 by Emilio Pozuelo Monfort at 2022-11-10T13:38:25+01:00
Reserve DLA-3185-1 for xorg-server
- - - - -
fc233276 by Dominik George at 2022-11-10T14:18:53+01:00
CVE-2019-13113: Mark buster unaffected
- - - - -
50dbe3e8 by Moritz Muehlenhoff at 2022-11-10T14:27:48+01:00
chromium fixed in sid
- - - - -
eddc0381 by Moritz Muehlenhoff at 2022-11-10T14:39:05+01:00
NFUs
- - - - -
98d84560 by Moritz Muehlenhoff at 2022-11-10T15:25:34+01:00
nomad n/a
- - - - -
cc35d972 by Dominik George at 2022-11-10T15:37:49+01:00
Reserve DLA-3186-1 for exiv2
- - - - -
43f07226 by Dominik George at 2022-11-10T16:17:50+01:00
Claim some Python packages
- - - - -
5352b6ae by Moritz Muehlenhoff at 2022-11-10T16:53:02+01:00
"new" pikepdf issue
- - - - -
6857f652 by Moritz Muehlenhoff at 2022-11-10T16:55:59+01:00
new python-cleo issue
- - - - -
e0e1e694 by Moritz Muehlenhoff at 2022-11-10T16:58:30+01:00
new pymatgen issue
- - - - -
652bf02a by Moritz Muehlenhoff at 2022-11-10T18:48:56+01:00
two k8s issues, NFUs
- - - - -
fd02f90b by Salvatore Bonaccorso at 2022-11-10T20:29:26+01:00
Track fixed version for several wolfssl issues via unstable
- - - - -
60f5aa23 by Salvatore Bonaccorso at 2022-11-10T20:35:33+01:00
Add CVE-2022-45063/xterm
- - - - -
dffed5e1 by security tracker role at 2022-11-10T20:10:22+00:00
automatic update
- - - - -
97e28bee by Salvatore Bonaccorso at 2022-11-10T21:14:20+01:00
Remove notes for CVE-2022-3642 as it got rejected
The issue did not affect any released or Linux mainline commit.
- - - - -
f2f32e11 by Salvatore Bonaccorso at 2022-11-10T21:17:05+01:00
Remove notes from CVE-2022-39390
It was found to be a duplicate of an earlier CVE and got rejected by the
assigning CNA.
- - - - -
ad0a5be5 by Salvatore Bonaccorso at 2022-11-10T21:29:28+01:00
Process some NFUs
- - - - -
6c8a573e by Salvatore Bonaccorso at 2022-11-10T21:53:17+01:00
Process some NFUs
- - - - -
d8df6b35 by Salvatore Bonaccorso at 2022-11-10T23:13:28+01:00
Add reference to upstream commit for CVE-2022-39377/sysstat
- - - - -
58869224 by Salvatore Bonaccorso at 2022-11-10T23:22:03+01:00
Add Debian bug reference for CVE-2022-39377/sysstat
- - - - -
7c9d0a80 by Moritz Mühlenhoff at 2022-11-10T23:34:23+01:00
chromium DSA
- - - - -
768dcc5c by Sylvain Beucler at 2022-11-11T08:18:10+01:00
dla: php-cas: update note
- - - - -
39d5ebb8 by Salvatore Bonaccorso at 2022-11-11T08:34:50+01:00
Mark CVE-2022-31684 as NFU
- - - - -
457048bf by Sylvain Beucler at 2022-11-11T08:42:03+01:00
CVE-2022-45061/python3.7: buster postponed
- - - - -
3dde85ea by Salvatore Bonaccorso at 2022-11-11T08:46:43+01:00
Add CVE-2022-3715/bash
- - - - -
01264aec by Salvatore Bonaccorso at 2022-11-11T08:47:32+01:00
Add CVE-2022-3916 as NFU
- - - - -
66c61060 by security tracker role at 2022-11-11T08:10:16+00:00
automatic update
- - - - -
9bc66441 by Salvatore Bonaccorso at 2022-11-11T09:13:08+01:00
Remove notes from CVE-2022-3812{6,7,8}
They are now rejected as the issues in binutils were not security
issues. The assigning CNA did withdraw the CVE assignment.
- - - - -
b178b126 by Salvatore Bonaccorso at 2022-11-11T09:16:30+01:00
Process some NFUs
- - - - -
8d8403bc by Salvatore Bonaccorso at 2022-11-11T09:37:41+01:00
Track fixed version for CVE-2022-3628/linux via unstable
- - - - -
8c9eda17 by Moritz Muehlenhoff at 2022-11-11T09:44:53+01:00
new nginx issues
- - - - -
1a7adcf0 by Moritz Muehlenhoff at 2022-11-11T09:44:54+01:00
nginx fixed in sid
- - - - -
27948f86 by Sylvain Beucler at 2022-11-11T10:43:38+01:00
CVE-2022-32149/golang-golang-x-text: buster postponed
- - - - -
aa2075b8 by Sylvain Beucler at 2022-11-11T10:43:39+01:00
CVE-2022-3275/puppet-module-puppetlabs-apt: buster postponed
- - - - -
f8ef1b71 by Sylvain Beucler at 2022-11-11T10:43:39+01:00
dla: add libstb
- - - - -
3be1e72c by Sylvain Beucler at 2022-11-11T11:40:45+01:00
CVE-2021-3805/node-object-path: fix wrong patch URL from mitre
- - - - -
ed88d9e4 by Sylvain Beucler at 2022-11-11T11:47:49+01:00
CVE-2021-23440/node-set-value: fix wrong patch URL from mitre
- - - - -
af25ae6a by Sylvain Beucler at 2022-11-11T12:20:38+01:00
CVE-2022-21227/node-sqlite3: buster not-affected
- - - - -
cfa302c1 by Sylvain Beucler at 2022-11-11T12:27:46+01:00
CVE-2021-33623/node-trim-newlines: reference patches
- - - - -
fea4d7f9 by Sylvain Beucler at 2022-11-11T12:34:30+01:00
dla: add NodeJS packages with bullseye-pu to backport
- - - - -
2ebeb330 by Sylvain Beucler at 2022-11-11T12:55:46+01:00
CVE-2022-32149: fix buster package name
- - - - -
c196c055 by Sylvain Beucler at 2022-11-11T12:56:36+01:00
CVE-2022-3821/systemd: buster postponed
- - - - -
6c119973 by Sylvain Beucler at 2022-11-11T12:57:38+01:00
CVE-2022-45063/xterm: buster postponed
- - - - -
a69c0daa by Sylvain Beucler at 2022-11-11T14:30:37+01:00
dla: add nginx
- - - - -
b9e31167 by Moritz Muehlenhoff at 2022-11-11T14:33:06+01:00
xorg-server fixed in sid
- - - - -
205a514a by Moritz Muehlenhoff at 2022-11-11T14:40:35+01:00
NFU
- - - - -
62108f17 by Salvatore Bonaccorso at 2022-11-11T14:48:56+01:00
CVE-2021-23440: Drop uneeded reference to commit from pull request
- - - - -
32139bac by Sylvain Beucler at 2022-11-11T15:48:12+01:00
dla: add jqueryui
- - - - -
a5ed4a9f by Sylvain Beucler at 2022-11-11T15:56:42+01:00
dla: add libarchive
- - - - -
0c767c32 by Sylvain Beucler at 2022-11-11T16:04:09+01:00
dla: add libsdl2
- - - - -
a89b938c by Moritz Muehlenhoff at 2022-11-11T16:05:36+01:00
bullseye triage
- - - - -
742e1b83 by Salvatore Bonaccorso at 2022-11-11T18:42:31+01:00
Track fixed version for CVE-2022-42905/wolfssl via unstable
- - - - -
411a4384 by Salvatore Bonaccorso at 2022-11-11T20:52:54+01:00
Reflect change in XSA-422 about AMD references
- - - - -
ae84efc0 by Salvatore Bonaccorso at 2022-11-11T21:05:34+01:00
Update information for CVE-2022-3650/ceph
- - - - -
70a72240 by Salvatore Bonaccorso at 2022-11-11T21:09:13+01:00
Add CVE-2022-31764 as NFU
- - - - -
f221026e by security tracker role at 2022-11-11T20:10:24+00:00
automatic update
- - - - -
9e366854 by Salvatore Bonaccorso at 2022-11-11T21:12:35+01:00
Add WSA-2022-0010 references for two CVEs
- - - - -
e1729473 by Salvatore Bonaccorso at 2022-11-11T21:16:58+01:00
Process some NFUs
- - - - -
298e0017 by Salvatore Bonaccorso at 2022-11-11T21:28:58+01:00
Add CVE-2022-3957/gpac
- - - - -
dc5d665b by Salvatore Bonaccorso at 2022-11-11T21:29:28+01:00
Add CVE-2022-3953/exiv2
- - - - -
2fa71d05 by Salvatore Bonaccorso at 2022-11-11T21:30:03+01:00
Process some NFUs
- - - - -
051886be by Salvatore Bonaccorso at 2022-11-11T21:30:37+01:00
Cleanup trailing whitespaces
- - - - -
01057a1f by Salvatore Bonaccorso at 2022-11-12T09:03:51+01:00
Track fixed version for CVE-2022-39286/jupyter-core via unstable
- - - - -
4d35123f by Salvatore Bonaccorso at 2022-11-12T09:05:45+01:00
Track fixed version for CVE-2022-45062/xfce4-settings via unstable
- - - - -
b521d43a by Salvatore Bonaccorso at 2022-11-12T09:07:34+01:00
Remove note from CVE-2021-20223
Further investigation from the assigning CNA showed that this is not a
security issue. Thus the CNA has withdrawn the CVE. Cleanup as well the
cross-reference for DLA 3107-1.
- - - - -
24710ea2 by security tracker role at 2022-11-12T08:10:19+00:00
automatic update
- - - - -
e093b29f by Salvatore Bonaccorso at 2022-11-12T10:10:08+01:00
Process some NFUs
- - - - -
c16266b5 by Salvatore Bonaccorso at 2022-11-12T13:55:50+01:00
Reserve DSA number for pixman update
- - - - -
c2d69089 by Markus Koschany at 2022-11-12T15:51:39+01:00
CVE-2022-42003,CVE-2022-42004,jackson-databind: fixed in unstable
- - - - -
4d22791c by Salvatore Bonaccorso at 2022-11-12T16:18:37+01:00
Process some NFUs
- - - - -
4f774c1a by Sylvain Beucler at 2022-11-12T16:21:48+01:00
CVE-2022-3957/gpac: buster end-of-life
- - - - -
e36a7af7 by Sylvain Beucler at 2022-11-12T16:21:48+01:00
dla: add sysstat
- - - - -
1e079878 by Sylvain Beucler at 2022-11-12T16:48:26+01:00
TEMP-0000000-DD73A0/php-illuminate-database: buster fixed
- - - - -
a7d55c38 by Sylvain Beucler at 2022-11-12T17:05:25+01:00
dla: add inetutils
- - - - -
84c08df7 by security tracker role at 2022-11-12T20:10:18+00:00
automatic update
- - - - -
cbb27f13 by security tracker role at 2022-11-13T08:10:12+00:00
automatic update
- - - - -
873a48a1 by Salvatore Bonaccorso at 2022-11-13T13:41:19+01:00
Add CVE-2022-45188/netatalk
- - - - -
a9e77d53 by Salvatore Bonaccorso at 2022-11-13T13:44:15+01:00
Track fixed version for CVE-2022-31015/waitress via unstable
- - - - -
3e53f083 by Salvatore Bonaccorso at 2022-11-13T14:36:35+01:00
Reference required followup for jhead issue
- - - - -
2b1a44cf by Salvatore Bonaccorso at 2022-11-13T15:17:30+01:00
Update status for onionshare for bullseye
- - - - -
e7f265eb by Salvatore Bonaccorso at 2022-11-13T15:18:47+01:00
Track proposed onionshare fixes via bullseye-pu
- - - - -
7e7e3697 by Moritz Muehlenhoff at 2022-11-13T19:19:20+01:00
bullseye triage
- - - - -
1c95f83e by Moritz Mühlenhoff at 2022-11-13T19:27:54+01:00
PHP, xorg-server
- - - - -
4de90930 by Moritz Mühlenhoff at 2022-11-13T19:29:44+01:00
add two additional PHP CVEs
- - - - -
b20527fd by Salvatore Bonaccorso at 2022-11-13T20:39:20+01:00
Sort CVE list for DSA 5277-1
- - - - -
8ae94f34 by Salvatore Bonaccorso at 2022-11-13T20:44:28+01:00
Track fixed version via experimental for CVE-2022-27651/golang-github-containers-buildah
- - - - -
686231bf by Moritz Muehlenhoff at 2022-11-13T20:46:36+01:00
bugnums
- - - - -
a51a052e by security tracker role at 2022-11-13T20:10:23+00:00
automatic update
- - - - -
8fde0213 by Salvatore Bonaccorso at 2022-11-13T21:17:01+01:00
Proces some NFUs
- - - - -
6821c66e by Salvatore Bonaccorso at 2022-11-13T21:17:34+01:00
Add CVE-2022-3970/tiff
- - - - -
08a07620 by Utkarsh Gupta at 2022-11-14T02:55:51+05:30
Reserve DLA-3187-1 for dropbear
- - - - -
da0c300f by Utkarsh Gupta at 2022-11-14T03:18:18+05:30
Reserve DLA-3188-1 for sysstat
- - - - -
54038c79 by Markus Koschany at 2022-11-13T23:43:31+01:00
Claim asterisk in dla-needed.txt and update NOTES
- - - - -
8a688a05 by Markus Koschany at 2022-11-13T23:59:34+01:00
Claim jackson-databind in dla-needed.txt
- - - - -
e29f11d5 by Anton Gladky at 2022-11-14T06:32:31+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
67f23686 by Salvatore Bonaccorso at 2022-11-14T07:31:16+01:00
Add wordpress for dsa-needed list
- - - - -
b2b3cb66 by Salvatore Bonaccorso at 2022-11-14T07:33:43+01:00
Track fixed version for CVE-2022-28919/dokuwiki via unstable
- - - - -
869b3168 by Salvatore Bonaccorso at 2022-11-14T07:39:35+01:00
Track fixed version for CVE-2021-34337/mailman3 via unstable
- - - - -
99e9b9ef by Salvatore Bonaccorso at 2022-11-14T07:40:59+01:00
Track fix via experimental for CVE-2022-2989/libpod
- - - - -
8069da79 by Salvatore Bonaccorso at 2022-11-14T08:41:30+01:00
Add CVE-2022-3977/linux
- - - - -
02d91ddf by security tracker role at 2022-11-14T08:10:20+00:00
automatic update
- - - - -
ddc99505 by Moritz Muehlenhoff at 2022-11-14T09:48:20+01:00
new pillow issue
- - - - -
cbe5a9ca by Salvatore Bonaccorso at 2022-11-14T09:55:36+01:00
Add CVE-2022-45199/pillow
- - - - -
09eb68dd by Salvatore Bonaccorso at 2022-11-14T09:55:39+01:00
Add CVE-2022-45198/pillow
- - - - -
2d61aefd by Salvatore Bonaccorso at 2022-11-14T09:56:57+01:00
Add CVE-2022-3979/nagvis
- - - - -
f5311755 by Moritz Muehlenhoff at 2022-11-14T10:35:38+01:00
bullseye triage
- - - - -
64f260cc by Moritz Muehlenhoff at 2022-11-14T10:45:43+01:00
new airflow issue
- - - - -
4e5e3d80 by Abhijith PA at 2022-11-14T15:47:19+05:30
update note in dla-needed
- - - - -
01f74ec8 by Helmut Grohne at 2022-11-14T11:48:24+01:00
triage vim CVEs
apo's vim lts upload actually fixed CVE-2021-3872, but he forgot
mentioning it.
Add number of not-affected for buster and sometimes bullseye.
Remove two stretch annotations to avoid conflicts with the ELTS tracker.
- - - - -
f718a129 by Moritz Muehlenhoff at 2022-11-14T12:19:43+01:00
node-loader-utils fixed in sid
fix typo
- - - - -
8dbf76de by Moritz Muehlenhoff at 2022-11-14T16:21:32+01:00
NFUs
- - - - -
961c092e by Moritz Muehlenhoff at 2022-11-14T18:52:24+01:00
new ffmpeg "issues"
- - - - -
24563c0c by Moritz Muehlenhoff at 2022-11-14T19:00:28+01:00
NFUs
- - - - -
7877ac9b by Utkarsh Gupta at 2022-11-15T01:16:19+05:30
Reserve DLA-3189-1 for postgresql-11
- - - - -
c23ede1f by Salvatore Bonaccorso at 2022-11-14T20:48:09+01:00
Update information on CVE-2022-2580
- - - - -
17be5252 by Salvatore Bonaccorso at 2022-11-14T20:49:05+01:00
Mark CVE-2022-3037 and CVE-2022-2982 as no-dsa
- - - - -
5b84dc09 by Salvatore Bonaccorso at 2022-11-14T21:00:18+01:00
Update information for CVE-2022-37599 and CVE-2022-37603
- - - - -
0b9ac79d by security tracker role at 2022-11-14T20:10:25+00:00
automatic update
- - - - -
58046883 by Moritz Muehlenhoff at 2022-11-14T21:28:51+01:00
p0 references
- - - - -
60ea61a3 by Salvatore Bonaccorso at 2022-11-14T21:33:23+01:00
Track fixes for dpdk issues via experimental
- - - - -
64769f56 by Salvatore Bonaccorso at 2022-11-14T21:35:43+01:00
Process some NFUs
- - - - -
a5bcc07d by Salvatore Bonaccorso at 2022-11-14T21:37:42+01:00
Add additional reference for CVE-2022-40303
- - - - -
9d3a91ba by Salvatore Bonaccorso at 2022-11-14T21:41:57+01:00
Process some NFUs
- - - - -
6506538d by Salvatore Bonaccorso at 2022-11-14T21:59:20+01:00
Add CVE-2022-41854/snakeyaml
- - - - -
c99a4a9a by Salvatore Bonaccorso at 2022-11-14T22:03:09+01:00
Record upstream fixed version for CVE-2022-31630
- - - - -
d6c1da0b by Salvatore Bonaccorso at 2022-11-14T22:54:17+01:00
Track fixed version for various mysql-8.0 issues
- - - - -
f402348f by Salvatore Bonaccorso at 2022-11-15T07:46:21+01:00
Add CVE-2022-39353/node-xmldom
- - - - -
7c3f5d05 by Salvatore Bonaccorso at 2022-11-15T07:52:44+01:00
Add CVE-2022-45136/apache-jena
- - - - -
eb0c7653 by security tracker role at 2022-11-15T08:10:19+00:00
automatic update
- - - - -
6f2f5f32 by Salvatore Bonaccorso at 2022-11-15T09:41:43+01:00
Process some NFUs
- - - - -
570215af by Salvatore Bonaccorso at 2022-11-15T09:46:23+01:00
Process some NFUs
- - - - -
da3928db by Moritz Muehlenhoff at 2022-11-15T12:39:00+01:00
nautilus non issue
- - - - -
94a8d3c4 by Sébastien Delafond at 2022-11-15T12:40:06+01:00
Claim wordpress
- - - - -
317d7839 by Moritz Muehlenhoff at 2022-11-15T15:01:42+01:00
NFUs
- - - - -
c3f1bee5 by Emilio Pozuelo Monfort at 2022-11-15T15:46:37+01:00
lts: take php7.3
- - - - -
d4f3e7f0 by Salvatore Bonaccorso at 2022-11-15T16:57:46+01:00
Add CVE-2022-42898/{heimdal,krb5,samba}
- - - - -
9c1e35c4 by Chris Lamb at 2022-11-15T16:19:26+00:00
dla-needed.txt: Update note for python-django.
- - - - -
e153726f by Moritz Muehlenhoff at 2022-11-15T18:15:45+01:00
samba fixed in sid
- - - - -
6c76dfda by Sébastien Delafond at 2022-11-15T18:28:37+01:00
Reserve DSA-5279-1 for wordpress
- - - - -
77adaae9 by Salvatore Bonaccorso at 2022-11-15T18:51:43+01:00
Reference upstream commits for CVE-2022-42898/krb5
- - - - -
9d53217d by Salvatore Bonaccorso at 2022-11-15T19:04:27+01:00
Add two new grub2 issues
- - - - -
8c44ce2f by Salvatore Bonaccorso at 2022-11-15T19:05:17+01:00
Add grub2 to dsa-needed list
- - - - -
5d346f0b by Moritz Muehlenhoff at 2022-11-15T19:31:31+01:00
new firefox issues
- - - - -
3f4b9a27 by Moritz Muehlenhoff at 2022-11-15T19:35:24+01:00
new firefox-esr issues
- - - - -
7956dde2 by Moritz Muehlenhoff at 2022-11-15T19:38:37+01:00
new thunderbird issues
- - - - -
f73f6a04 by Emilio Pozuelo Monfort at 2022-11-15T19:49:29+01:00
lts: reclaim php7.3
Accidentally removed in 9c1e35c4.
- - - - -
0dc432ac by Emilio Pozuelo Monfort at 2022-11-15T19:51:04+01:00
lts: take firefox-esr and thunderbird
- - - - -
c398ea7d by Salvatore Bonaccorso at 2022-11-15T20:06:35+01:00
Track fixed version for grub2 issues via unstable
- - - - -
098c6088 by Salvatore Bonaccorso at 2022-11-15T20:14:03+01:00
Add additional bug cross reference for wordpress 5.9.2 update
- - - - -
e512a817 by Salvatore Bonaccorso at 2022-11-15T20:15:20+01:00
Build fixed version for bullseye wordpress upload for DSA 5279-1
- - - - -
0eae5d3c by Salvatore Bonaccorso at 2022-11-15T20:19:35+01:00
Reserve DSA number for grub2 update
- - - - -
93664f30 by Salvatore Bonaccorso at 2022-11-15T20:56:20+01:00
Add jackson-databind to dsa-needed list
- - - - -
c77f4984 by Moritz Mühlenhoff at 2022-11-15T21:04:22+01:00
nginx DSA
- - - - -
6ac24945 by security tracker role at 2022-11-15T20:10:18+00:00
automatic update
- - - - -
e26a80cc by Salvatore Bonaccorso at 2022-11-15T21:15:45+01:00
Update status for CVE-2021-3981/grub2
- - - - -
62bd5dec by Salvatore Bonaccorso at 2022-11-15T21:19:01+01:00
Mark CVE-2021-3981/grub2 as no-dsa
- - - - -
7db20d2c by Salvatore Bonaccorso at 2022-11-15T21:22:50+01:00
Process one NFU
- - - - -
20338cb1 by Salvatore Bonaccorso at 2022-11-15T21:38:40+01:00
Process NFUs
- - - - -
c17492c4 by Salvatore Bonaccorso at 2022-11-15T22:09:39+01:00
Add CVE-2022-44640/heimdal
- - - - -
80058933 by Salvatore Bonaccorso at 2022-11-15T22:10:06+01:00
Reference heimdal commit for CVE-2022-42898
- - - - -
46128e4f by Salvatore Bonaccorso at 2022-11-15T22:10:32+01:00
Record heimdal commits for CVE-2022-3437
- - - - -
9a8ce74d by Salvatore Bonaccorso at 2022-11-15T22:11:02+01:00
Add CVE-2021-44758/heimdal
- - - - -
cdb148e3 by Salvatore Bonaccorso at 2022-11-15T22:11:41+01:00
Track upstream commits for CVE-2019-14870/heimdal
- - - - -
471c0e63 by Salvatore Bonaccorso at 2022-11-15T22:12:20+01:00
Add heimdal to dsa-needed list
- - - - -
42c2c1b0 by Salvatore Bonaccorso at 2022-11-15T22:15:28+01:00
Add temporary description for CVE-2022-42898
- - - - -
44ffd9f0 by Salvatore Bonaccorso at 2022-11-15T22:39:43+01:00
Add Debian bug reference for new heimdal issues
- - - - -
98faca81 by Salvatore Bonaccorso at 2022-11-15T22:58:23+01:00
Track two more CVEs for node-loader-utils update for bullseye-pu
- - - - -
0c5d1e30 by Salvatore Bonaccorso at 2022-11-15T22:59:23+01:00
Mark two CVEs for node-loader-utils as no-dsa
They are additionally already proposed to be fixed via the next
bullseye point release.
- - - - -
52abb627 by Luca Boccassi at 2022-11-15T22:34:31+00:00
CVE-2022-39327: windows-only, mark as not-affected
- - - - -
15ce08c3 by Salvatore Bonaccorso at 2022-11-15T23:40:04+01:00
Track fixed version for thunderbird issues for mfsa2022-49
- - - - -
71f43998 by Salvatore Bonaccorso at 2022-11-16T05:49:08+00:00
Merge branch 'bluca/CVE-2022-39327' into 'master'
CVE-2022-39327: windows-only, mark as not-affected
See merge request security-tracker-team/security-tracker!118
- - - - -
c8040003 by Salvatore Bonaccorso at 2022-11-16T06:50:53+01:00
Track fixed firefox-esr issues via unstable for mfsa2022-48
- - - - -
fc5810a8 by Salvatore Bonaccorso at 2022-11-16T08:55:13+01:00
Add CVE-2022-0137/htmldoc
- - - - -
589281fb by security tracker role at 2022-11-16T08:10:19+00:00
automatic update
- - - - -
4437527a by Salvatore Bonaccorso at 2022-11-16T09:26:41+01:00
Add CVE-2022-41916/heimdal which got retrospectively a CVE assigned
- - - - -
2fb292f6 by Salvatore Bonaccorso at 2022-11-16T09:30:49+01:00
Process two NFUs
- - - - -
9a6597f0 by Salvatore Bonaccorso at 2022-11-16T09:32:27+01:00
Add grub2 to dla needed list
- - - - -
83f418a5 by Chris Lamb at 2022-11-16T08:35:32+00:00
Triage CVE-2021-44420 in python-django for buster LTS.
- - - - -
e6e43e84 by Salvatore Bonaccorso at 2022-11-16T09:37:27+01:00
Process some NFUs
- - - - -
33f3e7d9 by Salvatore Bonaccorso at 2022-11-16T10:04:27+01:00
Reserve DLA-3190-1 for grub2
- - - - -
d7159710 by Stefano Rivera at 2022-11-16T11:46:37+02:00
Take fwupd
- - - - -
d82dbd02 by Moritz Muehlenhoff at 2022-11-16T11:04:49+01:00
bullseye triage
- - - - -
a7341097 by Moritz Muehlenhoff at 2022-11-16T11:05:43+01:00
jupyterhub fixed in sid
- - - - -
3a131135 by Thorsten Alteholz at 2022-11-16T11:38:43+01:00
update notes
- - - - -
ef145bde by Salvatore Bonaccorso at 2022-11-16T11:54:20+01:00
Update status for CVE-2022-41849/linux
- - - - -
92de32ca by Salvatore Bonaccorso at 2022-11-16T12:04:23+01:00
Update information for CVE-2022-41850/linux
- - - - -
16267b2d by Moritz Muehlenhoff at 2022-11-16T12:25:00+01:00
NFU
- - - - -
597c53d8 by Moritz Muehlenhoff at 2022-11-16T13:34:36+01:00
firefox fixed in sid
- - - - -
1cfa351b by Salvatore Bonaccorso at 2022-11-16T14:01:25+01:00
Update information for CVE-2022-40768/linux
- - - - -
1604946b by Moritz Muehlenhoff at 2022-11-16T14:07:33+01:00
NFUs
- - - - -
ce78a30a by Salvatore Bonaccorso at 2022-11-16T14:14:03+01:00
Update information for CVE-2022-3903/linux
- - - - -
c17691b3 by Salvatore Bonaccorso at 2022-11-16T14:20:23+01:00
Update information for CVE-2022-3640/linux
- - - - -
fac80d7e by Salvatore Bonaccorso at 2022-11-16T14:23:40+01:00
Update information for CVE-2022-3619/linux
- - - - -
a67515a9 by Moritz Muehlenhoff at 2022-11-16T14:25:31+01:00
cargo fixed in sid
- - - - -
eaf64d44 by Salvatore Bonaccorso at 2022-11-16T14:27:01+01:00
Update information for CVE-2022-3564/linux
- - - - -
9dce62de by Moritz Muehlenhoff at 2022-11-16T14:35:00+01:00
xen fixed in sid
- - - - -
6334ac17 by Salvatore Bonaccorso at 2022-11-16T14:52:18+01:00
Update information for CVE-2022-2978/linux
- - - - -
76b08f2e by Moritz Muehlenhoff at 2022-11-16T15:13:14+01:00
cargo not yet fixed in latest upload
- - - - -
4d7366d5 by Moritz Muehlenhoff at 2022-11-16T15:17:29+01:00
Revert "cargo not yet fixed in latest upload"
This reverts commit 76b08f2eaf67d08c67514331577bd1f0b4d5a93d. These
are in fact fixed via cherrypicked patches.
- - - - -
426e7541 by Salvatore Bonaccorso at 2022-11-16T16:09:22+01:00
Process some NFUs
- - - - -
a48e2a46 by Salvatore Bonaccorso at 2022-11-16T16:10:17+01:00
Add CVE-2022-3920/consul
- - - - -
50919499 by Salvatore Bonaccorso at 2022-11-16T16:10:46+01:00
Add CVE-2022-41882/nextcloud-desktop
- - - - -
4f280d03 by Salvatore Bonaccorso at 2022-11-16T16:11:19+01:00
Add CVE-2022-2166/mastodon
- - - - -
fe43b6a9 by Salvatore Bonaccorso at 2022-11-16T16:12:33+01:00
Track regression report for CVE-2022-42898/heimdal
- - - - -
27abb735 by Salvatore Bonaccorso at 2022-11-16T16:34:54+01:00
CVE-2022-42898/heimdal: Reference pull request for regression which contains better details
- - - - -
6cf6d54f by Moritz Mühlenhoff at 2022-11-16T19:50:40+01:00
firefox-esr DSA
- - - - -
4e33fee5 by Salvatore Bonaccorso at 2022-11-16T20:31:28+01:00
Add Debian bug reference for CVE-2022-42898/krb5
- - - - -
91f5ab52 by security tracker role at 2022-11-16T20:10:16+00:00
automatic update
- - - - -
4adc7b52 by Salvatore Bonaccorso at 2022-11-16T21:18:18+01:00
Process some NFUs
- - - - -
50a6da91 by Salvatore Bonaccorso at 2022-11-16T21:28:20+01:00
Add CVE-2022-4018/rdiffweb
- - - - -
a5aa3676 by Salvatore Bonaccorso at 2022-11-16T21:29:03+01:00
Process some NFUs
- - - - -
f5648410 by Salvatore Bonaccorso at 2022-11-16T22:31:56+01:00
Update status for CVE-2022-2764/undertow
- - - - -
eac6d10b by Salvatore Bonaccorso at 2022-11-16T22:32:56+01:00
Add Debian bug reference for CVE-2021-34055/jhead
- - - - -
56643c86 by Salvatore Bonaccorso at 2022-11-16T22:47:40+01:00
Add Debian bug reference for CVE-2022-3704/rails
- - - - -
8a285cc2 by Salvatore Bonaccorso at 2022-11-17T07:19:59+01:00
Reference upstream commit for CVE-2020-25657/m2crypto
- - - - -
db741351 by Salvatore Bonaccorso at 2022-11-17T07:21:43+01:00
Track fixed version for CVE-2020-25657/m2crypto via unstable
- - - - -
6c2446c9 by Sébastien Delafond at 2022-11-17T08:03:43+01:00
Reserve DSA-5279-2 for wordpress
- - - - -
428fffd5 by Salvatore Bonaccorso at 2022-11-17T08:10:06+01:00
Add CVE-2022-3857/libpng1.6
- - - - -
72c11036 by security tracker role at 2022-11-17T08:10:16+00:00
automatic update
- - - - -
25f07b0a by Salvatore Bonaccorso at 2022-11-17T09:15:29+01:00
Process one NFU
- - - - -
c1dd412e by Salvatore Bonaccorso at 2022-11-17T09:19:28+01:00
Add new freerdp2 issues (CVE-2022-393{16,17,18,19,20})
- - - - -
27c8ff3a by Salvatore Bonaccorso at 2022-11-17T09:20:36+01:00
Process some NFUs
- - - - -
76a17c0a by Salvatore Bonaccorso at 2022-11-17T10:22:52+01:00
Add CVE-2022-41877/freerdp2
- - - - -
49c76ae6 by Salvatore Bonaccorso at 2022-11-17T10:23:54+01:00
Add CVE-2022-39347/freerdp2
- - - - -
c3c17135 by Chris Lamb at 2022-11-17T09:49:30+00:00
Reserve DLA-3191-1 for python-django
- - - - -
cd361a77 by Dominik George at 2022-11-17T11:15:37+01:00
Reserve DLA-3192-1 for lava
- - - - -
8b5fc30b by Sylvain Beucler at 2022-11-17T11:26:21+01:00
dla: clarify notes
- - - - -
cbb8486e by Dominik George at 2022-11-17T11:37:28+01:00
Reserve DLA-3193-1 for joblib
- - - - -
557d34f3 by Markus Koschany at 2022-11-17T12:12:34+01:00
Reserve DSA-5283-1 for jackson-databind
- - - - -
bc386a49 by Markus Koschany at 2022-11-17T12:22:29+01:00
Reserve DLA-3194-1 for asterisk
- - - - -
596afd8b by Dominik George at 2022-11-17T12:35:13+01:00
Reserve DLA-3195-1 for jupyter-core
- - - - -
080df07b by Dominik George at 2022-11-17T12:41:43+01:00
Grab twisted
- - - - -
0ad0804e by Emilio Pozuelo Monfort at 2022-11-17T12:51:46+01:00
Reserve DLA-3196-1 for thunderbird
- - - - -
3e7c25d4 by Moritz Muehlenhoff at 2022-11-17T15:40:26+01:00
xpdf n/a
- - - - -
6dd286d5 by Moritz Muehlenhoff at 2022-11-17T16:20:28+01:00
NFUs
- - - - -
eced38e6 by Sylvain Beucler at 2022-11-17T16:25:17+01:00
Reserve DLA-3197-1 for phpseclib
- - - - -
831e22fc by Sylvain Beucler at 2022-11-17T16:26:29+01:00
Reserve DLA-3198-1 for php-phpseclib
- - - - -
f580ec2d by Sylvain Beucler at 2022-11-17T18:07:34+01:00
dla: claim libarchive
- - - - -
cb6da20b by Thorsten Alteholz at 2022-11-17T19:30:30+01:00
add krb5
- - - - -
ad915210 by Thorsten Alteholz at 2022-11-17T19:34:17+01:00
add heimdal
- - - - -
ccb9e5e1 by Moritz Mühlenhoff at 2022-11-17T19:45:32+01:00
thunderbird DSA
- - - - -
6a3afca2 by Emilio Pozuelo Monfort at 2022-11-17T20:17:39+01:00
Reserve DLA-3199-1 for firefox-esr
- - - - -
71a1a56c by Salvatore Bonaccorso at 2022-11-17T20:29:26+01:00
Track fixed version for CVE-2022-42898/krb5 via unstable
- - - - -
aa915aef by security tracker role at 2022-11-17T20:10:19+00:00
automatic update
- - - - -
77e9353c by Salvatore Bonaccorso at 2022-11-17T21:16:35+01:00
Process two NFUs
- - - - -
7523fcf1 by Salvatore Bonaccorso at 2022-11-17T21:28:39+01:00
Process some NFUs
- - - - -
a875d248 by Salvatore Bonaccorso at 2022-11-17T21:29:10+01:00
Add CVE-2022-43138/dolibarr
- - - - -
d514b90b by Laszlo Boszormenyi (GCS) at 2022-11-17T22:11:20+01:00
Add CVE-2022-43705/botan
- - - - -
f562ba8e by Salvatore Bonaccorso at 2022-11-17T22:12:37+01:00
Add CVE-2022-3510/protobuf
- - - - -
7183e904 by Salvatore Bonaccorso at 2022-11-17T22:17:03+01:00
Add upstream commit references for CVE-2022-43705
- - - - -
3d9aafd3 by Markus Koschany at 2022-11-17T22:38:14+01:00
Reserve DSA-5285-1 for asterisk
- - - - -
747cb034 by Laszlo Boszormenyi (GCS) at 2022-11-17T22:54:56+01:00
Add CVE-2022-43705/botan fixed version in unstable
- - - - -
87e0af68 by Salvatore Bonaccorso at 2022-11-17T23:08:24+01:00
Process various NFUs
- - - - -
5138f279 by security tracker role at 2022-11-18T08:10:13+00:00
automatic update
- - - - -
d892b377 by Salvatore Bonaccorso at 2022-11-18T09:18:24+01:00
Process several NFUs
- - - - -
dc044590 by Salvatore Bonaccorso at 2022-11-18T09:23:27+01:00
Update status for CVE-2022-3637
- - - - -
757f85df by Chris Lamb at 2022-11-18T08:41:38+00:00
data/dla-needed.txt: Claim krb5.
- - - - -
08984bee by Chris Lamb at 2022-11-18T08:48:08+00:00
data/dla-needed.txt: Claim gerbv.
- - - - -
8614237b by Chris Lamb at 2022-11-18T08:48:52+00:00
data/dla-needed.txt: Claim frr.
- - - - -
89ca1bd0 by Salvatore Bonaccorso at 2022-11-18T12:11:56+01:00
Update information for CVE-2021-3414{5,6,7,8}/bluez-firmware
- - - - -
70ed362b by Moritz Muehlenhoff at 2022-11-18T12:45:21+01:00
NFUs
- - - - -
7cc7c9f5 by Moritz Muehlenhoff at 2022-11-18T13:08:06+01:00
bullseye triage
- - - - -
a2c94d56 by Moritz Muehlenhoff at 2022-11-18T16:13:49+01:00
add libpng reference
- - - - -
79a468c6 by Moritz Muehlenhoff at 2022-11-18T18:32:05+01:00
two poetry n/a
- - - - -
c8cced87 by Salvatore Bonaccorso at 2022-11-18T20:53:02+01:00
Correct tracking for CVE-2021-36976/libarchive
The oss-fuzz report testcase is as well a "RAR archive data, v5" making
lcear the referenced fixing commit touching only
libarchive/archive_read_support_format_tar.c unrelated to the issue.
There is enough evidence as well with crosschecking with other distros
that we can consider the introducing commit be 47bb8187d3ef ("RAR5
reader: window_mask was not updated correctly").
Discussion with upstream in
https://github.com/libarchive/libarchive/issues/1554 in particular
leading to
https://github.com/libarchive/libarchive/pull/1491#issuecomment-997453342
indicate the fix
https://github.com/libarchive/libarchive/commit/17f4e83c0f0fc3bacf4b2bbacb01f987bb5aff5f
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
is confusing further as it specifies as fix 56c920eab335 ("Merge pull
request #1626 from evelikov/bsdtar-allow-ax") which with the above does
not make sense. IIRC back when the CVE appeared first in the feed the
OSV-2021-557.yaml was the only additional reference available.
In short: Introducing commit is 47bb8187d3ef ("RAR5 reader: window_mask
was not updated correctly"). Fixing commit is 17f4e83c0f0f ("RAR5
reader: fix invalid memory access in some files").
Update buster affected status accordingly and bring it inline to the
stretch analysis.
- - - - -
845c4f2a by security tracker role at 2022-11-18T20:10:24+00:00
automatic update
- - - - -
0fa9fc25 by Salvatore Bonaccorso at 2022-11-18T21:11:19+01:00
Update information for CVE-2022-36069
The issue is actually in poetry-core: From poetry 1.1.9 release notes
there is the according reference:
Fixed an issue where unsafe parameters could be passed to git commands.
(python-poetry/poetry-core#203)
https://github.com/python-poetry/poetry-core/pull/203 is in poetry core
and fixed for the 1.0 branch in the 1.0.5 upstream version. First
included in poetry-core/1.0.7-1 upload to unstable.
Update tracking to associate it to poetry-core.
- - - - -
242d89ce by Salvatore Bonaccorso at 2022-11-18T21:12:21+01:00
Update source association for CVE-2022-36070 to poetry-core
- - - - -
6a5d17cc by Salvatore Bonaccorso at 2022-11-18T21:13:40+01:00
Process one NFU
- - - - -
a7223ae0 by Salvatore Bonaccorso at 2022-11-18T21:20:05+01:00
Process some NFUs
- - - - -
3de58829 by security tracker role at 2022-11-19T08:10:15+00:00
automatic update
- - - - -
c9200c52 by Salvatore Bonaccorso at 2022-11-19T10:00:45+01:00
Add CVE-2022-4055/xdg-utils
- - - - -
6784a1a6 by Salvatore Bonaccorso at 2022-11-19T10:15:08+01:00
Add new tensorflow issues
- - - - -
d8b761b9 by Salvatore Bonaccorso at 2022-11-19T10:15:50+01:00
Process NFUs
- - - - -
45a0defb by Salvatore Bonaccorso at 2022-11-19T10:16:48+01:00
Add CVE-2022-45132/lava
- - - - -
c4375267 by Salvatore Bonaccorso at 2022-11-19T10:17:30+01:00
Add CVE-2022-44641/lava
- - - - -
34ed65ec by Salvatore Bonaccorso at 2022-11-19T11:54:53+01:00
Add Debian bug reference for CVE-2022-45132/lava
- - - - -
437cd4e7 by Salvatore Bonaccorso at 2022-11-19T11:59:00+01:00
Add Debian bug reference for CVE-2022-44641/lava
- - - - -
5debeda8 by Salvatore Bonaccorso at 2022-11-19T14:00:36+01:00
Take krb5 from dsa-needed list
- - - - -
f5440ccf by Salvatore Bonaccorso at 2022-11-19T14:17:53+01:00
Reserve DSA number for krb5 update
- - - - -
ed3a977e by Thorsten Alteholz at 2022-11-19T19:03:22+01:00
add erlang
- - - - -
f6a96ba3 by Thorsten Alteholz at 2022-11-19T19:12:21+01:00
mark CVE-2022-43705 as no-dsa for Buster
- - - - -
d60aec1c by Thorsten Alteholz at 2022-11-19T19:16:10+01:00
mark CVE-2021-3981 as no-dsa for Buster
- - - - -
202f6141 by Thorsten Alteholz at 2022-11-19T19:21:25+01:00
mark CVE-2022-3979 as no-dsa for Buster
- - - - -
805cb7e5 by Thorsten Alteholz at 2022-11-19T19:28:05+01:00
mark CVE-2022-21690 as not-affected for Buster
- - - - -
74a21acb by Salvatore Bonaccorso at 2022-11-19T20:56:33+01:00
Track fixed version for CVE-2021-34055/jhead via unstable
- - - - -
fff99aad by security tracker role at 2022-11-19T20:10:28+00:00
automatic update
- - - - -
866bbf8b by Salvatore Bonaccorso at 2022-11-19T21:22:07+01:00
Add CVE-2022-4064/ruby-dalli
- - - - -
4db1e46e by Salvatore Bonaccorso at 2022-11-19T21:23:47+01:00
Track postgresql-14 as removed from everywhere (superseeded by postgresql-15)
- - - - -
f323fc97 by Thorsten Alteholz at 2022-11-20T01:42:36+01:00
mark CVE-2022-45198 as no-dsa for Buster
- - - - -
53093990 by Thorsten Alteholz at 2022-11-20T02:00:05+01:00
mark CVEs for non-free bluez-firmware as no-dsa
- - - - -
261d02f9 by security tracker role at 2022-11-20T08:10:15+00:00
automatic update
- - - - -
f6440abe by Salvatore Bonaccorso at 2022-11-20T12:17:29+01:00
Process some NFUs
- - - - -
0babc201 by Salvatore Bonaccorso at 2022-11-20T14:23:13+01:00
Add several GHSA references for heimdal CVEs
- - - - -
47655399 by Salvatore Bonaccorso at 2022-11-20T20:45:09+01:00
Track fixed version for CVE-2020-29260/libvncserver via unstable
- - - - -
e1661a0a by Salvatore Bonaccorso at 2022-11-20T20:55:03+01:00
Update status for CVE-2022-42966/python-cleo
- - - - -
2fbeccaa by security tracker role at 2022-11-20T20:10:21+00:00
automatic update
- - - - -
9c592330 by Salvatore Bonaccorso at 2022-11-20T21:13:40+01:00
Add Debian bug reference for CVE-2022-45199/pillow
- - - - -
ddc0b31f by Salvatore Bonaccorso at 2022-11-20T21:16:49+01:00
Add Debian bug reference for freerdp2 issues
- - - - -
b0e7a85b by Salvatore Bonaccorso at 2022-11-20T21:18:02+01:00
Drop check entries from already rejected CVEs (the assigning CNA withdrawn them)
- - - - -
4eb2e58e by Thorsten Alteholz at 2022-11-20T23:54:54+01:00
mark CVE-2022-3715 as no-dsa for Buster
- - - - -
62a0cddc by Thorsten Alteholz at 2022-11-21T00:04:10+01:00
add net-snmp
- - - - -
0600dd09 by Thorsten Alteholz at 2022-11-21T00:06:21+01:00
update note
- - - - -
a18c884a by Thorsten Alteholz at 2022-11-21T00:10:46+01:00
add xdg-utils
- - - - -
06d262e2 by Thorsten Alteholz at 2022-11-21T00:13:20+01:00
add xfce4-settings
- - - - -
80cbb595 by Markus Koschany at 2022-11-21T00:26:27+01:00
Claim firmware-nonfree in dla-needed.txt
- - - - -
99dd5d08 by Markus Koschany at 2022-11-21T00:27:03+01:00
Claim nginx in dla-needed.txt
- - - - -
b6886286 by Thorsten Alteholz at 2022-11-21T00:27:41+01:00
add ring
- - - - -
b7029f21 by Thorsten Alteholz at 2022-11-21T00:27:41+01:00
mark CVE-2021-46849 as no-dsa for Buster
- - - - -
025d30b6 by Thorsten Alteholz at 2022-11-21T00:29:21+01:00
add exiv2
- - - - -
22eec36a by Thorsten Alteholz at 2022-11-21T00:29:23+01:00
mark CVEs for freerdp2 as no-dsa for Buster
- - - - -
e6675c26 by Thorsten Alteholz at 2022-11-21T00:32:00+01:00
Reserve DLA-3200-1 for graphicsmagick
- - - - -
6a4b112b by Thorsten Alteholz at 2022-11-21T00:35:50+01:00
oops, merging did not work
- - - - -
114b6462 by Markus Koschany at 2022-11-21T00:49:20+01:00
CVE-2022-37026,erlang: Link to possible fixing commit
- - - - -
0d7f0d61 by security tracker role at 2022-11-21T08:10:11+00:00
automatic update
- - - - -
cf59fe3a by Salvatore Bonaccorso at 2022-11-21T09:45:05+01:00
Add CVE-2022-4093/dolibarr
- - - - -
8f048e82 by Salvatore Bonaccorso at 2022-11-21T09:46:38+01:00
Add CVE-2022-4087/ipxe
- - - - -
a2d84d6d by Moritz Muehlenhoff at 2022-11-21T11:57:04+01:00
bullseye triage
- - - - -
6ca0332c by Moritz Muehlenhoff at 2022-11-21T12:46:34+01:00
NFUs
- - - - -
4736cf4b by Moritz Muehlenhoff at 2022-11-21T13:37:29+01:00
new testng issue
- - - - -
78a7a183 by Moritz Muehlenhoff at 2022-11-21T13:40:20+01:00
new gitlab issues
- - - - -
f31d24af by Moritz Muehlenhoff at 2022-11-21T13:49:50+01:00
two additional CVEs from August Nvidia advisory, copy over existing entries for older suites
- - - - -
6a51411d by Moritz Muehlenhoff at 2022-11-21T13:55:14+01:00
new zoneminder issues
new potential otrs/znuny issue
- - - - -
496dd385 by Moritz Muehlenhoff at 2022-11-21T14:00:21+01:00
new maradns issue
- - - - -
c71feb9f by Moritz Muehlenhoff at 2022-11-21T14:03:38+01:00
NFUs
- - - - -
91cd8e14 by Moritz Muehlenhoff at 2022-11-21T14:27:57+01:00
NFU
- - - - -
9104af55 by Salvatore Bonaccorso at 2022-11-21T20:50:56+01:00
CVE-2022-37026: Add followup commit references correcting guard check
Markus did already pinpoint the fixing commit needed for the OTP-23.3
branch. Apparently later on there was a followup commit to correct the
guard check. Add those as well for any potential stable and older
release to make sure we do not hit a regression.
- - - - -
0459d42d by Salvatore Bonaccorso at 2022-11-21T20:57:33+01:00
Directly reference fixing commit for CVE-2022-4065
- - - - -
ec4e9735 by Salvatore Bonaccorso at 2022-11-21T21:08:51+01:00
Update information on CVE-2022-4065/testng
- - - - -
93cf03ab by security tracker role at 2022-11-21T20:10:30+00:00
automatic update
- - - - -
5ea842a2 by Salvatore Bonaccorso at 2022-11-21T21:12:47+01:00
Add Debian bug reference for CVE-2022-39052
- - - - -
6792b8e6 by Salvatore Bonaccorso at 2022-11-21T21:14:42+01:00
Process several NFUs
- - - - -
e8b6f922 by Salvatore Bonaccorso at 2022-11-21T21:16:00+01:00
Track ember as removed from every supported suite
- - - - -
d515e028 by Salvatore Bonaccorso at 2022-11-21T21:40:47+01:00
Drop several CVEs (originally assigned to exiv2)
Furhter investigation has shown that they were not security issues and
the assigning CNA has withrawn it.
This impacts as well DLA 3186-1 list of CVE.
- - - - -
14e234f2 by Salvatore Bonaccorso at 2022-11-21T21:42:37+01:00
Drop notes from CVE-2022-41852 (withdrawn)
- - - - -
38da4a0d by Salvatore Bonaccorso at 2022-11-21T21:44:39+01:00
Remove notes for some libcommons-jxpath-java CVEs
They are rejected by the assigning CNA.
- - - - -
d439cb3d by Salvatore Bonaccorso at 2022-11-21T21:46:35+01:00
Remove notes from CVE-2022-2154 (duplicate of CVE-2022-34345)
- - - - -
b22e837b by Salvatore Bonaccorso at 2022-11-21T21:48:06+01:00
Remove notes from CVE-2019-20417 (duplicate of CVE-2019-15011)
- - - - -
a2270498 by Laszlo Boszormenyi (GCS) at 2022-11-21T22:06:45+01:00
Add fixed versions for protobuf via unstable for serveral CVEs
- - - - -
b752470c by Salvatore Bonaccorso at 2022-11-21T22:44:52+01:00
Proces some NFUs
- - - - -
a9491949 by Thorsten Alteholz at 2022-11-22T00:11:36+01:00
Reserve DLA-3201-1 for ntfs-3g
- - - - -
1d0a5186 by security tracker role at 2022-11-22T08:10:12+00:00
automatic update
- - - - -
01170a10 by Salvatore Bonaccorso at 2022-11-22T09:31:38+01:00
Add CVE-2022-4095/linux
- - - - -
eaa8125c by Salvatore Bonaccorso at 2022-11-22T09:36:14+01:00
Process some NFUs
- - - - -
138d2804 by Salvatore Bonaccorso at 2022-11-22T09:37:30+01:00
Add CVE-2022-42096/backdrop
- - - - -
3b611f9c by Salvatore Bonaccorso at 2022-11-22T09:40:15+01:00
Associate three Backdrop CMS CVEs with backdrop itp'ed entry
- - - - -
169b987b by Salvatore Bonaccorso at 2022-11-22T09:43:06+01:00
Add new airflow CVEs
- - - - -
de1d3186 by Salvatore Bonaccorso at 2022-11-22T10:48:55+01:00
Process NFUs
- - - - -
e12857e6 by Salvatore Bonaccorso at 2022-11-22T11:14:23+01:00
Add CVE-2022-36227/libarchive
- - - - -
78a35fe5 by Markus Koschany at 2022-11-22T14:41:02+01:00
CVE-2022-37026,erlang: Link to Debian bug
- - - - -
b7e5ca61 by Moritz Muehlenhoff at 2022-11-22T15:19:52+01:00
rust-atty n/a
- - - - -
65152569 by Sylvain Beucler at 2022-11-22T15:39:06+01:00
Reserve DLA-3202-1 for libarchive
- - - - -
e150f200 by Salvatore Bonaccorso at 2022-11-22T20:37:52+01:00
Reserve DSA number for heimdal update
- - - - -
6d0430c6 by security tracker role at 2022-11-22T20:10:25+00:00
automatic update
- - - - -
eb8083b2 by Salvatore Bonaccorso at 2022-11-22T21:19:10+01:00
Process two NFUs
- - - - -
8e24fb18 by Salvatore Bonaccorso at 2022-11-22T21:28:06+01:00
Process some NFUs
- - - - -
50888da3 by Salvatore Bonaccorso at 2022-11-22T21:28:58+01:00
Update information for CVE-2022-24590: Associate with backdrop, itp'ed
- - - - -
80952d92 by Salvatore Bonaccorso at 2022-11-22T21:29:54+01:00
Track two CVEs for backdrop, itp'ed
- - - - -
c897b5e5 by Salvatore Bonaccorso at 2022-11-22T21:34:25+01:00
Add CVE-2022-41952/matrix-synapse
- - - - -
6432744c by Salvatore Bonaccorso at 2022-11-22T21:45:25+01:00
Add CVE-2022-3910/linux
- - - - -
b853d3b0 by Salvatore Bonaccorso at 2022-11-22T22:28:33+01:00
Process some NFUs
- - - - -
3b511020 by Salvatore Bonaccorso at 2022-11-22T22:41:16+01:00
Mark CVE-2022-36227/libarchive as no-dsa for bullseye
- - - - -
c378dccd by Salvatore Bonaccorso at 2022-11-22T22:47:13+01:00
Add Debian bug reference for CVE-2022-36227/libarchive
- - - - -
cce5b8db by Markus Koschany at 2022-11-23T00:30:31+01:00
Reserve DLA-3203-1 for nginx
- - - - -
f94fc6ed by Salvatore Bonaccorso at 2022-11-23T08:05:28+01:00
Add CVE-2022-41858/linux
- - - - -
5077e6ba by Salvatore Bonaccorso at 2022-11-23T08:08:46+01:00
Add new moodle issues: CVE-2022-45149, CVE-2022-4515[0-2]
- - - - -
776c2ad2 by Salvatore Bonaccorso at 2022-11-23T09:06:25+01:00
Add Debian bug reference for four tiff issues, #1024670
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
f568f619 by security tracker role at 2022-11-23T08:10:18+00:00
automatic update
- - - - -
7eeba1c0 by Salvatore Bonaccorso at 2022-11-23T09:23:46+01:00
Track proposed libvncserver update for bullseye-pu
- - - - -
18af4dcd by Salvatore Bonaccorso at 2022-11-23T09:37:22+01:00
Add CVE-2021-46854/proftpd-dfsg
- - - - -
7fbbc639 by Salvatore Bonaccorso at 2022-11-23T09:49:42+01:00
Process some NFUs
- - - - -
1d86ed13 by Salvatore Bonaccorso at 2022-11-23T10:50:41+01:00
Add CVE-2022-404{4,5}/mattermost-server
- - - - -
09893385 by Salvatore Bonaccorso at 2022-11-23T10:51:51+01:00
Process some NFUs
- - - - -
689969d1 by Salvatore Bonaccorso at 2022-11-23T10:52:24+01:00
Add CVE-2022-42095/backdrop, itp'ed
- - - - -
1564b16c by Helmut Grohne at 2022-11-23T11:39:16+01:00
drop ELTS annotation for vim to allow changing it in ELTS tracker
- - - - -
70450616 by Moritz Muehlenhoff at 2022-11-23T12:29:05+01:00
bullseye triage
- - - - -
66f84df3 by Salvatore Bonaccorso at 2022-11-23T14:05:48+01:00
Update information on CVE-2021-46854/proftpd-dfsg
- - - - -
55038710 by Moritz Muehlenhoff at 2022-11-23T21:06:46+01:00
bullseye triage
- - - - -
1c138355 by security tracker role at 2022-11-23T20:10:28+00:00
automatic update
- - - - -
29fc6588 by Salvatore Bonaccorso at 2022-11-23T21:34:15+01:00
Remove notes from CVE-2021-46849 (duplicate of CVE-2021-29421)
- - - - -
96b89fb1 by Salvatore Bonaccorso at 2022-11-23T21:45:43+01:00
Process some NFUs
- - - - -
eacc683d by Salvatore Bonaccorso at 2022-11-23T21:50:07+01:00
Add CVE-2022-41922/yii
- - - - -
8ec37e33 by Salvatore Bonaccorso at 2022-11-23T22:27:57+01:00
Add CVE-2009-114{2,3}/open-vm-tools
- - - - -
f462e6ab by Guilhem Moulin at 2022-11-23T23:55:33+01:00
claim heimdal
- - - - -
92825cd5 by Roberto C. Sánchez at 2022-11-23T21:45:46-05:00
LTS: claim curl in dla-needed.txt
- - - - -
15e03eaa by Salvatore Bonaccorso at 2022-11-24T06:16:14+01:00
Add CVE-2022-4129/linux
- - - - -
7f54197b by Salvatore Bonaccorso at 2022-11-24T06:31:58+01:00
Add CVE-2022-4128/linux
- - - - -
8613eb24 by Salvatore Bonaccorso at 2022-11-24T06:36:10+01:00
Add CVE-2022-4127/linux
- - - - -
cb13d782 by Salvatore Bonaccorso at 2022-11-24T06:57:10+01:00
Update status for CVE-2022-4127/ipxe issue
- - - - -
8969b911 by Salvatore Bonaccorso at 2022-11-24T07:04:10+01:00
Add Debian bug reference for CVE-2022-3970/tiff
- - - - -
dd1bf6c9 by Salvatore Bonaccorso at 2022-11-24T07:04:52+01:00
Add Debian bug reference for CVE-2022-39353/node-xmldom
- - - - -
de8c1656 by Salvatore Bonaccorso at 2022-11-24T07:21:19+01:00
Add Debian bug reference for CVE-2022-45136/apache-jena
- - - - -
e80f2d9b by security tracker role at 2022-11-24T08:10:17+00:00
automatic update
- - - - -
865e33e9 by Moritz Muehlenhoff at 2022-11-24T09:59:35+01:00
two buildah non issues
- - - - -
5c3e7bb3 by Moritz Muehlenhoff at 2022-11-24T10:04:43+01:00
NFUs
- - - - -
c56dcc47 by Helmut Grohne at 2022-11-24T10:17:12+01:00
Reserve DLA-3204-1 for vim
- - - - -
778bff91 by Moritz Muehlenhoff at 2022-11-24T10:51:59+01:00
bullseye triage
- - - - -
2b1a0660 by Salvatore Bonaccorso at 2022-11-24T11:25:27+01:00
Unify uid in list
- - - - -
0ec01dcc by Salvatore Bonaccorso at 2022-11-24T11:31:48+01:00
Add CVE-2022-45873/systemd
- - - - -
74751211 by Salvatore Bonaccorso at 2022-11-24T11:38:04+01:00
Track fixed version via unstable for CVE-2022-39353/node-xmldom
- - - - -
d4ebd871 by Salvatore Bonaccorso at 2022-11-24T11:39:52+01:00
Track proposed update for node-xmldom via bullseye-pu
- - - - -
addbf000 by Markus Koschany at 2022-11-24T15:39:34+01:00
Claim xfce4-settings in dla-needed.txt
- - - - -
27ea9a50 by Salvatore Bonaccorso at 2022-11-24T15:51:17+01:00
Add CVE-2022-45868/h2database
- - - - -
18667990 by Salvatore Bonaccorso at 2022-11-24T15:52:12+01:00
Add CVE-2022-44789/mujs
- - - - -
a8683380 by Salvatore Bonaccorso at 2022-11-24T15:52:55+01:00
Add CVE-2022-41946/libpgjava
- - - - -
03fa448a by Salvatore Bonaccorso at 2022-11-24T15:53:30+01:00
Process some NFUs
- - - - -
d58d408c by Salvatore Bonaccorso at 2022-11-24T16:16:48+01:00
Mark CVE-2022-45868/h2database as unimportant
- - - - -
a9246dbc by Moritz Muehlenhoff at 2022-11-24T16:21:02+01:00
bullseye triage
- - - - -
f0ef78ab by Salvatore Bonaccorso at 2022-11-24T16:23:44+01:00
Add Debian bug reference for CVE-2022-44789/mujs
- - - - -
b9d72035 by Markus Koschany at 2022-11-24T16:27:34+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
0baa7172 by Markus Koschany at 2022-11-24T16:27:58+01:00
Remove xfce4-settings from dla-needed.txt
The vulnerable code was introduced later.
- - - - -
0f514658 by Markus Koschany at 2022-11-24T16:29:07+01:00
CVE-2022-45062,xfce4-settings: buster is not affected
The vulnerable code was introduced later
- - - - -
bee1ef77 by Markus Koschany at 2022-11-24T16:30:12+01:00
Claim varnish in dla-needed.txt
- - - - -
dcd93ee8 by Salvatore Bonaccorso at 2022-11-24T17:52:37+01:00
Track fixed version for CVE-2022-44789/mujs via unstable
- - - - -
8244fee1 by Laszlo Boszormenyi (GCS) at 2022-11-24T18:56:52+01:00
Add fixed versions for tiff via unstable for serveral CVEs
- - - - -
4a8d6d5a by security tracker role at 2022-11-24T20:10:21+00:00
automatic update
- - - - -
b457516d by Salvatore Bonaccorso at 2022-11-24T21:23:16+01:00
Process NFUs
- - - - -
bdc0bc37 by Salvatore Bonaccorso at 2022-11-24T21:26:03+01:00
Remove note for CVE-2022-45062
- - - - -
c73821ae by Salvatore Bonaccorso at 2022-11-24T21:31:21+01:00
Reference functional regression for initial CVE-2022-45062/xfce4-settings fix
- - - - -
8151b3cb by Salvatore Bonaccorso at 2022-11-24T22:19:07+01:00
Track fixed version for CVE-2022-2989/libpod via unstable
- - - - -
5a81d8bf by Salvatore Bonaccorso at 2022-11-24T22:21:40+01:00
Track fixed version for CVE-2022-27651/golang-github-containers-buildah via unstable
- - - - -
c489d9ff by Guilhem Moulin at 2022-11-24T23:46:15+01:00
Claim inetutils in dla-needed.txt
- - - - -
7b6b66e5 by Salvatore Bonaccorso at 2022-11-25T08:38:22+01:00
Add CVE-2022-4134/glance
- - - - -
2b477634 by security tracker role at 2022-11-25T08:10:15+00:00
automatic update
- - - - -
b0d9c7c6 by Salvatore Bonaccorso at 2022-11-25T09:16:42+01:00
Add CVE-2021-33621/ruby
- - - - -
8e07ca82 by Moritz Muehlenhoff at 2022-11-25T09:19:58+01:00
libpgjava no-dsa
- - - - -
6833106a by Salvatore Bonaccorso at 2022-11-25T09:20:52+01:00
Add CVE-2022-45888/linux
- - - - -
8824f072 by Salvatore Bonaccorso at 2022-11-25T09:23:14+01:00
Add CVE-2022-45887/linux
- - - - -
1c42c1bf by Salvatore Bonaccorso at 2022-11-25T09:25:40+01:00
Add CVE-2022-45886/linux
- - - - -
25c1682f by Salvatore Bonaccorso at 2022-11-25T09:27:19+01:00
Add CVE-2022-45885/linux
- - - - -
5b24ecef by Salvatore Bonaccorso at 2022-11-25T09:29:18+01:00
Add CVE-2022-45884/linux
- - - - -
056dc1d6 by Salvatore Bonaccorso at 2022-11-25T09:37:38+01:00
Add CVE-2022-4135/chromium
- - - - -
62917c4e by Salvatore Bonaccorso at 2022-11-25T09:41:06+01:00
Process some NFUs
- - - - -
6d189977 by Salvatore Bonaccorso at 2022-11-25T09:41:48+01:00
Add chromium to dsa-needed list
- - - - -
f1ac73f2 by Salvatore Bonaccorso at 2022-11-25T10:24:59+01:00
Add additional commit reference for ruby issue
- - - - -
43c9e55c by Salvatore Bonaccorso at 2022-11-25T10:30:05+01:00
Update information for CVE-2022-2990/golang-github-containers-buildah
- - - - -
0e14697e by Salvatore Bonaccorso at 2022-11-25T10:33:45+01:00
Add Debian bug references for CVE-2021-33621/ruby
- - - - -
0c90cfd7 by Guilhem Moulin at 2022-11-25T13:31:49+01:00
Reserve DLA-3205-1 for inetutils
- - - - -
f4e51b0d by Guilhem Moulin at 2022-11-25T13:36:29+01:00
DLA-3205-1: CVE-2020-8284 belongs to curl not inetutils.
(Spelled it out in d/changelog since it's similar to inetutils'
CVE-2021-40491, but it doesn't belongs to the DLA.)
- - - - -
ce13d6eb by Moritz Muehlenhoff at 2022-11-25T15:25:10+01:00
mark CVE-2022-39052 as NFU, znuny diverged a lot from OTRS 6.0 and the upstream
fixed several bugs which could be the one described by OTRS, but in the end noone
will know for sure and it doesn't make sense to keep it open indefinitely
- - - - -
945f202f by Moritz Mühlenhoff at 2022-11-25T19:43:51+01:00
graphicsmagick DSA
- - - - -
344ee89a by Moritz Muehlenhoff at 2022-11-25T19:57:06+01:00
bullseye triage
- - - - -
ed0ed8a7 by security tracker role at 2022-11-25T20:10:29+00:00
automatic update
- - - - -
02aa9dc4 by Salvatore Bonaccorso at 2022-11-25T21:12:47+01:00
Drop notes from CVE-2022-4015{3,4,5,6}
They were rejected as they were incorrectly assigned.
- - - - -
453c2814 by Salvatore Bonaccorso at 2022-11-25T21:15:26+01:00
Add CVE-2022-4141/vim
- - - - -
1725b9b7 by Salvatore Bonaccorso at 2022-11-25T21:24:02+01:00
Process some NFUs
- - - - -
a88e325a by Moritz Muehlenhoff at 2022-11-25T23:17:56+01:00
ruby no-dsa
- - - - -
94cd39d4 by Moritz Muehlenhoff at 2022-11-25T23:20:37+01:00
advancecomp fixed in sid
- - - - -
83605875 by security tracker role at 2022-11-26T08:10:12+00:00
automatic update
- - - - -
baf8b8f4 by Salvatore Bonaccorso at 2022-11-26T09:17:18+01:00
Process two NFUs
- - - - -
0c449daa by Salvatore Bonaccorso at 2022-11-26T09:18:41+01:00
Add CVE-2022-4144/qemu
- - - - -
5dd8fc81 by Salvatore Bonaccorso at 2022-11-26T11:14:13+01:00
Update information for CVE-2020-36309
- - - - -
4284f2f1 by Salvatore Bonaccorso at 2022-11-26T11:17:07+01:00
Correct information for CVE-2020-36309 for src:libnginx-mod-http-lua
- - - - -
0f119ecb by Salvatore Bonaccorso at 2022-11-26T16:12:20+01:00
Mark CVE-2022-3521 as unimportant
- - - - -
7152190a by Salvatore Bonaccorso at 2022-11-26T16:12:58+01:00
Track fixed version for two linux CVEs via unstable upload
- - - - -
e771cd3e by Roberto C. Sánchez at 2022-11-26T12:16:20-05:00
LTS: claim imagemagick in dla-needed.txt
- - - - -
e21261cf by Roberto C. Sánchez at 2022-11-26T13:18:20-05:00
LTS: mark CVE-2020-10251 as <not-affected> for buster, add notes on introducing upstream commits
- - - - -
e7ca4158 by Guilhem Moulin at 2022-11-26T20:27:26+01:00
Reserve DLA-3206-1 for heimdal
- - - - -
beb676c6 by Roberto C. Sánchez at 2022-11-26T14:55:03-05:00
Additional fixing commit for CVE-2020-25666
- - - - -
8b199b06 by security tracker role at 2022-11-26T20:10:25+00:00
automatic update
- - - - -
58166046 by Roberto C. Sánchez at 2022-11-26T17:28:55-05:00
Additional fixing commits for CVE-2020-27759
- - - - -
57088072 by security tracker role at 2022-11-27T08:10:12+00:00
automatic update
- - - - -
9196af4d by Salvatore Bonaccorso at 2022-11-27T09:24:22+01:00
Track fixed vrersion for chromium issue (CVE-2022-4135) via unstable
- - - - -
2df6f3de by Salvatore Bonaccorso at 2022-11-27T09:26:50+01:00
Add CVE-2022-45919/linux
- - - - -
5b558620 by Salvatore Bonaccorso at 2022-11-27T09:31:12+01:00
Add CVE-2022-45934/linux
- - - - -
aa4f396c by Salvatore Bonaccorso at 2022-11-27T09:35:56+01:00
Process some NFUs
- - - - -
cb1e1c6d by Salvatore Bonaccorso at 2022-11-27T09:36:30+01:00
Remove todo item for CVE-2022-45919
- - - - -
1efc6d89 by Salvatore Bonaccorso at 2022-11-27T09:37:17+01:00
Add CVE-2022-45907/pytorch
- - - - -
918a2392 by Utkarsh Gupta at 2022-11-27T14:10:46+05:30
Mark CVE-2009-1143/open-vm-tools as postponed for buster
- - - - -
1fba0734 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Mark CVE-2022-396{4,5}/ffmpeg as postponed for buster
- - - - -
d34e07f6 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Add lava to dla-needed
- - - - -
e8fe3b20 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Add pngcheck to dla-needed
- - - - -
4e41abfa by Anton Gladky at 2022-11-27T09:43:32+01:00
LTS: claim netatalk in dla-needed.txt
- - - - -
ce7864de by Markus Koschany at 2022-11-27T19:50:08+01:00
Reserve DLA-3207-1 for jackson-databind
- - - - -
d5f2dc2a by Salvatore Bonaccorso at 2022-11-27T20:18:48+01:00
Track fixed version for CVE-2022-39237/golang-github-sylabs-sif
- - - - -
dfe99cca by Salvatore Bonaccorso at 2022-11-27T20:22:27+01:00
Track fixed version for various heimdal issues fixed via unstable
- - - - -
eb1466f5 by Salvatore Bonaccorso at 2022-11-27T20:35:38+01:00
Mark CVE-2022-45907 as no-dsa for bullseye
- - - - -
4e0708ff by security tracker role at 2022-11-27T20:10:31+00:00
automatic update
- - - - -
9176c81e by Salvatore Bonaccorso at 2022-11-27T21:11:39+01:00
Add Debian bug reference for CVE-2022-45907/pytorch
- - - - -
558c7707 by Moritz Mühlenhoff at 2022-11-27T22:25:26+01:00
chromium DSA
- - - - -
1af13e33 by Moritz Muehlenhoff at 2022-11-27T22:45:21+01:00
bullseye triage
- - - - -
02490bd0 by Markus Koschany at 2022-11-27T23:27:51+01:00
Claim ini4j in dla-needed.txt
- - - - -
3f7f5edd by Markus Koschany at 2022-11-27T23:28:52+01:00
Reserve DLA-3208-1 for varnish
- - - - -
59f40b51 by Markus Koschany at 2022-11-28T00:04:07+01:00
Claim commons-configuration2 in dsa-needed.txt
- - - - -
3b579936 by Markus Koschany at 2022-11-28T00:07:05+01:00
Claim jhead in dla-needed.txt
- - - - -
dd79809b by Markus Koschany at 2022-11-28T00:07:26+01:00
Claim jhead in dsa-needed.txt
- - - - -
fc659545 by Salvatore Bonaccorso at 2022-11-28T06:22:47+01:00
Add Debian bug reference for CVE-2022-3650
- - - - -
b9fbb284 by Salvatore Bonaccorso at 2022-11-28T07:57:03+01:00
Mark CVE-2022-4145 as NFU
- - - - -
27b04511 by Helmut Grohne at 2022-11-28T08:32:04+01:00
CVE-2017-16909: fix commit id of patch
I've also re-checked buster to really be fixed. The code has been
significantly redone and includes the necessary checks. Later releases
will be fixed as well.
- - - - -
1edab07f by security tracker role at 2022-11-28T08:10:16+00:00
automatic update
- - - - -
51440a4b by Moritz Muehlenhoff at 2022-11-28T10:22:16+01:00
NFU
- - - - -
c07fb8b3 by Moritz Muehlenhoff at 2022-11-28T10:49:21+01:00
new emacs issue
- - - - -
2f4ed6a1 by Moritz Muehlenhoff at 2022-11-28T11:05:45+01:00
NFUs
- - - - -
9dc57b5b by Markus Koschany at 2022-11-28T11:08:10+01:00
Reserve DLA-3209-1 for ini4j
- - - - -
da350964 by Moritz Muehlenhoff at 2022-11-28T12:09:09+01:00
freerdp2 fixed in sid
- - - - -
633698f5 by Chris Lamb at 2022-11-28T11:12:39+00:00
Reserve DLA-3210-1 for gerbv
- - - - -
2ff4a499 by Markus Koschany at 2022-11-28T12:26:39+01:00
Reserve DSA-5290-1 commons-configuration2
- - - - -
7ea21e87 by Chris Lamb at 2022-11-28T11:42:04+00:00
Reserve DLA-3211-1 for frr
- - - - -
98764ca4 by Moritz Muehlenhoff at 2022-11-28T16:03:34+01:00
puppetdb fixed in sid
- - - - -
df52ff8c by Dominik George at 2022-11-28T16:35:10+01:00
Add DLA-3212-1 for twisted
- - - - -
2fcb6922 by Moritz Muehlenhoff at 2022-11-28T16:47:30+01:00
ceph fixed in sid
- - - - -
66fdd56b by Salvatore Bonaccorso at 2022-11-28T19:34:32+01:00
Add xemacs21 as well for CVE-2022-45939
- - - - -
7246062f by Helmut Grohne at 2022-11-28T19:36:10+01:00
libraw ELTS triage
Yeah, this doesn't really belong here. However, we need to remove
conflicting declarations to allow adding them to the elts tracker
without messing up the database. This is the bulk of changes.
I'm also adding commit references as this is independent of ELTS.
Beyond this, two earlier DLAs have a wrong CVE list. DLA-2903-1 did not
fix CVE-2017-16909. It contains a CVE-2017-16909.patch, which fixes a
different vulnerability. DLA-1734-1 missed CVE-2018-5807 and
CVE-2018-5810, which are fixed by the same commit that fixes
CVE-2018-5808.
Except for the commit id notes, none of this can be fixed in the elts
tracker.
- - - - -
dc22f2b1 by Salvatore Bonaccorso at 2022-11-28T19:41:05+01:00
Revert "Add xemacs21 as well for CVE-2022-45939"
This reverts commit 66fdd56b866d7fd45eb6f415247d2130291e6478.
Revert it for now as needs first further investigation if the 21.4.24
code base and earlier for xemacs is affected as well or where the issue
has been introduced.
- - - - -
76247beb by Salvatore Bonaccorso at 2022-11-28T19:53:35+01:00
Add Debian bug reference for CVE-2022-45939/emacs
- - - - -
e39f9250 by Moritz Mühlenhoff at 2022-11-28T20:29:41+01:00
mujs DSA
- - - - -
5172efbe by security tracker role at 2022-11-28T20:10:25+00:00
automatic update
- - - - -
e518c535 by Salvatore Bonaccorso at 2022-11-28T21:41:50+01:00
Process some NFUs
- - - - -
ee63691a by Salvatore Bonaccorso at 2022-11-28T21:48:32+01:00
Associate CVE-2022-361{79,80} with fusiondirectory
- - - - -
18f9f537 by Salvatore Bonaccorso at 2022-11-28T22:02:51+01:00
Add CVE-2022-45869/linux
- - - - -
540aab09 by Salvatore Bonaccorso at 2022-11-28T22:21:24+01:00
Process some NFUs
- - - - -
0b9472f0 by Anton Gladky at 2022-11-28T23:14:05+01:00
LTS: add libarchive to dla-needed.txt
- - - - -
9ec5d38c by Anton Gladky at 2022-11-28T23:14:05+01:00
LTS: add libpgjava to dla-needed.txt
- - - - -
d6fdd7de by Anton Gladky at 2022-11-28T23:14:05+01:00
LTS: add nextcloud-desktop to dla-needed.txt
- - - - -
a24776ed by Anton Gladky at 2022-11-28T23:14:05+01:00
LTS: add vim to dla-needed.txt
- - - - -
249fdfb1 by Salvatore Bonaccorso at 2022-11-29T08:06:47+01:00
Update status for CVE-2021-2785{3,4} and CVE-2021-2786{1,2}
- - - - -
77f1ac59 by Salvatore Bonaccorso at 2022-11-29T08:25:22+01:00
Update status for CVE-2013-4235/shadow
- - - - -
6d0abc1f by Salvatore Bonaccorso at 2022-11-29T08:29:56+01:00
CVE-2013-4235: Reference regression fixes
- - - - -
08696132 by Salvatore Bonaccorso at 2022-11-29T08:32:57+01:00
CVE-2022-3559/exim4: Reference upstream issue
- - - - -
5bf41a52 by Salvatore Bonaccorso at 2022-11-29T08:40:48+01:00
Add CVE-2022-45197/slixmpp
- - - - -
09c86d39 by Salvatore Bonaccorso at 2022-11-29T08:45:49+01:00
Add CVE-2022-4121/libetpan
- - - - -
79b3ae11 by security tracker role at 2022-11-29T08:10:24+00:00
automatic update
- - - - -
f8915d75 by Moritz Muehlenhoff at 2022-11-29T09:24:46+01:00
bullseye triage
- - - - -
e09696a6 by Moritz Muehlenhoff at 2022-11-29T09:40:22+01:00
new g810-led issue
- - - - -
615bd36d by Chris Lamb at 2022-11-29T12:29:04+00:00
Reserve DLA-3213-1 for krb5
- - - - -
1a8ffb86 by Salvatore Bonaccorso at 2022-11-29T15:09:13+01:00
Add additional reference for CVE-2022-42896/linux
- - - - -
d1f6deab by Salvatore Bonaccorso at 2022-11-29T15:09:39+01:00
Add additional reference for CVE-2022-42895/linux
- - - - -
3ab722fd by Salvatore Bonaccorso at 2022-11-29T20:47:51+01:00
CVE-2020-29599: clarify there are two vectors for IM6
52bd38de3f9d ("Remove prefixed whitespaces") or any call trough
writecvelist would have removed the leading whitespaces. But the
intention in the initial formatting was to make clear there are two
vectors for the issue for IM6. Make them two "enumerated" items to
restore the intention.
Thanks: Sylvain Beucler <beuc at beuc.net>
Thanks: Roberto C. Sánchez <roberto at debian.org>
Fixes: 52bd38de3f9d ("Remove prefixed whitespaces")
- - - - -
67b24ff6 by security tracker role at 2022-11-29T20:10:24+00:00
automatic update
- - - - -
b3ae04cd by Salvatore Bonaccorso at 2022-11-29T21:16:01+01:00
Add CVE-2022-46146/golang-github-prometheus-exporter-toolkit
- - - - -
39924be4 by Salvatore Bonaccorso at 2022-11-29T21:30:39+01:00
Add CVE-2022-4202/gpac
- - - - -
1753d8fb by Salvatore Bonaccorso at 2022-11-29T21:34:32+01:00
Add CVE-2022-4172/qemu
- - - - -
85b7e2e7 by Salvatore Bonaccorso at 2022-11-29T21:42:21+01:00
Process some NFUs
- - - - -
776dd338 by Salvatore Bonaccorso at 2022-11-29T21:44:35+01:00
Add CVE-2022-45442/ruby-sinatra
- - - - -
d1d36aed by Salvatore Bonaccorso at 2022-11-29T21:45:24+01:00
Add CVE-2022-45343/gpac
- - - - -
a2d1bee3 by Salvatore Bonaccorso at 2022-11-29T22:12:27+01:00
Add Debian bug reference for CVE-2022-4172/qemu
- - - - -
e0d9b35e by Salvatore Bonaccorso at 2022-11-29T22:13:34+01:00
Add Debian bug reference for CVE-2022-4121/libetpan
- - - - -
7d4ba604 by Salvatore Bonaccorso at 2022-11-29T22:14:22+01:00
Add Debian bug reference for CVE-2022-45442/ruby-sinatra
- - - - -
ca3bdacb by Salvatore Bonaccorso at 2022-11-29T22:15:17+01:00
Add Debian bug reference for CVE-2022-46146/golang-github-prometheus-exporter-toolkit
- - - - -
e1021375 by Salvatore Bonaccorso at 2022-11-29T22:22:46+01:00
Process one NFU
- - - - -
11ba0773 by Anton Gladky at 2022-11-29T22:48:00+01:00
LTS: add libraw to dla-needed.txt
- - - - -
4c1502dc by Anton Gladky at 2022-11-29T23:11:44+01:00
Mark CVE-2022-45343 (gpac) as end-of-life
- - - - -
6c8413e6 by Salvatore Bonaccorso at 2022-11-30T06:50:24+01:00
Track fixed version for CVE-2022-46146/golang-github-prometheus-exporter-toolkit via unstable
- - - - -
a6d46cb6 by Salvatore Bonaccorso at 2022-11-30T06:53:29+01:00
CVE-2022-46338/g810-led assigned
- - - - -
7074da82 by Salvatore Bonaccorso at 2022-11-30T07:57:48+01:00
Add CVE-2022-4133/horizon
- - - - -
c2db1c65 by security tracker role at 2022-11-30T08:10:16+00:00
automatic update
- - - - -
6399435f by Moritz Muehlenhoff at 2022-11-30T09:18:43+01:00
node-formidable fixed in sid, thanks yadd!
- - - - -
04349b1c by Salvatore Bonaccorso at 2022-11-30T10:36:08+01:00
Track fixed version for CVE-2020-28483 via unstable
- - - - -
3e1920e7 by Salvatore Bonaccorso at 2022-11-30T10:47:28+01:00
Add new chromium issues
- - - - -
a6a9ed7f by Salvatore Bonaccorso at 2022-11-30T10:48:32+01:00
Add chromium to dsa-needed list
- - - - -
82ab383d by Salvatore Bonaccorso at 2022-11-30T10:52:48+01:00
Process some NFUs
- - - - -
85f3014e by Salvatore Bonaccorso at 2022-11-30T11:34:40+01:00
Process NFUs
- - - - -
bd6a0a02 by Salvatore Bonaccorso at 2022-11-30T11:37:03+01:00
Add CVE-2022-45332/libredwg
- - - - -
e77db619 by Roberto C. Sánchez at 2022-11-30T07:44:10-05:00
Add closing commit for CVE-2021-4219/imagemagick
- - - - -
1b39efcf by Salvatore Bonaccorso at 2022-11-30T15:47:51+01:00
Add CVE-2022-4139/linux
- - - - -
3ab08eee by Salvatore Bonaccorso at 2022-11-30T20:42:41+01:00
Reference upstream commit for CVE-2022-4139
- - - - -
c14e2786 by Salvatore Bonaccorso at 2022-11-30T20:55:33+01:00
Process some NFUs
- - - - -
51c80714 by Salvatore Bonaccorso at 2022-11-30T20:56:56+01:00
Add CVE-2022-41912/golang-github-crewjam-saml
- - - - -
add796c4 by security tracker role at 2022-11-30T20:10:23+00:00
automatic update
- - - - -
8b0920a3 by Salvatore Bonaccorso at 2022-11-30T21:20:23+01:00
Add Debian bug reference for CVE-2022-41912/golang-github-crewjam-saml
- - - - -
7d6196d5 by Salvatore Bonaccorso at 2022-11-30T21:35:58+01:00
Process some NFUs
- - - - -
c75522da by Salvatore Bonaccorso at 2022-11-30T21:42:15+01:00
Add CVE-2022-46149/capnproto
- - - - -
245c2a39 by Helmut Grohne at 2022-11-30T21:56:35+01:00
issue DLA-3214-1 for libraw
- - - - -
f411f905 by Salvatore Bonaccorso at 2022-11-30T22:36:15+01:00
Add CVE-2022-3328/snapd
- - - - -
d6f78138 by Moritz Muehlenhoff at 2022-11-30T22:46:30+01:00
bullseye triage
mplayer spu
- - - - -
b87931dd by Moritz Mühlenhoff at 2022-11-30T23:00:01+01:00
g810-led spu
- - - - -
88861372 by Moritz Muehlenhoff at 2022-11-30T23:15:49+01:00
bullseye triage
- - - - -
5a853b8d by Roberto C. Sánchez at 2022-11-30T17:53:05-05:00
LTS: mark CVE-2021-4219 as <not-affected> for buster, add notes on introducing upstream commits
- - - - -
8b1d1a68 by Anton Gladky at 2022-12-01T05:33:19+01:00
Add link to the CVE-2022-46338
- - - - -
c3fc4813 by Anton Gladky at 2022-12-01T05:33:19+01:00
LTS: add g810-led to dla-needed.txt
- - - - -
272dbee4 by Anton Gladky at 2022-12-01T05:33:20+01:00
LTS: add node-xmldom to dla-needed.txt
- - - - -
959c8d39 by Salvatore Bonaccorso at 2022-12-01T06:32:20+01:00
CVE-2022-46338: Indent note with tab
- - - - -
aa581c70 by Salvatore Bonaccorso at 2022-12-01T06:34:23+01:00
Track upstream commit for CVE-2022-46338
- - - - -
1099eea8 by Salvatore Bonaccorso at 2022-12-01T06:37:06+01:00
CVE-2022-3328/snapd: Reference oss-security post
- - - - -
cb01f9f4 by Salvatore Bonaccorso at 2022-12-01T06:49:24+01:00
Add fixed version via unstable for CVE-2022-3697/ansible
- - - - -
1c8b4c79 by Anton Gladky at 2022-12-01T07:01:08+01:00
Change programming language for elang.
- - - - -
4b046102 by security tracker role at 2022-12-01T08:10:17+00:00
automatic update
- - - - -
7a4a5c67 by Salvatore Bonaccorso at 2022-12-01T09:27:00+01:00
Track fixed version for CVE-2022-4139/linux via unstable
- - - - -
72815a4c by Salvatore Bonaccorso at 2022-12-01T09:28:44+01:00
Remove notes from CVE-2021-38577 (CVE was incorrectly assigned)
- - - - -
dd1eb0da by Moritz Muehlenhoff at 2022-12-01T11:40:57+01:00
new vlc issue
- - - - -
d551abbc by Moritz Muehlenhoff at 2022-12-01T11:44:16+01:00
new gitlab issues
- - - - -
faaaae33 by Salvatore Bonaccorso at 2022-12-01T16:15:04+01:00
Process one NFU
- - - - -
e5f2fc2b by Salvatore Bonaccorso at 2022-12-01T16:18:45+01:00
Process some NFUs
- - - - -
ce60b085 by Salvatore Bonaccorso at 2022-12-01T16:29:01+01:00
Update status for CVE-2022-4139/linux
- - - - -
167fdfa4 by Moritz Mühlenhoff at 2022-12-01T19:33:06+01:00
snapd DSA
- - - - -
44c6425b by Moritz Muehlenhoff at 2022-12-01T19:44:43+01:00
new thunderbird issue
- - - - -
d03012a1 by Salvatore Bonaccorso at 2022-12-01T20:48:22+01:00
Track fixed version via unstable for CVE-2022-3328/snapd
- - - - -
759d1a75 by Salvatore Bonaccorso at 2022-12-01T21:04:24+01:00
Mark zorp as removed from every supported suite
- - - - -
0541db70 by security tracker role at 2022-12-01T20:10:26+00:00
automatic update
- - - - -
2043ce6f by Salvatore Bonaccorso at 2022-12-01T21:14:08+01:00
Add CVE-2022-4520{2,4}/gpac
- - - - -
f3638f69 by Salvatore Bonaccorso at 2022-12-01T21:22:20+01:00
Remove notes from CVE-2022-44577
CVE got rejected as further investigation showed that there is no
security issue.
- - - - -
d454788b by Salvatore Bonaccorso at 2022-12-01T21:44:26+01:00
Process several NFUs
- - - - -
58a84f5c by Salvatore Bonaccorso at 2022-12-01T21:54:33+01:00
Add CVE-2022-3933{1,2,3,4}/nextcloud-desktop
- - - - -
addabc15 by Anton Gladky at 2022-12-01T22:44:19+01:00
Mark CVE-2022-4520{2,4} (gpac) as end-of-life
- - - - -
bf924387 by Anton Gladky at 2022-12-01T23:00:50+01:00
LTS: add vlc to dla-needed.txt
- - - - -
9560e130 by Salvatore Bonaccorso at 2022-12-02T06:28:06+01:00
Add CVE-2022-1471/snakeyaml
- - - - -
b359f461 by Salvatore Bonaccorso at 2022-12-02T06:31:21+01:00
Mark CVE-2022-22984 as NFU
- - - - -
9ff5f614 by Salvatore Bonaccorso at 2022-12-02T06:48:25+01:00
Add new nvidia-graphics-drivers-tesla issues
- - - - -
3cbdb3d2 by Salvatore Bonaccorso at 2022-12-02T06:53:43+01:00
Add new nvidia-graphics-drivers-tesla-510 issues
- - - - -
7475950b by Salvatore Bonaccorso at 2022-12-02T06:57:44+01:00
Add nvidia-graphics-drivers-tesla-470 issues
- - - - -
391ad99b by Salvatore Bonaccorso at 2022-12-02T07:02:44+01:00
Add nvidia-graphics-drivers-tesla-460 issues
- - - - -
d02999f8 by Salvatore Bonaccorso at 2022-12-02T07:07:13+01:00
Add new nvidia-graphics-drivers-tesla-450 issues
- - - - -
865afba3 by Salvatore Bonaccorso at 2022-12-02T07:08:42+01:00
Remove one entry for nvidia-graphics-drivers-tesla-460
- - - - -
9308f733 by Salvatore Bonaccorso at 2022-12-02T07:10:28+01:00
Drop another uneeded note
- - - - -
c71d55f7 by Salvatore Bonaccorso at 2022-12-02T07:15:21+01:00
Add new nvidia-graphics-drivers-tesla-418 issues
- - - - -
cee63660 by Salvatore Bonaccorso at 2022-12-02T07:34:35+01:00
Add new nvidia-graphics-drivers-legacy-390xx issues
- - - - -
74b3f2ef by Salvatore Bonaccorso at 2022-12-02T07:36:43+01:00
Sort tesla related packages
- - - - -
3b8e4a2d by Salvatore Bonaccorso at 2022-12-02T07:39:33+01:00
Add new nvidia-graphics-drivers-legacy-340xx issues
- - - - -
ca33be30 by Salvatore Bonaccorso at 2022-12-02T07:42:37+01:00
Add new nvidia-graphics-drivers issues
- - - - -
02e5afee by Moritz Muehlenhoff at 2022-12-02T08:57:21+01:00
thunderbird, chromium fixed in sid
- - - - -
46276672 by security tracker role at 2022-12-02T08:10:28+00:00
automatic update
- - - - -
4fbe7725 by Moritz Muehlenhoff at 2022-12-02T09:38:04+01:00
NFUs
- - - - -
8ccc01a3 by Moritz Mühlenhoff at 2022-12-02T09:56:15+01:00
mariadb spu
- - - - -
e7cb5b9f by Moritz Muehlenhoff at 2022-12-02T10:20:17+01:00
more mariadb spu updates
- - - - -
52ac9b58 by Sylvain Beucler at 2022-12-02T10:23:02+01:00
dla: drop vim
if we need to wait for new CVEs to appear, then there's no need to keep it in dla-needed.txt, a future FD will take care of adding it back
- - - - -
680465e8 by Sylvain Beucler at 2022-12-02T10:30:17+01:00
dla: drop libarchive
Last DLA was uploaded only last week, there's only one minor CVE, and bullseye won't fix it now
A future FD will add it back when there are new CVEs, or a bullseye fix that will show up in lts-cve-triage.py
- - - - -
43df9bef by Salvatore Bonaccorso at 2022-12-02T11:33:33+01:00
Process some NFUs
- - - - -
46508902 by Moritz Muehlenhoff at 2022-12-02T11:41:02+01:00
bullseye triage
- - - - -
882125c8 by Moritz Muehlenhoff at 2022-12-02T11:43:06+01:00
new rust-capnp issue
- - - - -
34d7eefd by Moritz Muehlenhoff at 2022-12-02T12:10:03+01:00
NFU
- - - - -
384c30ea by Salvatore Bonaccorso at 2022-12-02T13:14:47+01:00
Move RUSTSEC-2022-0068 entry for rust-capnp to CVE-2022-46149
As RUSTSEC-2022-0068 now mentions that the same CVE as used for
src:capnproto .
- - - - -
023bfa7d by Utkarsh Gupta at 2022-12-02T19:16:43+05:30
Reserve DLA-3215-1 for snapd
- - - - -
bc795767 by Moritz Muehlenhoff at 2022-12-02T15:14:36+01:00
bullseye triage
- - - - -
c71d607c by Moritz Muehlenhoff at 2022-12-02T15:15:54+01:00
new d3-color issue
- - - - -
11a3cbde by Salvatore Bonaccorso at 2022-12-02T17:46:53+01:00
Add additional references for node-d3-color issue
- - - - -
2e4e9aa2 by Salvatore Bonaccorso at 2022-12-02T20:19:30+01:00
Add CVE-2022-46366 as NFU
- - - - -
ac86dc36 by Salvatore Bonaccorso at 2022-12-02T20:34:33+01:00
Track fixed version for CVE-2022-21821/nvidia-cuda-toolkit via unstable
- - - - -
74dd01d3 by Salvatore Bonaccorso at 2022-12-02T20:53:09+01:00
Track fixed version for CVE-2022-3715/bash
Issue introduced in bash-5.1 and fixed with bash-5.2 (but still present
in 5.2~rc2).
- - - - -
42b3b9fd by Moritz Muehlenhoff at 2022-12-02T20:59:15+01:00
nextcloud-desktop no-dsa
- - - - -
70c29c14 by security tracker role at 2022-12-02T20:10:35+00:00
automatic update
- - - - -
c7a976bc by Salvatore Bonaccorso at 2022-12-02T21:10:47+01:00
Add Debian bug reference for CVE-2022-37769/libjpeg
- - - - -
5eb4473c by Salvatore Bonaccorso at 2022-12-02T21:12:18+01:00
Process some NFUs
- - - - -
cf6ef250 by Salvatore Bonaccorso at 2022-12-02T21:20:28+01:00
Process some NFUs
- - - - -
d32814c0 by Salvatore Bonaccorso at 2022-12-02T21:22:14+01:00
Add CVE-2022-3591/vim
- - - - -
970fae5b by Salvatore Bonaccorso at 2022-12-02T21:23:37+01:00
Add CVE-2022-3520/vim
- - - - -
d595ef5e by Utkarsh Gupta at 2022-12-03T04:29:27+05:30
Reserve DLA-3216-1 for vlc
- - - - -
249814c5 by Utkarsh Gupta at 2022-12-03T04:30:17+05:30
Reserve DLA-3217-1 for g810-led
- - - - -
46b5fa25 by Utkarsh Gupta at 2022-12-03T04:31:16+05:30
Reserve DLA-3218-1 for libpgjava
- - - - -
7b901fee by Henri Salo at 2022-12-03T08:12:15+02:00
NFU
- - - - -
877492e9 by security tracker role at 2022-12-03T08:10:15+00:00
automatic update
- - - - -
678ab69b by Salvatore Bonaccorso at 2022-12-03T09:18:58+01:00
Process some NFUs
- - - - -
a1adab03 by Salvatore Bonaccorso at 2022-12-03T09:24:29+01:00
Add fixed version for CVE-2022-45939/emacs via unstable
- - - - -
eab6c33b by Salvatore Bonaccorso at 2022-12-03T09:33:22+01:00
Mark CVE-2020-23922 as unimportant
Not clear reproducible, but impact is negligible. Err rather on the safe
side, but mark it unimportant as it only affects gif2rgb crashing.
- - - - -
3913e128 by Salvatore Bonaccorso at 2022-12-03T10:03:08+01:00
Add CVE-2022-4262/chromium
- - - - -
bec812f9 by Salvatore Bonaccorso at 2022-12-03T10:10:45+01:00
Add CVE-2022-24999/node-qs
- - - - -
92dfc2bb by Salvatore Bonaccorso at 2022-12-03T10:32:49+01:00
Add CVE-2022-4269/linux
- - - - -
83776095 by Salvatore Bonaccorso at 2022-12-03T10:36:24+01:00
Process some NFUs
- - - - -
6fda3aeb by Moritz Mühlenhoff at 2022-12-03T15:15:59+01:00
chromium DSA
- - - - -
f1850535 by Salvatore Bonaccorso at 2022-12-03T15:34:31+01:00
Add chromium to dsa-needed list
Unfortunately on 2th december there was another out of order stable
channel update for chromium, for CVE-2022-4262 and only fixed in
108.0.5359.94.
Link: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
- - - - -
30f36a86 by Salvatore Bonaccorso at 2022-12-03T16:23:08+01:00
Update information for CVE-2013-1841/libnet-server-perl
Consider it as fixed with the upstream version adding code and
configuration for double_reverse_lookups. Upstream does not enable the
checks by default but they need to be set by consumers trough
'reverse_lookups=double' or double_reverse_lookups=1'.
- - - - -
a9487a26 by Sylvain Beucler at 2022-12-03T17:12:19+01:00
dla: ceph: reference zigo's e-mail
- - - - -
15130fcf by Guilhem Moulin at 2022-12-03T17:49:44+01:00
LTS: claim node-cached-path-relative in dla-needed.txt
- - - - -
9fbd781d by Guilhem Moulin at 2022-12-03T17:49:44+01:00
LTS: claim node-eventsource in dla-needed.txt
- - - - -
26e773ad by Salvatore Bonaccorso at 2022-12-03T18:52:48+01:00
Associate CVE-2022-29167 with node-hawk
- - - - -
c9410761 by Salvatore Bonaccorso at 2022-12-03T19:01:46+01:00
Track fixed version via experimental for CVE-2022-46149/capnproto
- - - - -
282a0184 by Salvatore Bonaccorso at 2022-12-03T20:54:31+01:00
Track fixed version for CVE-2022-29167/node-hawk via unstable
- - - - -
47f6b490 by Salvatore Bonaccorso at 2022-12-03T21:02:06+01:00
Update status for vlc in dsa-needed list
- - - - -
ed73055e by security tracker role at 2022-12-03T20:10:26+00:00
automatic update
- - - - -
e859a264 by Salvatore Bonaccorso at 2022-12-03T21:17:20+01:00
Add CVE-2022-3491/vim
- - - - -
2d635d12 by Salvatore Bonaccorso at 2022-12-03T21:21:27+01:00
Process some NFUs
- - - - -
db12bfbd by Markus Koschany at 2022-12-03T22:20:04+01:00
Claim hsqldb in dla-needed.txt
- - - - -
5a4c54c5 by Markus Koschany at 2022-12-03T22:22:56+01:00
Remove android-platform-system-core from dla-needed.txt
Minor issue. Requires a compromised adb daemon and root privileges to cause any
harm and automated use cases are unlikely for the Debian version of Platform
Tools.
- - - - -
5fdb3c44 by Markus Koschany at 2022-12-03T22:28:41+01:00
Claim jqueryui in dla-needed.txt
- - - - -
51cca91d by Markus Koschany at 2022-12-03T22:29:49+01:00
CVE-2022-3168,CVE-2022-20128,android-platform-system-core: Buster is no-dsa
Minor issue
- - - - -
ba6f0df3 by Anton Gladky at 2022-12-03T22:31:20+01:00
LTS: add fusiondirectory to dla-needed.txt
- - - - -
dd890a05 by Anton Gladky at 2022-12-03T23:44:09+01:00
LTS: add libetpan to dla-needed.txt
- - - - -
ea87069c by security tracker role at 2022-12-04T08:10:14+00:00
automatic update
- - - - -
859a07c3 by Salvatore Bonaccorso at 2022-12-04T09:24:05+01:00
Add CVE-2022-46391/awstats
- - - - -
796fdf8c by Salvatore Bonaccorso at 2022-12-04T09:34:47+01:00
Process some NFUs
- - - - -
78b463f1 by Salvatore Bonaccorso at 2022-12-04T09:35:16+01:00
Add CVE-2022-46405/mastodon
- - - - -
c5ee3fa8 by Salvatore Bonaccorso at 2022-12-04T10:37:03+01:00
Track fixed version for jruby issues via unstable
- - - - -
98e8f1be by Salvatore Bonaccorso at 2022-12-04T10:38:39+01:00
Track fixed version for nvidia-graphics-drivers-legacy-390xx issues via unstable
- - - - -
b693fa6d by Salvatore Bonaccorso at 2022-12-04T11:14:58+01:00
Track fixed version for CVE-2022-4262/chromium via unstable
- - - - -
5c621e09 by Salvatore Bonaccorso at 2022-12-04T11:20:46+01:00
Add Debian bug reference for CVE-2022-46391/awstats
- - - - -
1c898a2a by Utkarsh Gupta at 2022-12-04T17:40:41+05:30
Add note for jqueryui
- - - - -
48c98528 by Markus Koschany at 2022-12-04T14:16:46+01:00
Reserve DLA-3219-1 for jhead
- - - - -
6bfc1e1d by Markus Koschany at 2022-12-04T14:43:40+01:00
Reserve DSA-5294-1 for jhead
- - - - -
03920638 by Markus Koschany at 2022-12-04T14:45:19+01:00
Reassign jqueryui to Utkarsh.
- - - - -
1e909d80 by Markus Koschany at 2022-12-04T14:48:11+01:00
Claim openexr in dla-needed.txt
- - - - -
64a89b22 by Markus Koschany at 2022-12-04T14:48:31+01:00
Claim openexr in dsa-needed.txt
- - - - -
befecb40 by Utkarsh Gupta at 2022-12-04T23:25:23+05:30
Reserve DLA-3220-1 for clamav
- - - - -
e087952b by security tracker role at 2022-12-04T20:10:22+00:00
automatic update
- - - - -
4be48834 by Salvatore Bonaccorso at 2022-12-04T21:16:22+01:00
Process two NFUs
- - - - -
50f87f44 by Moritz Mühlenhoff at 2022-12-04T21:26:56+01:00
chromium DSA
- - - - -
9987a9ec by Moritz Mühlenhoff at 2022-12-04T21:31:30+01:00
two more node spu
- - - - -
5a315e62 by Markus Koschany at 2022-12-04T21:57:51+01:00
CVE-2022-41853,hsqldb: fixed in unstable
- - - - -
cafb4773 by Markus Koschany at 2022-12-04T22:18:30+01:00
Update firmware-nonfree in dla-needed.txt
- - - - -
131fb7b0 by Anton Gladky at 2022-12-04T23:30:21+01:00
LTS: add awstats to dla-needed.txt
- - - - -
e693d0b5 by Anton Gladky at 2022-12-04T23:39:42+01:00
LTS: add node-hawk to dla-needed.txt
- - - - -
182c83f1 by Guilhem Moulin at 2022-12-05T00:42:09+01:00
Reserve DLA-3221-1 for node-cached-path-relative
- - - - -
ca753ef7 by Guilhem Moulin at 2022-12-05T01:07:03+01:00
Reserve DLA-3222-1 for node-fetch
- - - - -
56810b24 by Salvatore Bonaccorso at 2022-12-05T06:36:29+01:00
Track fixed version for CVE-2022-46391/awstats
- - - - -
36e96a1e by Salvatore Bonaccorso at 2022-12-05T06:42:39+01:00
Track fixed version for CVE-2022-39377/sysstat
- - - - -
c7ecb41c by Anton Gladky at 2022-12-05T06:44:04+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
2eedd614 by Chris Lamb at 2022-12-05T07:33:10+00:00
Triage CVE-2022-30256 in maradns for buster LTS.
- - - - -
410bcc45 by Chris Lamb at 2022-12-05T07:33:30+00:00
Triage CVE-2022-24999 in node-qs for buster LTS.
- - - - -
42f41e22 by Chris Lamb at 2022-12-05T07:33:47+00:00
Triage CVE-2022-45197 in slixmpp for buster LTS.
- - - - -
512fdf81 by Chris Lamb at 2022-12-05T07:34:24+00:00
Triage CVE-2022-45414 in thunderbird for buster LTS.
- - - - -
271f0ae6 by Chris Lamb at 2022-12-05T07:35:53+00:00
data/dla-needed.txt: Triage http-parser for buster LTS (CVE-2020-8287)
- - - - -
99a6fb39 by Chris Lamb at 2022-12-05T07:36:46+00:00
Triage CVE-2021-33621 in ruby2.5 for buster LTS.
- - - - -
4d16609b by Chris Lamb at 2022-12-05T07:37:43+00:00
Triage CVE-2022-XXXX in node-d3-color for buster LTS.
- - - - -
d4361077 by security tracker role at 2022-12-05T08:10:24+00:00
automatic update
- - - - -
084c4d3e by Utkarsh Gupta at 2022-12-05T14:19:33+05:30
Take http-parser
- - - - -
40e39912 by Utkarsh Gupta at 2022-12-05T14:27:34+05:30
Take awstats
- - - - -
ebfb10f3 by Salvatore Bonaccorso at 2022-12-05T10:18:26+01:00
Process two NFUs
- - - - -
0d5b3613 by Salvatore Bonaccorso at 2022-12-05T11:15:45+01:00
Process NFUs
- - - - -
1392dbcd by Tobias Frost at 2022-12-05T11:37:01+01:00
Claim virglrenderer.
- - - - -
6c8041f1 by Helmut Grohne at 2022-12-05T12:58:43+01:00
triage giflib and reserve DLA-3223-1
* CVE-2020-23922: verified that reproducer doesn't work anymore
* CVE-2019-15133: fixed
* CVE-2018-11490: fixed
* CVE-2018-11489: locate patch; never affected us, see bug discussion
* CVE-2016-3977: drop ELTS entries
* CVE-2016-XXXX: flag unimportant, cannot triage in elts tracker
- - - - -
1e706af0 by Moritz Muehlenhoff at 2022-12-05T13:18:41+01:00
bullseye triage
- - - - -
60113425 by Utkarsh Gupta at 2022-12-05T18:31:13+05:30
Reserve DLA-3224-1 for http-parser
- - - - -
4e7488ea by Utkarsh Gupta at 2022-12-05T18:34:06+05:30
Reserve DLA-3225-1 for awstats
- - - - -
9796f3a3 by Salvatore Bonaccorso at 2022-12-05T14:14:01+01:00
Adjust version for CVE-2018-11489/giflib
The patch did not land in 4.1.6-11 but was applied earlier to unstable
in 4.1.4-1.
- - - - -
91e19f58 by Salvatore Bonaccorso at 2022-12-05T14:14:02+01:00
Mark one non-cveified giflib issue as unimportant
- - - - -
89f32d7a by Markus Koschany at 2022-12-05T14:21:18+01:00
CVE-2022-40159,CVE-2022-40160,libcommons-jxpath-java
Both CVE are disputed and will probably be rejected.
- - - - -
ae73fb32 by Markus Koschany at 2022-12-05T14:22:12+01:00
Remove libcommons-jxpath-java from dla-needed.txt
- - - - -
3ba42612 by Moritz Muehlenhoff at 2022-12-05T15:53:08+01:00
new rxvt-unicode issue
- - - - -
1d625dff by Moritz Muehlenhoff at 2022-12-05T15:57:01+01:00
additional note on rxvt-unicode
- - - - -
0041f0f7 by Moritz Muehlenhoff at 2022-12-05T16:25:59+01:00
NFU
- - - - -
89924e2f by Helmut Grohne at 2022-12-05T17:39:50+01:00
lts: claim cgal
- - - - -
440ebd17 by Salvatore Bonaccorso at 2022-12-05T19:15:24+01:00
Update information for CVE-2022-4170/rxvt-unicode
- - - - -
d4fa56b7 by Salvatore Bonaccorso at 2022-12-05T19:42:50+01:00
Add Debian bug reference for CVE-2022-4170/rxvt-unicode
- - - - -
eeedeb5b by security tracker role at 2022-12-05T20:10:27+00:00
automatic update
- - - - -
3f4d1c41 by Salvatore Bonaccorso at 2022-12-05T21:35:28+01:00
Add CVE-2022-4293/vim
- - - - -
2fa599e8 by Salvatore Bonaccorso at 2022-12-05T21:36:20+01:00
Add CVE-2022-4292/vim
- - - - -
f14d319e by Salvatore Bonaccorso at 2022-12-05T21:38:38+01:00
Process some NFUs
- - - - -
7c68af41 by Salvatore Bonaccorso at 2022-12-05T22:02:22+01:00
Process NFUs
- - - - -
0cf36bae by Salvatore Bonaccorso at 2022-12-05T22:05:00+01:00
Add CVE-2022-419{68,69,70}/nextcloud-server
- - - - -
7b133483 by Salvatore Bonaccorso at 2022-12-05T22:22:08+01:00
Add CVE-2022-20565/linux
- - - - -
9ceb5cdd by Salvatore Bonaccorso at 2022-12-05T22:27:37+01:00
Add CVE-2022-20566/linux
- - - - -
3af98bdd by Salvatore Bonaccorso at 2022-12-05T22:34:54+01:00
Add CVE-2022-20567/linux
- - - - -
fcafdb22 by Salvatore Bonaccorso at 2022-12-05T22:49:50+01:00
Add CVE-2022-20568/linux
- - - - -
45eee616 by Salvatore Bonaccorso at 2022-12-06T07:11:21+01:00
Add CVE-2022-20572/linux
- - - - -
0084683f by Salvatore Bonaccorso at 2022-12-06T07:28:02+01:00
Add notes for CVE-2022-20573
- - - - -
67571d35 by Salvatore Bonaccorso at 2022-12-06T07:37:48+01:00
Track fixed version for nvidia-graphics-drivers-tesla-450 issues
- - - - -
9832d70f by Salvatore Bonaccorso at 2022-12-06T08:13:37+01:00
Add CVE-2020-35539
- - - - -
1c595eeb by Salvatore Bonaccorso at 2022-12-06T08:19:38+01:00
Add new asterisk issues (AST-2022-00{7,8,9})
- - - - -
b30ad7c1 by security tracker role at 2022-12-06T08:10:22+00:00
automatic update
- - - - -
56e2be5d by Salvatore Bonaccorso at 2022-12-06T09:33:17+01:00
Process some NFUs
- - - - -
3eaeb81f by Helmut Grohne at 2022-12-06T12:43:53+01:00
triage cgal and issue DLA-3226-1
All of the TALOS-2020-1225 vulnerabilities are fixed in the same PR.
While identifying individual commits is possible, the individual patches
are incomplete and need fixes, so it is better to use the whole PR. I've
noted the merge commit for each CVE.
In one instance, the TALOS report was inaccurate and I've added a note.
DLA-2649-1 actually did the right thing and applied the whole PR. As
such, it actually did fix all of the issues. We cannot change this
aspect in the elts tracker. Thus doing here.
- - - - -
9739e207 by Salvatore Bonaccorso at 2022-12-06T13:33:57+01:00
Track fixed version for unstable for CVE-2020-35511
In 3.0.0 upstream two buffer overflow flaws were fixed. The 3.0.0
release was first included in unstable through the 3.0.2-2 upload.
Older versions if they get an update will likely just be re-builds of
the upper version according to https://bugs.debian.org/1021278#26
- - - - -
2d875460 by Utkarsh Gupta at 2022-12-06T19:38:30+05:30
Take ruby-*
- - - - -
5d4c2566 by Helmut Grohne at 2022-12-06T15:13:31+01:00
CVE-2022-21797 still affects joblib in buster
The update to joblib included two fixes. The first attempt was
restricting variables for eval and the second one did away with eval.
While unstable has the second iteration, buster got the eval version and
that one is still vulnerable. Exploit:
eval("[x for x in 42 .__class__.__mro__[1].__subclasses__() if x.__name__ == 'BuiltinImporter'][0]().load_module('os').system('id')", {"__builtins__": {}}, {})
- - - - -
749869ce by Jeremy Bicha at 2022-12-06T10:12:44-05:00
Add fixed version for gnome-sushi CVE-2019-19308
- - - - -
a4bd3b21 by Salvatore Bonaccorso at 2022-12-06T15:20:26+00:00
Merge branch 'sushi-2019-19308' into 'master'
Add fixed version for gnome-sushi CVE-2019-19308
See merge request security-tracker-team/security-tracker!119
- - - - -
4f8463f6 by Moritz Muehlenhoff at 2022-12-06T17:53:16+01:00
new python-git issue
- - - - -
8967d04a by Moritz Muehlenhoff at 2022-12-06T18:02:34+01:00
NFUs
- - - - -
3fe47761 by Yves-Alexis Perez at 2022-12-06T19:07:20+01:00
allocate DSA for xfce4-settings
- - - - -
119a6fd1 by Sylvain Beucler at 2022-12-06T19:44:17+01:00
dla: add note for net-snmp
- - - - -
5d252a97 by Utkarsh Gupta at 2022-12-07T00:21:54+05:30
Reserve DLA-3227-1 for ruby-rails-html-sanitizer
- - - - -
dbe27611 by Utkarsh Gupta at 2022-12-07T00:25:14+05:30
Take node-log4js and node-json-schema
- - - - -
b2055004 by Utkarsh Gupta at 2022-12-07T00:39:14+05:30
Reserve DLA-3228-1 for node-json-schema
- - - - -
d43927f5 by Utkarsh Gupta at 2022-12-07T00:40:16+05:30
Reserve DLA-3229-1 for node-log4js
- - - - -
3ad34f28 by Salvatore Bonaccorso at 2022-12-06T20:49:22+01:00
Add new linux issues from XSA-423 and XSA-424
- - - - -
5bc55176 by Salvatore Bonaccorso at 2022-12-06T20:56:42+01:00
Inline notes for CVE-2020-28601 with remaining TALOS-2020-1225 issues
- - - - -
303c284e by Salvatore Bonaccorso at 2022-12-06T21:01:01+01:00
Update status for CVE-2022-21797
Drop reference to the broken patch applied upstream in an initial
iteration to address the issue, which resulted to be incomplete in
fixing CVE-2022-21797.
- - - - -
02db06f0 by security tracker role at 2022-12-06T20:10:27+00:00
automatic update
- - - - -
e7e68eed by Salvatore Bonaccorso at 2022-12-06T21:12:35+01:00
Add CVE-2022-46169/cacti
- - - - -
1ffd0da3 by Salvatore Bonaccorso at 2022-12-06T21:17:47+01:00
Process two NFUs
- - - - -
6afa5c58 by Salvatore Bonaccorso at 2022-12-06T21:26:34+01:00
Process some NFUs
- - - - -
9aec1a0b by Salvatore Bonaccorso at 2022-12-06T21:50:17+01:00
Add Debian bug reference for CVE-2022-46169/cacti
- - - - -
34475b27 by Moritz Mühlenhoff at 2022-12-06T22:09:22+01:00
vlc DSA
- - - - -
2504fd7b by Salvatore Bonaccorso at 2022-12-06T22:55:23+01:00
Track fix via experimental for CVE-2022-2347/u-boot
- - - - -
13c04248 by Chris Lamb at 2022-12-07T06:53:27+00:00
data/dla-needed.txt: Triage dlt-daemon for buster LTS (CVE-2022-31291)
- - - - -
aaf75a49 by security tracker role at 2022-12-07T08:10:13+00:00
automatic update
- - - - -
6253dae0 by Utkarsh Gupta at 2022-12-07T15:10:39+05:30
Take node-moment and dlt-daemon
- - - - -
cae08255 by Salvatore Bonaccorso at 2022-12-07T10:44:06+01:00
Add CVE-2022-4314/rdiffweb
- - - - -
858d86a3 by Utkarsh Gupta at 2022-12-07T15:34:10+05:30
Reserve DLA-3230-1 for jqueryui
- - - - -
efc6d52b by Utkarsh Gupta at 2022-12-07T16:05:57+05:30
Reserve DLA-3231-1 for dlt-daemon
- - - - -
56308c31 by Moritz Muehlenhoff at 2022-12-07T12:05:33+01:00
NFUs
- - - - -
a011a711 by Moritz Muehlenhoff at 2022-12-07T15:25:30+01:00
NFUs
- - - - -
7e1df960 by Moritz Muehlenhoff at 2022-12-07T15:29:39+01:00
p0 reference for pixman issue
- - - - -
b6bc211d by Tobias Frost at 2022-12-07T18:08:59+01:00
Reserve DLA-3232-1 for virglrenderer
- - - - -
7273a8db by Moritz Muehlenhoff at 2022-12-07T20:11:47+01:00
bullseye triage
- - - - -
07b8110a by Salvatore Bonaccorso at 2022-12-07T20:58:13+01:00
Track proposed update for CVE-2022-38266 via bullseye-pu
- - - - -
b68d74e6 by Salvatore Bonaccorso at 2022-12-07T20:59:44+01:00
Track proposed update for CVE-2021-3639 via bullseye-pu
- - - - -
f70a6e9f by Salvatore Bonaccorso at 2022-12-07T21:04:15+01:00
Track proposed update for nvidia-graphics-drivers-tesla-450 via bullseye-pu
- - - - -
2a5ce65a by Salvatore Bonaccorso at 2022-12-07T21:05:50+01:00
Track proposed update for CVE-2022-0135 via bullseye-pu
- - - - -
7705a85e by Salvatore Bonaccorso at 2022-12-07T21:08:03+01:00
Track fixed version for CVE-2022-46149/capnproto via unstable
- - - - -
56af3fe8 by security tracker role at 2022-12-07T20:10:21+00:00
automatic update
- - - - -
8979ba21 by Salvatore Bonaccorso at 2022-12-07T21:14:37+01:00
Remove notes from CVE-2020-35539
The CVE got rejected, further investigation showed that there is no
security-issue.
- - - - -
15f48b04 by Salvatore Bonaccorso at 2022-12-07T21:18:31+01:00
Track proposed nvidia-graphics-drivers-legacy-390xx changes via bullseye-pu
- - - - -
745ddd1e by Salvatore Bonaccorso at 2022-12-07T22:02:08+01:00
Track proposed update for CVE-2022-46391 via bullseye-pu
- - - - -
5e69f78f by Salvatore Bonaccorso at 2022-12-07T22:10:55+01:00
Track fixed version for CVE-2022-46169/cacti via unstable
- - - - -
1e060da4 by Salvatore Bonaccorso at 2022-12-07T22:43:17+01:00
Process some NFUs
- - - - -
5d5cb171 by Salvatore Bonaccorso at 2022-12-07T22:48:38+01:00
Track fixed version via unstable for CVE-2022-41912/golang-github-crewjam-saml
- - - - -
b0b24b28 by Salvatore Bonaccorso at 2022-12-07T23:03:59+01:00
Update information on CVE-2022-45061/python
- - - - -
c0ca458b by Salvatore Bonaccorso at 2022-12-07T23:07:01+01:00
Update information for CVE-2022-37454/python
- - - - -
601bb231 by Chris Lamb at 2022-12-08T07:06:35+00:00
data/dla-needed.txt: Triage cacti for buster LTS (CVE-2022-46169)
- - - - -
5af74a12 by Chris Lamb at 2022-12-08T07:07:45+00:00
Triage CVE-2022-3697 in ansible for buster LTS.
- - - - -
f66b5e08 by Chris Lamb at 2022-12-08T07:08:37+00:00
Triage CVE-2022-37325, CVE-2022-42705 & CVE-2022-42706 in asterisk for buster LTS.
- - - - -
daa2a2d3 by Chris Lamb at 2022-12-08T07:09:08+00:00
Triage CVE-2022-46149 in capnproto for buster LTS.
- - - - -
13b7d59b by Salvatore Bonaccorso at 2022-12-08T08:39:21+01:00
Add CVE-2022-23471/containerd
- - - - -
0359bf90 by Salvatore Bonaccorso at 2022-12-08T09:05:54+01:00
Add CVE-2022-4223/pgadmin4, itp'ed
- - - - -
c874b9d4 by Paul Gevers at 2022-12-08T09:07:45+01:00
CVE-2020-14424 (cacti) mark it as not affecting bullseye and buster
- - - - -
7d6f88f5 by security tracker role at 2022-12-08T08:10:23+00:00
automatic update
- - - - -
b4f7be00 by Moritz Muehlenhoff at 2022-12-08T10:41:00+01:00
bullseye triage
- - - - -
5886baca by Helmut Grohne at 2022-12-08T11:08:05+01:00
triage CVE-2018-5710
This is already marked as a duplicate. Clarify which ids are duplicated
and update the relevant DLAs.
- - - - -
08096438 by Sylvain Beucler at 2022-12-08T12:00:00+01:00
dla: claim git
- - - - -
205dcddf by Helmut Grohne at 2022-12-08T14:35:04+01:00
reserve DLA-3233-1 for leptonlib
- - - - -
4551c414 by Moritz Muehlenhoff at 2022-12-08T16:34:08+01:00
new go issues
- - - - -
d640702f by Moritz Muehlenhoff at 2022-12-08T16:35:52+01:00
nvidia-graphics-drivers-tesla-470 fixed in sid
- - - - -
66a4d5f5 by Sylvain Beucler at 2022-12-08T17:21:06+01:00
CVE-2022-24765/git: reference further fixes
- - - - -
04e42886 by Sylvain Beucler at 2022-12-08T17:21:07+01:00
CVE-2022-29187/git: reference further fixes
- - - - -
33ce830e by Salvatore Bonaccorso at 2022-12-08T20:45:48+01:00
Add commit references for CVE-2022-41717
- - - - -
3ab149b4 by security tracker role at 2022-12-08T20:10:26+00:00
automatic update
- - - - -
27391187 by Salvatore Bonaccorso at 2022-12-08T21:17:25+01:00
Process several NFUs
- - - - -
e759129b by Salvatore Bonaccorso at 2022-12-08T21:20:23+01:00
Add grub2 to dla-needed list
- - - - -
3e66c2bf by Salvatore Bonaccorso at 2022-12-08T21:28:21+01:00
Process some NFUs
- - - - -
24c1e3e4 by Salvatore Bonaccorso at 2022-12-08T23:02:21+01:00
Track fixed version for asterik issues via unstable
- - - - -
3720a9fe by Salvatore Bonaccorso at 2022-12-09T06:47:59+01:00
Track proposed wolfssl update via bullseye-pu
- - - - -
46ccb1cc by Salvatore Bonaccorso at 2022-12-09T06:49:40+01:00
Track proposed update for CVE-2022-23471 via bullseye-pu
- - - - -
aa0426a6 by Salvatore Bonaccorso at 2022-12-09T07:28:30+01:00
Track fixed version for linux issues via unstable
- - - - -
9ec2ab03 by Aron Xu at 2022-12-09T15:54:06+08:00
Take gerbv again
- - - - -
6a75e6c3 by security tracker role at 2022-12-09T08:10:15+00:00
automatic update
- - - - -
8e63ca8b by Salvatore Bonaccorso at 2022-12-09T10:48:13+01:00
Process some NFUs
- - - - -
c8e4e9d2 by Salvatore Bonaccorso at 2022-12-09T10:50:42+01:00
Add CVE-2022-46153/traefik, itp'ed
- - - - -
85f52065 by Salvatore Bonaccorso at 2022-12-09T10:51:52+01:00
Reassociate some NFUs with traefik, itp'ed
- - - - -
69e03318 by Chris Lamb at 2022-12-09T09:58:40+00:00
data/dla-needed.txt: Triage asterisk for buster LTS (CVE-2022-39244 & CVE-2022-39269)
- - - - -
c739d507 by Emilio Pozuelo Monfort at 2022-12-09T11:45:37+01:00
lts: retake php7.3
- - - - -
54d8c4e8 by Moritz Muehlenhoff at 2022-12-09T12:06:06+01:00
containerd no-dsa
- - - - -
6ecfa46e by Moritz Muehlenhoff at 2022-12-09T12:19:03+01:00
two asterisk issues not actually fixed in latest upload to sid
add commit references
- - - - -
137ab1d3 by Salvatore Bonaccorso at 2022-12-09T15:13:49+01:00
Remove notes for CVE-2022-20565
- - - - -
51381df6 by Salvatore Bonaccorso at 2022-12-09T15:17:02+01:00
Remove notes from CVE-2022-20573
Android securityt team confirmed possible issue and later on updated the
advisory replacing CVE-2022-20573 with CVE-2022-1852.
- - - - -
95900b1d by Moritz Mühlenhoff at 2022-12-09T16:43:02+01:00
mplayer spu
- - - - -
565cfd96 by Moritz Mühlenhoff at 2022-12-09T16:47:50+01:00
nvidia-graphics-drivers-tesla-470 spu
- - - - -
ce66f750 by Moritz Mühlenhoff at 2022-12-09T16:49:44+01:00
nvidia-graphics-drivers spu
- - - - -
e7fa86e4 by Salvatore Bonaccorso at 2022-12-09T17:51:50+01:00
Add CVE-2022-4378/linux
- - - - -
f7961786 by Moritz Mühlenhoff at 2022-12-09T20:20:41+01:00
cacti DSA
- - - - -
c70f0efb by Salvatore Bonaccorso at 2022-12-09T20:40:54+01:00
Track proposed update for linux via bullseye-pu
- - - - -
17d733ec by Anton Gladky at 2022-12-09T20:59:05+01:00
LTS: Add testsuites to the packages
- - - - -
a037c557 by security tracker role at 2022-12-09T20:10:24+00:00
automatic update
- - - - -
00a67e08 by Salvatore Bonaccorso at 2022-12-09T21:23:00+01:00
Process one NFU
- - - - -
bbed9384 by Salvatore Bonaccorso at 2022-12-09T21:29:38+01:00
Process some NFUs
- - - - -
db8af07b by Moritz Muehlenhoff at 2022-12-09T21:32:25+01:00
four airflow related issues not in airflow itself
- - - - -
2f45d142 by Moritz Muehlenhoff at 2022-12-09T21:33:11+01:00
libde265 bug for RCE issues (followup bug for lower severity crashes coming)
- - - - -
187f627c by Salvatore Bonaccorso at 2022-12-09T21:36:33+01:00
Add CVE-2022-3724/wireshark
I went here on the safe side and marked in unimportant, but the crash
seems to be only relevant on Windows system (mich could make the entry
to follow our special exceptions in this case to not-affeced instead.
- - - - -
3d9e47f4 by Salvatore Bonaccorso at 2022-12-09T23:15:46+01:00
Two asterisk issues fixed in unstable upload
The whole build is quite obscure, patches from third_party included
source for pjproject are only applied further on configure, cf.
outlines in #1017004.
Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004#31
- - - - -
412afe53 by Salvatore Bonaccorso at 2022-12-09T23:17:02+01:00
Add Debian bug reference for CVE-2022-46149/rust-capnp
- - - - -
a338d3e8 by security tracker role at 2022-12-10T08:10:18+00:00
automatic update
- - - - -
ac867ab6 by Salvatore Bonaccorso at 2022-12-10T09:16:10+01:00
Reserve DLA-3190-2 for grub2
- - - - -
6ce72213 by Salvatore Bonaccorso at 2022-12-10T09:34:06+01:00
Track fixes for nvidia-graphics-drivers via unstable for several CVEs
- - - - -
61142be0 by Salvatore Bonaccorso at 2022-12-10T09:47:19+01:00
Process some NFUs
- - - - -
099e0d6d by Tobias Frost at 2022-12-10T13:36:56+01:00
Claim pngcheck.
- - - - -
c5a4587a by Tobias Frost at 2022-12-10T13:38:18+01:00
Claim libde265 (while waiting for feedback on pngcheck)
- - - - -
5e674898 by Moritz Muehlenhoff at 2022-12-10T14:37:06+01:00
additional Linux exploit reference
- - - - -
ccf0ccd8 by Markus Koschany at 2022-12-10T17:14:37+01:00
Reserve DLA-3234-1 for hsqldb
- - - - -
2163da4a by Markus Koschany at 2022-12-10T17:20:06+01:00
Reserve DSA-5299-1 for openexr
- - - - -
4e70af35 by security tracker role at 2022-12-10T20:10:23+00:00
automatic update
- - - - -
cc9ead70 by Salvatore Bonaccorso at 2022-12-10T21:52:46+01:00
Add CVE-2022-44030/redmine
- - - - -
aba1c289 by Salvatore Bonaccorso at 2022-12-10T21:54:44+01:00
Add CVE-2022-45283/gpac
- - - - -
90e01167 by Salvatore Bonaccorso at 2022-12-10T22:03:36+01:00
Add set of new xrdp issues
- - - - -
7fbe18fc by Salvatore Bonaccorso at 2022-12-10T22:05:35+01:00
Add CVE-2022-23469/traefik, itp'ed
- - - - -
02ba87a1 by Salvatore Bonaccorso at 2022-12-10T22:30:31+01:00
Correct note for CVE-2022-46169/cacti
- - - - -
ef70cdd2 by Salvatore Bonaccorso at 2022-12-11T08:58:11+01:00
Add CVE-2022-23493/xrdp
- - - - -
a6c8002d by Salvatore Bonaccorso at 2022-12-11T09:06:24+01:00
Update status for sofia-sip DSA
- - - - -
cd3e955c by Salvatore Bonaccorso at 2022-12-11T09:09:37+01:00
Add Debian bug references for xrdp issues
- - - - -
af52e8f0 by security tracker role at 2022-12-11T08:10:15+00:00
automatic update
- - - - -
a0ebae58 by Chris Lamb at 2022-12-11T11:52:16+00:00
Mark CVE-2022-45283/gpac as EOL in gpac for buster LTS.
- - - - -
bc89cfb8 by Salvatore Bonaccorso at 2022-12-11T13:47:24+01:00
Add CVE-2022-43272/dcmtk
- - - - -
f5eedaa2 by Guilhem Moulin at 2022-12-11T14:35:35+01:00
Reserve DLA-3235-1 for node-eventsource
- - - - -
487a94c1 by Guilhem Moulin at 2022-12-11T18:43:37+01:00
LTS: claim node-tar in dla-needed.txt
- - - - -
eacaf48e by Anton Gladky at 2022-12-11T20:00:25+01:00
LTS: add asterisk to dla-needed.txt
- - - - -
3006dd86 by Anton Gladky at 2022-12-11T20:04:15+01:00
LTS: add some more info into firmware-nonfree
- - - - -
488a5251 by Salvatore Bonaccorso at 2022-12-11T20:48:57+01:00
Add CVE-2021-37533/libcommons-net-java
- - - - -
3b20e9ff by Helmut Grohne at 2022-12-11T20:52:46+01:00
LTS: claim exiv2
- - - - -
83053157 by security tracker role at 2022-12-11T20:10:18+00:00
automatic update
- - - - -
d4fd229f by Salvatore Bonaccorso at 2022-12-11T21:17:44+01:00
Add Debian bug reference for CVE-2021-37533
- - - - -
efdc8c42 by Salvatore Bonaccorso at 2022-12-11T21:26:20+01:00
Process some NFUs
- - - - -
a2a0d9ff by Salvatore Bonaccorso at 2022-12-11T21:30:41+01:00
Add CVE-2022-4398/radare2
- - - - -
21fb3266 by Salvatore Bonaccorso at 2022-12-11T21:35:53+01:00
Add CVE-2022-4399/nodau
- - - - -
b70ca5b3 by Salvatore Bonaccorso at 2022-12-11T22:40:25+01:00
Track fixed version for CVE-2022-4399/nodau via unstable
- - - - -
f1e6a001 by Salvatore Bonaccorso at 2022-12-11T22:41:21+01:00
Add note for gerbv in dsa-needed list
- - - - -
432e5017 by Markus Koschany at 2022-12-12T00:50:31+01:00
Reserve DLA-3236-1 for openexr
- - - - -
381b2c8f by Markus Koschany at 2022-12-12T01:03:16+01:00
Claim mbedtls in dla-needed.txt
- - - - -
d488679b by Anton Gladky at 2022-12-12T06:02:49+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
2b64dc7c by Anton Gladky at 2022-12-12T06:17:19+01:00
LTS: Reclaim netatalk
- - - - -
b889e982 by Salvatore Bonaccorso at 2022-12-12T08:56:01+01:00
Add CVE-2022-45145 but retain todo item for now
- - - - -
efaf8ea4 by security tracker role at 2022-12-12T08:10:17+00:00
automatic update
- - - - -
ef7c8e7f by Moritz Muehlenhoff at 2022-12-12T13:57:12+01:00
new wireshark issues
- - - - -
121a0835 by Guilhem Moulin at 2022-12-12T14:47:12+01:00
Reserve DLA-3237-1 for node-tar
- - - - -
11822d13 by Chris Lamb at 2022-12-12T15:25:43+00:00
data/dla-needed.txt: Claim node-follow-redirects.
- - - - -
b8cdece2 by Chris Lamb at 2022-12-12T15:26:32+00:00
data/dla-needed.txt: Claim node-hawk.
- - - - -
a5111e81 by Moritz Muehlenhoff at 2022-12-12T18:01:45+01:00
chicken n/a
- - - - -
03378f2f by Moritz Muehlenhoff at 2022-12-12T18:56:26+01:00
bullseye triage
- - - - -
74ae6640 by security tracker role at 2022-12-12T20:10:19+00:00
automatic update
- - - - -
4202d289 by Moritz Mühlenhoff at 2022-12-12T22:49:45+01:00
pngcheck DSA
- - - - -
c2f6e6cc by Roberto C. Sánchez at 2022-12-12T17:00:20-05:00
LTS: reclaim imagemagick and update notes
- - - - -
58119102 by Salvatore Bonaccorso at 2022-12-13T06:08:12+01:00
Update status for CVE-2022-3724/wireshark
After talking with Moritz (jmm), update status according to other
similar trackings where the crash only affects when running on Windows.
- - - - -
a2c3cbdc by Salvatore Bonaccorso at 2022-12-13T06:11:42+01:00
Process NFUs
- - - - -
18e0e11f by Salvatore Bonaccorso at 2022-12-13T06:35:04+01:00
Add CVE-2022-46908/sqlite3
- - - - -
da3eb33e by Salvatore Bonaccorso at 2022-12-13T08:30:20+01:00
Track fixed version for nvidia-graphics-drivers-tesla-510 issues via unstable
- - - - -
870a205c by Salvatore Bonaccorso at 2022-12-13T08:54:30+01:00
Add CVE-2022-4318/cri-o, itp'ed
- - - - -
378796ff by security tracker role at 2022-12-13T08:10:16+00:00
automatic update
- - - - -
86372bdd by Salvatore Bonaccorso at 2022-12-13T09:53:01+01:00
Process some NFUs
- - - - -
5302f1a7 by Salvatore Bonaccorso at 2022-12-13T11:12:38+01:00
Process some NFUs
- - - - -
88a80420 by Moritz Muehlenhoff at 2022-12-13T13:11:38+01:00
NFUs
- - - - -
a3cfa8d9 by Emilio Pozuelo Monfort at 2022-12-13T14:03:17+01:00
lts: take firefox-esr and thunderbird
- - - - -
f4be3450 by Moritz Muehlenhoff at 2022-12-13T15:18:37+01:00
new openssl issue
- - - - -
67e0c308 by Tobias Frost at 2022-12-13T15:41:28+01:00
Reserve DLA-3238-1 for pngcheck
- - - - -
fb56838e by Salvatore Bonaccorso at 2022-12-13T16:19:16+01:00
Restore fixed status of pngcheck in 2.3.0-7+deb10u1 for CVE-2020-27818
- - - - -
48276b7f by Salvatore Bonaccorso at 2022-12-13T16:56:59+01:00
Add new firefox issues from mfsa2022-51 advisory
- - - - -
265e2956 by Salvatore Bonaccorso at 2022-12-13T16:59:59+01:00
Add firefox-esr issues from mfsa2022-52
- - - - -
4d99681d by Salvatore Bonaccorso at 2022-12-13T17:02:47+01:00
Add thunderbird issues from mfsa2022-53
- - - - -
37f4a99d by Moritz Muehlenhoff at 2022-12-13T17:22:08+01:00
new jquery-minicolors issue
- - - - -
76448a48 by Moritz Muehlenhoff at 2022-12-13T17:24:55+01:00
new python-pyrdfa issue
- - - - -
641508a6 by Sylvain Beucler at 2022-12-13T18:33:54+01:00
Reserve DLA-3239-1 for git
- - - - -
040549b7 by Moritz Muehlenhoff at 2022-12-13T20:01:25+01:00
new redmine issues
- - - - -
7a76f4a1 by Moritz Mühlenhoff at 2022-12-13T20:06:13+01:00
NFUs
- - - - -
5aba3687 by Moritz Muehlenhoff at 2022-12-13T20:12:59+01:00
bugnums
- - - - -
c13a72a8 by security tracker role at 2022-12-13T20:10:35+00:00
automatic update
- - - - -
8ac01faa by Salvatore Bonaccorso at 2022-12-13T21:37:01+01:00
Process some NFUs
- - - - -
9cd64a91 by Salvatore Bonaccorso at 2022-12-13T21:40:25+01:00
Add CVE-2019-25078/pacparser
- - - - -
7db507a2 by Salvatore Bonaccorso at 2022-12-13T21:43:39+01:00
Process some NFUs
- - - - -
214336c4 by Salvatore Bonaccorso at 2022-12-13T22:12:29+01:00
Process NFUs
- - - - -
50bd1b56 by Salvatore Bonaccorso at 2022-12-13T22:30:42+01:00
Track fixed version for nvidia-graphics-drivers-tesla issues via unstable
- - - - -
37af124a by Salvatore Bonaccorso at 2022-12-13T22:33:21+01:00
Track fixed version for thunderbird issues via unstable (MFSA 2022-53)
- - - - -
63072921 by Salvatore Bonaccorso at 2022-12-14T06:49:56+01:00
Add fixed version for firefox issues via unstable (mfsa2022-51)
- - - - -
878440ae by Salvatore Bonaccorso at 2022-12-14T06:52:27+01:00
Track firefox-esr fixes for mfsa2022-52
- - - - -
7bf66637 by Salvatore Bonaccorso at 2022-12-14T06:54:00+01:00
Add firefox-esr and thunderbird to dsa-needed list (jmm assigned)
- - - - -
41b6e0d5 by security tracker role at 2022-12-14T08:10:16+00:00
automatic update
- - - - -
cc8f65f4 by Salvatore Bonaccorso at 2022-12-14T09:11:30+01:00
Add CVE-2022-46340/xorg-server
- - - - -
b4ec966d by Salvatore Bonaccorso at 2022-12-14T09:15:37+01:00
Add CVE-2022-46341/xorg-server
- - - - -
9cf3be7d by Salvatore Bonaccorso at 2022-12-14T09:17:36+01:00
Add CVE-2022-46342/xorg-server
- - - - -
d7b05bb8 by Salvatore Bonaccorso at 2022-12-14T09:19:20+01:00
Add CVE-2022-46343/xorg-server
- - - - -
8dea5746 by Salvatore Bonaccorso at 2022-12-14T09:26:03+01:00
Add CVE-2022-46344/xorg-server
- - - - -
eafeb007 by Salvatore Bonaccorso at 2022-12-14T09:29:01+01:00
Add CVE-2022-4283/xorg-server
- - - - -
16178c2e by Salvatore Bonaccorso at 2022-12-14T09:34:47+01:00
Process NFUs
- - - - -
e188afb1 by Salvatore Bonaccorso at 2022-12-14T09:52:54+01:00
Add new chromium issues
- - - - -
0a27d8bc by Salvatore Bonaccorso at 2022-12-14T09:59:28+01:00
Process some NFUs
- - - - -
b23a6df5 by Salvatore Bonaccorso at 2022-12-14T10:00:50+01:00
Add two new tensorflow issues
- - - - -
0fffabc2 by Salvatore Bonaccorso at 2022-12-14T10:02:42+01:00
Add two new netty issues
- - - - -
0fc85b4e by Salvatore Bonaccorso at 2022-12-14T10:25:44+01:00
Add Debian bug references for xorg-server issues
- - - - -
e47d7588 by Moritz Muehlenhoff at 2022-12-14T12:48:39+01:00
chromium fixed in sid
- - - - -
362712cd by Moritz Muehlenhoff at 2022-12-14T12:50:30+01:00
xorg-server fixed in sid
- - - - -
eeff8a94 by Moritz Muehlenhoff at 2022-12-14T12:57:36+01:00
one more xorg issue
- - - - -
fd38126f by Salvatore Bonaccorso at 2022-12-14T14:17:07+01:00
Revert "one more xorg issue"
This reverts commit eeff8a9483c623f5808652fb0f7fd45a38b06b6c.
This is VE-2022-4283. The original advisory contains a typo which was
propagated to the announce distributed as well unfortunately.
Cf. as well https://www.openwall.com/lists/oss-security/2022/12/14/4
- - - - -
42e99078 by Salvatore Bonaccorso at 2022-12-14T14:22:20+01:00
Track fixed version for CVE-2022-4283
- - - - -
877bbe75 by Salvatore Bonaccorso at 2022-12-14T14:45:01+01:00
Track fixed version via unstable for CVE-2022-4396/python-pyrdfa
- - - - -
92241405 by Salvatore Bonaccorso at 2022-12-14T14:47:34+01:00
Track proposed update for ceph via bullseye-pu
- - - - -
20df592c by Salvatore Bonaccorso at 2022-12-14T16:14:21+01:00
Add xorg-server to dsa-needed list
- - - - -
7a959722 by Moritz Muehlenhoff at 2022-12-14T16:34:41+01:00
new libapache2-mod-auth-openidc issue
- - - - -
a6aba36c by Moritz Muehlenhoff at 2022-12-14T16:38:05+01:00
new ruby-loofah issues
- - - - -
a92dcd2d by Salvatore Bonaccorso at 2022-12-14T17:12:05+01:00
Adjust GHSA reference for CVE-2022-23514
- - - - -
4cc2a47c by Salvatore Bonaccorso at 2022-12-14T17:14:14+01:00
Add upstream tag information for CVE-2022-23527
- - - - -
b79d7557 by Salvatore Bonaccorso at 2022-12-14T17:16:25+01:00
Track fixed version for xwayland issues via unstable
- - - - -
9742e532 by Salvatore Bonaccorso at 2022-12-14T17:20:11+01:00
Track two more xwayland issues as fixed with 2:22.1.5-1 upload to unstable
- - - - -
bb07c383 by Moritz Mühlenhoff at 2022-12-14T19:03:41+01:00
firefox-esr DSA
- - - - -
034dab88 by Sylvain Beucler at 2022-12-14T19:26:05+01:00
Reserve DLA-3239-2 for git
- - - - -
45d8fef4 by Sylvain Beucler at 2022-12-14T20:21:35+01:00
dla: claim tiff
- - - - -
30db4c15 by Salvatore Bonaccorso at 2022-12-14T21:03:03+01:00
Add Debian bug reference for CVE-2019-25078/pacparser
- - - - -
419c2e19 by security tracker role at 2022-12-14T20:10:20+00:00
automatic update
- - - - -
ed30cd5e by Salvatore Bonaccorso at 2022-12-14T21:26:08+01:00
Remove notes from CVE-2022-3931
CVE withdrawn by its CNA as further investigation showed that it was not
a security issue.
- - - - -
63aa86db by Salvatore Bonaccorso at 2022-12-14T21:43:57+01:00
Process some NFUs
- - - - -
e3002203 by Salvatore Bonaccorso at 2022-12-14T21:48:56+01:00
Add four new ruby-rails-html-sanitizer issues
- - - - -
8561c8b1 by Salvatore Bonaccorso at 2022-12-14T22:08:48+01:00
Add CVE-2022-4379/linux
- - - - -
d08e6db1 by Salvatore Bonaccorso at 2022-12-14T22:10:34+01:00
Add CVE-2022-4382/linux
- - - - -
2c454404 by Salvatore Bonaccorso at 2022-12-15T07:17:23+01:00
Track fixed version for mruby issues via unstable
Note, those should be peer reviewed for correctness.
- - - - -
1ce1e1f8 by Salvatore Bonaccorso at 2022-12-15T07:20:37+01:00
Track fixed version for bluez-firmware issues via unstable
- - - - -
0236a3b9 by Salvatore Bonaccorso at 2022-12-15T07:30:15+01:00
Add CVE-2022-4285/binutils
- - - - -
85bacd5f by security tracker role at 2022-12-15T08:10:18+00:00
automatic update
- - - - -
70f70d4d by Salvatore Bonaccorso at 2022-12-15T09:14:36+01:00
Add CVE-2022-3115/linux
- - - - -
d6c253ff by Salvatore Bonaccorso at 2022-12-15T09:20:05+01:00
Add CVE-2022-3114/linux
- - - - -
f6ae055a by Salvatore Bonaccorso at 2022-12-15T09:39:13+01:00
Add CVE-2022-3113/linux
- - - - -
b4a7ee16 by Salvatore Bonaccorso at 2022-12-15T09:43:57+01:00
Add CVE-2022-3112/linux
- - - - -
be69531c by Salvatore Bonaccorso at 2022-12-15T10:30:21+01:00
Add CVE-2022-3111/linux
- - - - -
ea2e1c6a by Salvatore Bonaccorso at 2022-12-15T10:42:18+01:00
Add CVE-2022-3110/linux
- - - - -
bf401856 by Salvatore Bonaccorso at 2022-12-15T10:54:32+01:00
Add CVE-2022-3108/linux
- - - - -
f15a3420 by Salvatore Bonaccorso at 2022-12-15T11:09:45+01:00
Add CVE-2022-3107/linux
- - - - -
5dc0e613 by Salvatore Bonaccorso at 2022-12-15T11:17:53+01:00
Add CVE-2022-3106/linux
- - - - -
e2a77210 by Salvatore Bonaccorso at 2022-12-15T11:35:27+01:00
Add CVE-2022-3105/linux
- - - - -
17fdb54d by Salvatore Bonaccorso at 2022-12-15T11:39:34+01:00
Add CVE-2022-3104/linux
- - - - -
1fb24f7a by Salvatore Bonaccorso at 2022-12-15T11:40:29+01:00
Process some NFUs
- - - - -
e2b534b6 by Moritz Muehlenhoff at 2022-12-15T12:02:43+01:00
new ffmpeg issue
- - - - -
f9e834e7 by Moritz Muehlenhoff at 2022-12-15T12:24:01+01:00
new nokogiri issue
- - - - -
34e5c37f by Moritz Muehlenhoff at 2022-12-15T14:40:24+01:00
NFUs
- - - - -
8880994f by Moritz Muehlenhoff at 2022-12-15T16:50:49+01:00
qemu fixed in sid
- - - - -
3772d3b8 by Tobias Frost at 2022-12-15T16:55:08+01:00
CVE-2022-1253 does not affect buster and stretch.
- - - - -
adaa8a72 by Tobias Frost at 2022-12-15T17:54:53+01:00
Reserve DLA-3240-1 for libde2565.
- - - - -
6000ae66 by Emilio Pozuelo Monfort at 2022-12-15T19:10:54+01:00
Reserve DLA-3241-1 for firefox-esr
- - - - -
02b8903e by Emilio Pozuelo Monfort at 2022-12-15T19:19:48+01:00
Reserve DLA-3242-1 for thunderbird
- - - - -
60856d4a by Emilio Pozuelo Monfort at 2022-12-15T19:30:55+01:00
Reserve DLA-3243-1 for php7.3
- - - - -
6d8a8acc by Salvatore Bonaccorso at 2022-12-15T20:38:46+01:00
CVE-2022-23476: Only reference to commit addressing the issue
The other one was the merge commit, and the merge contained only one
commit, so was sort of additional listing.
- - - - -
b8742f2a by Salvatore Bonaccorso at 2022-12-15T20:42:54+01:00
Reference upstream commit for CVE-2022-3165
- - - - -
934ac975 by security tracker role at 2022-12-15T20:10:28+00:00
automatic update
- - - - -
e6d8ea81 by Salvatore Bonaccorso at 2022-12-15T21:15:14+01:00
Track erlang update for bullseye-pu
- - - - -
86b77527 by Salvatore Bonaccorso at 2022-12-15T21:43:27+01:00
Process NFUs
- - - - -
44b4a47d by Salvatore Bonaccorso at 2022-12-15T21:45:34+01:00
Add CVE-2022-32531/bookkeeper
- - - - -
62cd72d8 by Salvatore Bonaccorso at 2022-12-15T21:47:42+01:00
Add CVE-2022-23524/helm-kubernetes
- - - - -
644e5cb5 by Salvatore Bonaccorso at 2022-12-15T21:48:22+01:00
Add CVE-2022-23494/tinymce
- - - - -
dd3dd0b9 by Salvatore Bonaccorso at 2022-12-15T22:31:19+01:00
Add CVE-2022-45141/samba
- - - - -
ad1758df by Salvatore Bonaccorso at 2022-12-15T22:33:17+01:00
Update information for CVE-2022-37967
- - - - -
abda0cd8 by Salvatore Bonaccorso at 2022-12-15T22:34:52+01:00
Update information for CVE-2022-37966
- - - - -
f0e90973 by Salvatore Bonaccorso at 2022-12-15T22:36:16+01:00
Update information for CVE-2022-38023
- - - - -
a5b7fcc3 by Salvatore Bonaccorso at 2022-12-15T22:52:21+01:00
Associate CVE-2022-44640 as well for samba
- - - - -
aa19c79c by Salvatore Bonaccorso at 2022-12-16T07:46:54+01:00
Add CVE-2022-4516
- - - - -
3ca91f86 by security tracker role at 2022-12-16T08:10:14+00:00
automatic update
- - - - -
c64183c4 by Salvatore Bonaccorso at 2022-12-16T11:21:21+01:00
Process NFUs
- - - - -
bc7a9506 by Dominik George at 2022-12-16T13:19:38+01:00
Grab lava once again
- - - - -
2c230134 by Moritz Muehlenhoff at 2022-12-16T13:49:51+01:00
NFUs
- - - - -
b4fe4068 by Moritz Muehlenhoff at 2022-12-16T14:31:07+01:00
NFUs
- - - - -
a26dfbd8 by Moritz Muehlenhoff at 2022-12-16T16:50:47+01:00
qemu fixed in sid
- - - - -
bb8ee6f6 by Tobias Frost at 2022-12-16T18:26:46+01:00
LTS: claim multipath-tools in dla-needed.txt
- - - - -
72abe397 by Moritz Mühlenhoff at 2022-12-16T20:00:27+01:00
chromium, thunderbird DSAs
- - - - -
1694d7d0 by Moritz Mühlenhoff at 2022-12-16T20:03:50+01:00
fix CVE list
- - - - -
5924e2f2 by Salvatore Bonaccorso at 2022-12-16T20:42:47+01:00
Add Debian bug reference for CVE-2022-32531/bookkeeper
- - - - -
e44555fd by Salvatore Bonaccorso at 2022-12-16T20:50:43+01:00
Pre-check list of uploads for 11.6 bullseye point release
- - - - -
45962f06 by Salvatore Bonaccorso at 2022-12-16T20:52:00+01:00
Remove duplicate entries for mplayer
- - - - -
05e9ddaa by Salvatore Bonaccorso at 2022-12-16T21:03:42+01:00
Update status for CVE-2022-4379 syncing with kernel-sec
- - - - -
076710f4 by security tracker role at 2022-12-16T20:10:19+00:00
automatic update
- - - - -
baecd9c8 by Salvatore Bonaccorso at 2022-12-16T21:13:48+01:00
Add CVE-2022-2196/linux
- - - - -
3551f0f3 by Salvatore Bonaccorso at 2022-12-16T21:15:01+01:00
Process two NFUs
- - - - -
2d37647c by Salvatore Bonaccorso at 2022-12-16T21:34:26+01:00
Process some NFUs
- - - - -
822f0600 by Salvatore Bonaccorso at 2022-12-16T21:39:55+01:00
Add two new sogo issues
- - - - -
77a67ba6 by Salvatore Bonaccorso at 2022-12-16T21:40:19+01:00
Add two new mbedtls issues fixed in unstable
- - - - -
cff05cc3 by Salvatore Bonaccorso at 2022-12-16T22:07:56+01:00
Process some NFUs
- - - - -
2e81003f by Salvatore Bonaccorso at 2022-12-16T22:09:24+01:00
Add CVE-2022-23525/helm-kubernetes
- - - - -
5fa4d2fa by Salvatore Bonaccorso at 2022-12-16T22:21:36+01:00
Add missing entry for nvidia-graphics-driver for CVE-2022-34674
- - - - -
21fa6c83 by Salvatore Bonaccorso at 2022-12-16T22:22:33+01:00
Merge linux changes for bullseye 11.6
- - - - -
15541984 by Salvatore Bonaccorso at 2022-12-16T22:23:29+01:00
Merge changes for updates via bullseye 11.6
- - - - -
16e02bf3 by Salvatore Bonaccorso at 2022-12-16T23:01:03+01:00
Add CVE-2022-4543/linux
- - - - -
a9561651 by Salvatore Bonaccorso at 2022-12-16T23:02:22+01:00
Add blog entry for CVE-2022-4543
- - - - -
7ea84aa4 by security tracker role at 2022-12-17T08:10:11+00:00
automatic update
- - - - -
f76f258e by Salvatore Bonaccorso at 2022-12-17T09:29:23+01:00
Remove notes from CVE-2022-20463 (rejected, was not a security issue)
- - - - -
07c5b557 by Salvatore Bonaccorso at 2022-12-17T09:32:28+01:00
Add commit references for CVE-2022-2873
- - - - -
7fa7d05a by Salvatore Bonaccorso at 2022-12-17T09:33:15+01:00
Add commit reference for CVE-2022-3424
- - - - -
f3263466 by Salvatore Bonaccorso at 2022-12-17T09:34:57+01:00
Add commit reference for CVE-2022-36280
- - - - -
40c10e09 by Salvatore Bonaccorso at 2022-12-17T09:36:25+01:00
Add upstream commit reference for CVE-2022-41218
- - - - -
3c07c38b by Salvatore Bonaccorso at 2022-12-17T09:38:31+01:00
Add upstream commits for CVE-2022-4129
- - - - -
e82a21b3 by Salvatore Bonaccorso at 2022-12-17T09:55:02+01:00
Sync several CVEs for linux with kernel-sec
- - - - -
2cb02f69 by Salvatore Bonaccorso at 2022-12-17T09:31:50+00:00
Merge branch 'bullseye-11.6' into 'master'
Merge changes accepted for bullseye 11.6 release
See merge request security-tracker-team/security-tracker!120
- - - - -
51f857ed by Salvatore Bonaccorso at 2022-12-17T10:33:39+01:00
Process some NFUs
- - - - -
1208ed9e by Salvatore Bonaccorso at 2022-12-17T11:49:24+01:00
Process some NFUs
- - - - -
6d13a7b0 by Salvatore Bonaccorso at 2022-12-17T21:07:10+01:00
Track fixed version via unstable for CVE-2022-29181/ruby-nokogiri
- - - - -
d6ad2f5c by Salvatore Bonaccorso at 2022-12-17T21:08:37+01:00
Add fixed version via unstable for CVE-2022-23476/ruby-nokogiri
- - - - -
72e6f0e1 by Salvatore Bonaccorso at 2022-12-17T21:11:15+01:00
Add upstream tag information for CVE-2022-23476
- - - - -
32580201 by security tracker role at 2022-12-17T20:13:56+00:00
automatic update
- - - - -
c1bf54f6 by Salvatore Bonaccorso at 2022-12-17T21:14:52+01:00
Remove notes from CVE-2022-353{1,2}
CVEs rejected by the assigning CNA as the issues were not security
issues.
- - - - -
58e27699 by Salvatore Bonaccorso at 2022-12-17T21:29:10+01:00
Process some NFUs
- - - - -
840e0513 by Salvatore Bonaccorso at 2022-12-17T21:44:33+01:00
Add Debian bug reference for CVE-2022-46908/sqlite3
- - - - -
76205244 by Salvatore Bonaccorso at 2022-12-18T08:50:27+01:00
Add CVe-2022-47518/linux
- - - - -
d6e2780c by Salvatore Bonaccorso at 2022-12-18T08:56:34+01:00
Add CVE-2022-47519
- - - - -
995e779f by security tracker role at 2022-12-18T08:10:14+00:00
automatic update
- - - - -
8edef1cb by Laszlo Boszormenyi (GCS) at 2022-12-18T10:33:29+01:00
Add fixed version for CVE-2022-46908/sqlite3 via unstable
- - - - -
c9094a42 by Guilhem Moulin at 2022-12-18T12:14:11+01:00
LTS: claim cacti in dla-needed.txt
- - - - -
5c0f3141 by Salvatore Bonaccorso at 2022-12-18T12:17:52+01:00
Add CVE-2022-47520/linux
- - - - -
a4230e0b by Salvatore Bonaccorso at 2022-12-18T12:22:39+01:00
Add CVE-2022-47521/linux
- - - - -
d8b451e5 by Salvatore Bonaccorso at 2022-12-18T20:51:39+01:00
Process NFUs
- - - - -
847fcf32 by Salvatore Bonaccorso at 2022-12-18T20:53:45+01:00
Add two new libjettison-java issues
- - - - -
ade29e35 by security tracker role at 2022-12-18T20:10:17+00:00
automatic update
- - - - -
e0596dfd by security tracker role at 2022-12-19T08:10:12+00:00
automatic update
- - - - -
2462140d by Salvatore Bonaccorso at 2022-12-19T09:20:50+01:00
Process some NFUs
- - - - -
f298d9f8 by security tracker role at 2022-12-19T20:10:14+00:00
automatic update
- - - - -
e4067473 by Salvatore Bonaccorso at 2022-12-19T21:34:36+01:00
Process some NFUs
- - - - -
a6c95068 by Salvatore Bonaccorso at 2022-12-19T21:40:36+01:00
Process some NFUs
- - - - -
8424fbb3 by Salvatore Bonaccorso at 2022-12-19T21:51:09+01:00
Track fixed version for dpdk issues via unstable
- - - - -
c40dfd1e by Utkarsh Gupta at 2022-12-20T02:39:29+05:30
Take libetpan
- - - - -
6ab635a9 by Salvatore Bonaccorso at 2022-12-20T07:23:07+01:00
Track proposed update for CVE-2022-46146 via bullseye-pu
- - - - -
5c1c68b8 by Salvatore Bonaccorso at 2022-12-20T07:50:17+01:00
caddy entered the archive, mark as unfixed for pending review status
- - - - -
64fcbd56 by Salvatore Bonaccorso at 2022-12-20T08:06:24+01:00
Review status for caddy issues
- - - - -
3297b0aa by Salvatore Bonaccorso at 2022-12-20T08:15:24+01:00
Add three new trafficserver issues
- - - - -
7f8245c1 by Salvatore Bonaccorso at 2022-12-20T08:20:24+01:00
Add notes for CVE-2021-33640
- - - - -
3100c16a by Salvatore Bonaccorso at 2022-12-20T08:40:02+01:00
Add CVE-2022-4515/exuberant-ctags
- - - - -
05550ed6 by security tracker role at 2022-12-20T08:10:47+00:00
automatic update
- - - - -
e3f016f6 by Dominik George at 2022-12-20T09:39:09+01:00
Give back lava
- - - - -
272f8136 by Moritz Muehlenhoff at 2022-12-20T09:52:25+01:00
isakpmd removed
- - - - -
7c243258 by Moritz Muehlenhoff at 2022-12-20T13:48:11+01:00
NFUs
- - - - -
6b003830 by Salvatore Bonaccorso at 2022-12-20T14:01:16+01:00
Track fixed version for xrdp issues
- - - - -
568951a2 by Salvatore Bonaccorso at 2022-12-20T14:04:32+01:00
Add tracking bug for CVE-2022-23527
- - - - -
0c23aea5 by Moritz Muehlenhoff at 2022-12-20T14:34:51+01:00
whohas,ppp non issues
- - - - -
e5d1ce7a by Moritz Muehlenhoff at 2022-12-20T14:46:36+01:00
new multimon-ng issue
- - - - -
61c2030c by Ben Hutchings at 2022-12-20T15:58:34+01:00
Reserve DLA-3244-1 for linux-5.10
- - - - -
e765c9db by Moritz Muehlenhoff at 2022-12-20T16:33:43+01:00
NFUs
- - - - -
44ddb28d by Salvatore Bonaccorso at 2022-12-20T17:06:22+01:00
Track fixes in last bullseye point release for linux which got forgotten
- - - - -
1395f8d8 by Salvatore Bonaccorso at 2022-12-20T17:14:52+01:00
Track proposed update for libapache2-mod-auth-openidc via bullseye-pu
- - - - -
f2f034dc by Salvatore Bonaccorso at 2022-12-20T17:20:08+01:00
Add new libksba entry (pending CVE assignment)
- - - - -
0ce57267 by Salvatore Bonaccorso at 2022-12-20T18:27:50+01:00
Add upstream tag reference for CVE-2020-36619
- - - - -
f6a3e83f by Salvatore Bonaccorso at 2022-12-20T18:39:51+01:00
Track fixed version for libksba issue
- - - - -
d5c1b4df by Salvatore Bonaccorso at 2022-12-20T18:57:55+01:00
Add CVE-2022-4415/systemd
- - - - -
004499b5 by Salvatore Bonaccorso at 2022-12-20T19:03:35+01:00
Mark kvmtool as removed from unstable
- - - - -
0c05a6f8 by Salvatore Bonaccorso at 2022-12-20T19:04:26+01:00
Mark kvmtool as removed from any supported suite
- - - - -
ab10a716 by Moritz Muehlenhoff at 2022-12-20T19:06:10+01:00
new haskell-xml-conduit issue
- - - - -
ffe044a5 by Moritz Muehlenhoff at 2022-12-20T19:08:19+01:00
new znuny issue
- - - - -
c5ef7ab3 by Salvatore Bonaccorso at 2022-12-20T20:40:53+01:00
Reserve DSA number for xorg-server update
- - - - -
1b831618 by security tracker role at 2022-12-20T20:10:28+00:00
automatic update
- - - - -
10d39f46 by Salvatore Bonaccorso at 2022-12-20T22:18:44+01:00
Process some NFUs
- - - - -
9cb19a4a by Luca Boccassi at 2022-12-20T22:34:45+01:00
CVE-2022-4415: mention upstream stable tree fix
The main branch fix will not apply on bullseye
- - - - -
17d232b2 by Luca Boccassi at 2022-12-20T22:38:41+01:00
CVE-2022-4415: buster is unaffected, add note regarding scope
- - - - -
45d13857 by Luca Boccassi at 2022-12-20T22:47:48+01:00
CVE-2020-13529: mark sid/bookworm as fixed by noting the version
- - - - -
cbcf0ca5 by Luca Boccassi at 2022-12-20T22:49:57+01:00
CVE-2020-13776: mark buster as unaffected
issue introduced later
- - - - -
7b10624a by Ben Hutchings at 2022-12-21T01:03:11+01:00
data/CVE/list: Fix "release notes not ordered properly"
- - - - -
cd9da6f7 by Ben Hutchings at 2022-12-21T01:03:35+01:00
Reserve DLA-3245-1 for linux
- - - - -
f0ee5490 by Salvatore Bonaccorso at 2022-12-21T06:21:03+01:00
(Partially) revert "CVE-2022-4415: mention upstream stable tree fix"
This reverts commit 9cb19a4acf0af32f80dc43d5cfe10e9f7bb16114.
Add back records for fixes from master branch.
- - - - -
1424e7d4 by Salvatore Bonaccorso at 2022-12-21T06:29:21+01:00
Remove notes for CVE-2022-3535 (rejected)
- - - - -
39d34546 by Salvatore Bonaccorso at 2022-12-21T06:32:55+01:00
Add assigned CVE for libksba issue
- - - - -
fcda1263 by Salvatore Bonaccorso at 2022-12-21T06:36:10+01:00
Update status for CVE-2022-42896/linux according to kernel-sec tracking
- - - - -
399d938f by Salvatore Bonaccorso at 2022-12-21T06:37:10+01:00
Mark CVE-2022-3542 as unimportant
- - - - -
d2f561be by Salvatore Bonaccorso at 2022-12-21T06:45:29+01:00
Clarify unimportant status for CVE-2022-3542
- - - - -
a865a519 by Salvatore Bonaccorso at 2022-12-21T07:02:17+01:00
Add CVE-2022-46421 as NFU
- - - - -
6b2a1f2a by Salvatore Bonaccorso at 2022-12-21T08:04:49+01:00
Remove notes for CVE-2022-3542 (confirmed rejection by VulDB)
- - - - -
e47d9609 by security tracker role at 2022-12-21T08:10:16+00:00
automatic update
- - - - -
1d0d8764 by Salvatore Bonaccorso at 2022-12-21T09:48:44+01:00
Remove notes from CVE-2022-35253
- - - - -
089c10fe by Salvatore Bonaccorso at 2022-12-21T09:51:47+01:00
Process some NFUs
- - - - -
83a3acfe by Guilhem Moulin at 2022-12-21T10:18:39+01:00
CVE-2021-46144: mark sid/bookworm as fixed.
The fix made it to 1.6~beta+dfsg-1 and subsequent versions, including
1.6.0+dfsg-1.
- - - - -
536f1eec by Salvatore Bonaccorso at 2022-12-21T10:53:00+01:00
Add CVE-2022-43552/curl
- - - - -
a945efde by Salvatore Bonaccorso at 2022-12-21T10:55:39+01:00
Add CVE-2022-43551/curl
- - - - -
9d4d96f9 by Moritz Muehlenhoff at 2022-12-21T10:56:56+01:00
ATS fixed in sid
- - - - -
c9bcd666 by Moritz Muehlenhoff at 2022-12-21T11:13:55+01:00
add ATS commit refs
- - - - -
0d777e0e by Salvatore Bonaccorso at 2022-12-21T11:24:28+01:00
Add libksba to dsa-needed file
- - - - -
6a03766d by Moritz Muehlenhoff at 2022-12-21T13:16:43+01:00
znuny fixed in sid
- - - - -
bd0ca24c by Moritz Muehlenhoff at 2022-12-21T14:53:51+01:00
link advisory for systemd-coredump
- - - - -
4e920431 by Moritz Muehlenhoff at 2022-12-21T17:00:32+01:00
NFUs
- - - - -
8986feae by security tracker role at 2022-12-21T20:10:20+00:00
automatic update
- - - - -
ff468563 by Salvatore Bonaccorso at 2022-12-21T21:17:19+01:00
Properly sort the releases for CVE-2020-13776
- - - - -
7a5d851b by Salvatore Bonaccorso at 2022-12-21T21:37:42+01:00
Add Debian bug references for new curl issues: CVE-2022-4355{1,2}
- - - - -
23b80562 by Salvatore Bonaccorso at 2022-12-21T21:40:24+01:00
Add Debian bug reference for CVE-2022-4415/systemd
- - - - -
bb9d4c77 by Salvatore Bonaccorso at 2022-12-21T21:42:22+01:00
Add CVE-2022-40145/apache-karaf
- - - - -
1b0cb999 by Salvatore Bonaccorso at 2022-12-21T21:50:08+01:00
Add CVE-2022-433{7,8}/openvswitch
- - - - -
0aa0368c by Salvatore Bonaccorso at 2022-12-21T22:05:30+01:00
Add upstream tag information for CVE-2021-4249
- - - - -
299e13fa by Salvatore Bonaccorso at 2022-12-21T22:34:21+01:00
Reserve DSA number for libksba update
- - - - -
5e6b4b17 by Moritz Muehlenhoff at 2022-12-21T22:48:34+01:00
add writeup for CVE-2022-2602
- - - - -
7d2467f1 by Salvatore Bonaccorso at 2022-12-22T08:47:43+01:00
Track fixed version for ghostwriter issues via unstable
- - - - -
397a68ea by security tracker role at 2022-12-22T08:10:15+00:00
automatic update
- - - - -
e6f42f0d by Salvatore Bonaccorso at 2022-12-22T09:11:34+01:00
Add information on CVE-2022-38065/python-oslo.privsep
- - - - -
0b5e5bae by Salvatore Bonaccorso at 2022-12-22T09:22:50+01:00
Process some NFUs
- - - - -
dc507b68 by Salvatore Bonaccorso at 2022-12-22T09:23:26+01:00
Process two new rdiffweb issues, itp'ed
- - - - -
e0ac58ad by Salvatore Bonaccorso at 2022-12-22T09:27:21+01:00
Process one NFU
- - - - -
34034ef8 by Luca Boccassi at 2022-12-22T11:26:17+01:00
CVE-2022-4415: fix affected version, note on prep commit
The sysctl change was introduced in 246, not 247.
The prep commit is needed for the commit on main, but not the one on the v247 stable branch.
- - - - -
897c6306 by Luca Boccassi at 2022-12-22T11:35:54+01:00
CVE-2022-4415: mark as ignored for buster
Functionality is present in v241, but disabled by default (unlike in bullseye)
- - - - -
c2630f10 by Salvatore Bonaccorso at 2022-12-22T11:43:44+01:00
Track fixed version for CVE-2020-25265/libappimage
- - - - -
372d3914 by Moritz Muehlenhoff at 2022-12-22T13:35:38+01:00
curl fixed in sid
- - - - -
9ab230ed by Moritz Muehlenhoff at 2022-12-22T13:38:02+01:00
systemd fixed in sid
- - - - -
a4680853 by Moritz Muehlenhoff at 2022-12-22T14:13:48+01:00
NFUs
- - - - -
dcb078b4 by Salvatore Bonaccorso at 2022-12-22T14:23:50+01:00
Remove firefox-esr from dsa-needed list
- - - - -
ed26cc5b by Moritz Muehlenhoff at 2022-12-22T14:31:54+01:00
sslh n/a
- - - - -
d9087b07 by Moritz Muehlenhoff at 2022-12-22T14:40:09+01:00
new zabbix issues
- - - - -
a9ea0f60 by Moritz Muehlenhoff at 2022-12-22T14:53:10+01:00
zabbix bugnum
- - - - -
fc9a34f8 by Moritz Muehlenhoff at 2022-12-22T15:34:48+01:00
NFUs
- - - - -
8d0f7183 by security tracker role at 2022-12-22T20:10:26+00:00
automatic update
- - - - -
cdd5b5be by Salvatore Bonaccorso at 2022-12-22T21:15:43+01:00
Remove notes from CVE-2022-4516
- - - - -
99b94bf9 by Salvatore Bonaccorso at 2022-12-22T21:22:32+01:00
Process some NFUs
- - - - -
f109e589 by Salvatore Bonaccorso at 2022-12-22T21:26:08+01:00
Add CVE-2022-1887/firefox (only affecting iOS)
- - - - -
449ec7df by Salvatore Bonaccorso at 2022-12-22T21:29:56+01:00
Add information of retrospectively added CVE-2022-3266/thunderbird
- - - - -
c687b49f by Salvatore Bonaccorso at 2022-12-22T21:34:07+01:00
Add information for CVE-2022-3266 covering firefox and firefox-esr
- - - - -
287ba109 by Salvatore Bonaccorso at 2022-12-22T21:42:13+01:00
Add CVE-2022-46882/firefox
- - - - -
af7088e0 by Salvatore Bonaccorso at 2022-12-22T21:43:44+01:00
Add CVE-2022-46883/firefox (mfsa-2022-47)
- - - - -
4eb74e76 by Salvatore Bonaccorso at 2022-12-22T21:46:25+01:00
Add CVE-2022-46881/firefox (mfsa-2022-44)
- - - - -
933fc928 by Salvatore Bonaccorso at 2022-12-22T21:49:00+01:00
Add CVE-2022-46885/firefox
- - - - -
627226eb by Aron Xu at 2022-12-23T13:57:41+08:00
Take nodejs
- - - - -
4e2d0c16 by Chris Lamb at 2022-12-23T06:20:55+00:00
Reserve DLA-3246-1 for node-hawk
- - - - -
5a5bcd41 by Salvatore Bonaccorso at 2022-12-23T07:24:03+01:00
Add CVE-2022-4662/linux
- - - - -
0529866d by Chris Lamb at 2022-12-23T06:55:00+00:00
Mark CVE-2022-0536 in node-follow-redirects as ignored in Buster LTS; this follows CVE-2022-0155.
- - - - -
a5036f0c by Chris Lamb at 2022-12-23T06:55:31+00:00
Drop extra whitespace.
- - - - -
53f583b5 by Chris Lamb at 2022-12-23T06:57:55+00:00
dla-needed.txt: Add note for node-got.
- - - - -
f1d83701 by Chris Lamb at 2022-12-23T06:58:45+00:00
dla-needed.txt: Add note for node-nth-check.
- - - - -
5fb07af8 by Chris Lamb at 2022-12-23T07:04:32+00:00
dla-needed.txt: Add note for node-object-path.
- - - - -
6f5cf157 by Chris Lamb at 2022-12-23T07:08:18+00:00
Triage CVE-2021-23440/node-set-value for Buster LTS.
- - - - -
bbfbf315 by Chris Lamb at 2022-12-23T07:18:35+00:00
data/dla-needed.txt: Claim node-trim-newlines.
- - - - -
9d620fb9 by security tracker role at 2022-12-23T08:10:17+00:00
automatic update
- - - - -
d5590d83 by Chris Lamb at 2022-12-23T08:54:59+00:00
Reserve DLA-3247-1 for node-trim-newlines
- - - - -
245da953 by Salvatore Bonaccorso at 2022-12-23T12:28:37+01:00
Process NFUs
- - - - -
a914286f by Salvatore Bonaccorso at 2022-12-23T12:34:04+01:00
Process two NFUs
- - - - -
6892525d by Salvatore Bonaccorso at 2022-12-23T12:34:33+01:00
Add CVE-2022-4665/ampache
- - - - -
dfd933b9 by Salvatore Bonaccorso at 2022-12-23T12:34:58+01:00
Add two CVEs for codeigniter, itp'ed
- - - - -
a9f88da2 by Salvatore Bonaccorso at 2022-12-23T14:08:09+01:00
Process some NFUs
- - - - -
89d820a4 by Salvatore Bonaccorso at 2022-12-23T20:46:01+01:00
Add CVE-2022-47941/linux
- - - - -
6fa1d1bc by Salvatore Bonaccorso at 2022-12-23T20:50:58+01:00
Add CVE-2022-47942/linux
- - - - -
9325c947 by Salvatore Bonaccorso at 2022-12-23T20:55:40+01:00
Add CVE-2022-47943
- - - - -
34478ae7 by Salvatore Bonaccorso at 2022-12-23T20:58:36+01:00
Add CVE-2022-47938/linux
- - - - -
aa35b6c7 by Salvatore Bonaccorso at 2022-12-23T21:02:26+01:00
Add CVE-2022-47939/linux
- - - - -
2d3de6cb by Salvatore Bonaccorso at 2022-12-23T21:06:33+01:00
Add CVE-2022-47940/linux
- - - - -
67096990 by security tracker role at 2022-12-23T20:10:34+00:00
automatic update
- - - - -
87be4fa1 by Salvatore Bonaccorso at 2022-12-23T21:18:48+01:00
Process some NFUs
- - - - -
0e31885f by Salvatore Bonaccorso at 2022-12-23T21:22:34+01:00
Process several NFUs
- - - - -
5ca2fcff by Samuel Henrique at 2022-12-23T21:52:59+00:00
curl: Set fixed versions for CVE-2021-22923 and CVE-2021-22922
- - - - -
8ed68f02 by security tracker role at 2022-12-24T08:10:11+00:00
automatic update
- - - - -
73d41e51 by Salvatore Bonaccorso at 2022-12-24T09:15:36+01:00
Add first batch of openimageio issues
Unfortunately more pending, with not yet clear upstream status and
reported by Cisco TALOS Project.
- - - - -
56a1d0e4 by Salvatore Bonaccorso at 2022-12-24T09:19:05+01:00
Add CVE-2022-47946/linux
- - - - -
83d81e82 by Salvatore Bonaccorso at 2022-12-24T09:20:43+01:00
Process some NFUs
- - - - -
67202abc by Salvatore Bonaccorso at 2022-12-24T09:22:54+01:00
Process one NFU
- - - - -
199e2e85 by Salvatore Bonaccorso at 2022-12-24T09:23:51+01:00
Add some rdiffweb issues (itp'ed)
- - - - -
4c0a7328 by Moritz Muehlenhoff at 2022-12-24T14:48:14+01:00
retroarch/libstb code copy fixed
- - - - -
d1252530 by Markus Koschany at 2022-12-24T16:22:33+01:00
Reserve DLA-3248-1 for libksba
- - - - -
db21ad2a by security tracker role at 2022-12-24T20:10:24+00:00
automatic update
- - - - -
673cdbbc by security tracker role at 2022-12-25T08:10:12+00:00
automatic update
- - - - -
862400e3 by Salvatore Bonaccorso at 2022-12-25T09:22:28+01:00
Track fixed version via unstable for libarchive issues
The upload contained a typo for the CVE id, the right one would be
CVE-2022-26280.
- - - - -
e6370097 by Salvatore Bonaccorso at 2022-12-25T09:38:02+01:00
Process some NFUs
- - - - -
40f314eb by Salvatore Bonaccorso at 2022-12-25T09:39:30+01:00
Add CVE-2022-47{28,29,30}/graphite-web
- - - - -
15f64ec3 by Salvatore Bonaccorso at 2022-12-25T09:40:03+01:00
Add CVE-2022-4793{2,3,4}/brave-browser
- - - - -
512f05a5 by Salvatore Bonaccorso at 2022-12-25T09:40:37+01:00
Add CVE-2022-4438{0,1}/snipe-it
- - - - -
65aa7e50 by Salvatore Bonaccorso at 2022-12-25T09:43:32+01:00
Add CVE-2022-23551 as NFU
- - - - -
f81f60f9 by Moritz Muehlenhoff at 2022-12-25T19:50:14+01:00
new mediawiki issue
- - - - -
73685136 by Markus Koschany at 2022-12-25T20:12:28+01:00
CVE-2022-46393,mbedtls: Buster and Bullseye are not affected
The vulnerable code was introduced later
- - - - -
33d7a2d3 by Markus Koschany at 2022-12-25T20:12:29+01:00
CVE-2022-3109,ffmpeg: buster postponed
- - - - -
17c970e4 by Markus Koschany at 2022-12-25T20:12:30+01:00
LTS: add xorg-server to dla-needed.txt
- - - - -
0d394729 by Markus Koschany at 2022-12-25T20:12:31+01:00
CVE-2022-43272,dcmtk: buster / no-dsa
Minor issue
- - - - -
4916e729 by Markus Koschany at 2022-12-25T20:12:32+01:00
CVE-2021-4249,haskell-xml-conduit: buster no-dsa
Minor issue
- - - - -
636a6e4f by Markus Koschany at 2022-12-25T20:12:33+01:00
CVE-2021-4243,jquery-minicolors: buster is no-dsa
Minor issue
- - - - -
fa44a943 by Markus Koschany at 2022-12-25T20:12:34+01:00
CVE-2022-23527,libapache2-mod-auth-openidc: buster is no-dsa
Minor issue
- - - - -
d427ca54 by Markus Koschany at 2022-12-25T20:12:35+01:00
CVE-2020-36619,multimon-ng: buster is no-dsa
- - - - -
9c1906c5 by Markus Koschany at 2022-12-25T20:12:35+01:00
LTS: add nvidia-graphics-drivers to dla-needed.txt
- - - - -
52e7c0ab by Markus Koschany at 2022-12-25T20:12:36+01:00
CVE-2022-4427,buster: otrs2 no-dsa
- - - - -
81316d19 by Markus Koschany at 2022-12-25T20:12:37+01:00
CVE-2022-24439,python-git: buster is no-dsa
Minor issue
- - - - -
78da581b by Markus Koschany at 2022-12-25T20:12:38+01:00
wireshark,TEMP CVE, buster postponed
- - - - -
df69a44f by Markus Koschany at 2022-12-25T20:12:38+01:00
LTS: add exuberant-ctags to dla-needed.txt
- - - - -
ff882d66 by Markus Koschany at 2022-12-25T20:12:39+01:00
LTS: add libcommons-net-java to dla-needed.txt
- - - - -
b5e4733f by Markus Koschany at 2022-12-25T20:12:39+01:00
LTS: add libitext5-java to dla-needed.txt
- - - - -
f72541c0 by Markus Koschany at 2022-12-25T20:12:39+01:00
LTS: add libjettison-java to dla-needed.txt
- - - - -
f0874b72 by Markus Koschany at 2022-12-25T20:12:39+01:00
LTS: add netty to dla-needed.txt
- - - - -
174b3d71 by Markus Koschany at 2022-12-25T20:12:39+01:00
LTS: add xrdp to dla-needed.txt
- - - - -
42c380ea by Markus Koschany at 2022-12-25T20:22:56+01:00
LTS: add openimageio to dla-needed.txt
- - - - -
0c54e756 by Salvatore Bonaccorso at 2022-12-25T21:08:57+01:00
Track fixed version for CVE-2022-46149/rust-capnp via unstable
- - - - -
4eb03e48 by security tracker role at 2022-12-25T20:10:19+00:00
automatic update
- - - - -
9615bfc1 by Salvatore Bonaccorso at 2022-12-25T21:16:43+01:00
Process some NFUs
- - - - -
0809a673 by Salvatore Bonaccorso at 2022-12-25T21:34:11+01:00
Reference fix for CVE-2022-4515
- - - - -
c5cbe340 by Salvatore Bonaccorso at 2022-12-25T21:36:00+01:00
Add Debian bug reference for graphite-web issues
- - - - -
879d1c33 by Salvatore Bonaccorso at 2022-12-25T21:46:09+01:00
Refer to universal-ctags as well for CVE-2022-4515
- - - - -
bca9c459 by Salvatore Bonaccorso at 2022-12-25T22:06:41+01:00
Spit CVE-2022-37155 from the temporary entry for DSA-5190-1/spip
- - - - -
1779d907 by Salvatore Bonaccorso at 2022-12-25T22:09:21+01:00
Add Debian bug reference for CVE-2022-4515
- - - - -
05d5d72c by Markus Koschany at 2022-12-25T22:15:49+01:00
CVE-2022-46393,mbedtls: buster and bullseye are not affected
Correct wrong entry CVE-2022-46393 <-> CVE-2022-46392
- - - - -
d10f21d6 by Salvatore Bonaccorso at 2022-12-25T22:17:59+01:00
Add CVE-2022-23547/{asterik,ring,pjproject}
- - - - -
b896376e by Salvatore Bonaccorso at 2022-12-25T22:30:08+01:00
Add two new CVEs for BigBlueButton
- - - - -
cc28091e by Salvatore Bonaccorso at 2022-12-25T22:36:26+01:00
Update notes for CVE-2022-3854/ceph
- - - - -
38763b2d by Salvatore Bonaccorso at 2022-12-25T22:37:29+01:00
Process CVE-2022-0517 as NFU
- - - - -
5ba05416 by Salvatore Bonaccorso at 2022-12-25T22:39:38+01:00
Mark CVE-2021-31650 as NFU
- - - - -
3707a980 by Salvatore Bonaccorso at 2022-12-25T22:43:29+01:00
Add CVE-2021-4129/{firefox*,thunderbird} from mfsa2021-{52,53,54}
- - - - -
a1370ab8 by Markus Koschany at 2022-12-25T22:52:27+01:00
CVE-2022-46392,mbedtls: mark Buster as postponed
Minor issue because an attacker must be able to observe the victim performing a
single private-key operation / control the entire operating system which is very hard to achieve.
The vulnerable code is most likely in library/bignum.c
- - - - -
3d87aedf by Markus Koschany at 2022-12-26T00:27:38+01:00
Reserve DLA-3249-1 for mbedtls
- - - - -
fdb45b03 by Sylvain Beucler at 2022-12-26T07:02:18+01:00
dla: update tiff status
- - - - -
352308ae by security tracker role at 2022-12-26T08:10:12+00:00
automatic update
- - - - -
9e7d0009 by Salvatore Bonaccorso at 2022-12-26T09:22:36+01:00
Track fixed version for multipath-tools fixed via unstable
- - - - -
38f70bd6 by Salvatore Bonaccorso at 2022-12-26T09:40:34+01:00
Process some NFUs
- - - - -
6d17efd2 by Salvatore Bonaccorso at 2022-12-26T10:09:24+01:00
Add second batch of openimageio CVEs from TALOS reports
- - - - -
9a25fed9 by Chris Lamb at 2022-12-26T15:54:05+00:00
data/dla-needed.txt: Claim exuberant-ctags.
- - - - -
7409d936 by Salvatore Bonaccorso at 2022-12-26T20:58:26+01:00
Track fixed version via unstable for CVE-2022-4515
- - - - -
3aa1f0f6 by Salvatore Bonaccorso at 2022-12-26T21:01:18+01:00
Track fixed version via unstable for CVE-2022-45199/pillow
- - - - -
d9b2f7ff by Salvatore Bonaccorso at 2022-12-26T21:06:43+01:00
Process CVE-2022-23746 as NFU
- - - - -
520b91a2 by Salvatore Bonaccorso at 2022-12-26T21:07:31+01:00
Add CVE-2022-23526/helm-kubernetes
- - - - -
cf99561b by Salvatore Bonaccorso at 2022-12-26T21:09:08+01:00
Add CVE-2022-23513 as NFU
- - - - -
564b1d94 by security tracker role at 2022-12-26T20:10:26+00:00
automatic update
- - - - -
7c8d2b9c by Salvatore Bonaccorso at 2022-12-26T21:24:25+01:00
Process several NFUs
- - - - -
32feafcd by Salvatore Bonaccorso at 2022-12-26T21:29:14+01:00
Reference upstream commit for CVE-2022-38223/w3m
- - - - -
634e74a6 by Salvatore Bonaccorso at 2022-12-26T22:57:09+01:00
Process some NFUs
- - - - -
a02453fd by Salvatore Bonaccorso at 2022-12-26T22:57:39+01:00
Add CVE-2020-36627/golang-github-go-macaron-i18n
- - - - -
ddf1407c by Moritz Mühlenhoff at 2022-12-27T00:20:47+01:00
fix fixed version for tesla-45 upload in last bullseye point release
- - - - -
ec31670b by Moritz Mühlenhoff at 2022-12-27T00:59:21+01:00
systemd spu
- - - - -
bf153743 by Salvatore Bonaccorso at 2022-12-27T09:07:42+01:00
Add curl to dsa-needed list
- - - - -
11fadef7 by security tracker role at 2022-12-27T08:10:12+00:00
automatic update
- - - - -
82c45872 by Salvatore Bonaccorso at 2022-12-27T09:32:56+01:00
Take care of releasing Aron's gerbv update
- - - - -
d0196820 by Salvatore Bonaccorso at 2022-12-27T09:56:40+01:00
Process some NFUs
- - - - -
9ba68b7b by Salvatore Bonaccorso at 2022-12-27T09:57:06+01:00
Add two new CVEs for intellij-idea, itp'ed
- - - - -
9a8b64fc by Salvatore Bonaccorso at 2022-12-27T09:57:33+01:00
Add another batch of openimageio issues as reported by TALOS project
- - - - -
858241c3 by Salvatore Bonaccorso at 2022-12-27T14:20:54+01:00
Add note for multipath-tools in dsa-needed list
- - - - -
435588ce by Salvatore Bonaccorso at 2022-12-27T14:58:21+01:00
Reserve DSA number for gerbv update
- - - - -
756c5dbf by Salvatore Bonaccorso at 2022-12-27T15:33:10+01:00
Add CVE-2022-46175/node-json5
- - - - -
52c3a1e6 by Salvatore Bonaccorso at 2022-12-27T15:36:12+01:00
Add CVE-2021-35065/node-glob-parent
- - - - -
1a5e3bba by Stefano Rivera at 2022-12-27T12:02:25-04:00
Ignore CVE-2022-3287 for buster - vulnerable code was introduced later
- - - - -
ff193807 by Stefano Rivera at 2022-12-27T12:02:27-04:00
Take ceph
- - - - -
b5b0644f by Markus Koschany at 2022-12-27T17:14:55+01:00
CVE-2021-37533,libcommons-net-java: fixed in unstable
- - - - -
f914642e by Salvatore Bonaccorso at 2022-12-27T21:02:38+01:00
Reference upstream commit for CVE-2022-3996/openssl
- - - - -
0245ecc0 by security tracker role at 2022-12-27T20:10:27+00:00
automatic update
- - - - -
35c0b64e by Salvatore Bonaccorso at 2022-12-27T21:14:52+01:00
Add CVE-2022-3996/openssl bug reference
- - - - -
012fbc94 by Salvatore Bonaccorso at 2022-12-27T21:24:52+01:00
Process some NFUs
- - - - -
a8917734 by Salvatore Bonaccorso at 2022-12-27T21:26:45+01:00
Add CVE-2021-4287/binwalk
- - - - -
7695cf3a by Samuel Henrique at 2022-12-27T21:28:34+00:00
curl: Set CVE-2022-42916 and CVE-2022-43551 as not affected for buster and bullseye
curl doesn't build with the (at that time) experimental HSTS feature..
- - - - -
2e3d48cd by Ola Lundqvist at 2022-12-27T23:12:13+01:00
Marked first batch of CVEs for nvidia-graphics-drivers package as no-dsa for buster since non-free is not supported.
- - - - -
5956f9b4 by Ola Lundqvist at 2022-12-27T23:17:50+01:00
LTS: add emacs to dla-needed.txt
- - - - -
78a3d6a8 by Ola Lundqvist at 2022-12-27T23:24:23+01:00
Decided to postpone CVE-2022-47927 for buster followint the decision for bullseye.
- - - - -
7d5d0e57 by Ola Lundqvist at 2022-12-27T23:34:11+01:00
LTS: add tinymce to dla-needed.txt
- - - - -
5a538ccd by Samuel Henrique at 2022-12-27T22:39:15+00:00
curl: Mark CVE-2021-22923 and CVE-2021-22922 as not-affected
Since we don't build curl with metalink support.
Also improves explanation for CVE-2022-42916 and CVE-2022-43551 as
curl is not built with HSTS support (for buster and bullseye).
- - - - -
d2c2b240 by Ola Lundqvist at 2022-12-27T23:42:55+01:00
Marked second batch of CVEs for nvidia-graphics-drivers package as no-dsa for buster since non-free is not supported.
- - - - -
03e36bc5 by Ola Lundqvist at 2022-12-27T23:49:56+01:00
LTS: add apache2 to dla-needed.txt
- - - - -
4a728e13 by Ola Lundqvist at 2022-12-28T00:01:13+01:00
LTS: add openvswitch to dla-needed.txt
- - - - -
c0205320 by Moritz Mühlenhoff at 2022-12-28T00:09:34+01:00
bullseye triage
- - - - -
cd554c7b by Salvatore Bonaccorso at 2022-12-28T07:02:24+01:00
Mark CVE-2022-42916 and CVE-2022-43551 as ignored
Rationale: If HSTS support would have been disabled in all suites we
could use unimportant severity. As we track issues at source level and
HSTS support is enabled by default since 7.77 mark the issues as ignored
(as the issue is present). Not-affected would imply that the issue is
not present at source level.
- - - - -
f4291931 by Salvatore Bonaccorso at 2022-12-28T07:11:54+01:00
Correct state back to not-affected for two curl issues
- - - - -
60fcd0b7 by Salvatore Bonaccorso at 2022-12-28T07:13:49+01:00
Drop not-affected status for CVE-2021-2292{2,3}
Source is affected as the issues are present since 7.27.0. But as we do
not built with metalink support up to in all suites the issues are
already marked as unimportant.
- - - - -
4edb9d7e by Salvatore Bonaccorso at 2022-12-28T07:16:02+01:00
Associate CVE-2022-4556 bullseye's entry with sogo
- - - - -
d814d099 by Salvatore Bonaccorso at 2022-12-28T07:32:03+01:00
Mark CVE-2022-46392/mbedtls as no-dsa for bullseye
- - - - -
545ae59a by Salvatore Bonaccorso at 2022-12-28T07:32:47+01:00
Add CVE-2019-14802/nomad
- - - - -
02c0ba1e by Salvatore Bonaccorso at 2022-12-28T07:36:31+01:00
Remove notes for CVE-2022-45119 and CVE-2022-43503
I verified their status on cve.org database which now are marked as
REJECTED, which mean that the status to rejected will be included in
next automatic update of the tracker.
Move the status already ahead as verified manually.
Link: https://www.cve.org/CVERecord?id=CVE-2022-45119
Link: https://www.cve.org/CVERecord?id=CVE-2022-43503
- - - - -
2e770ba8 by Salvatore Bonaccorso at 2022-12-28T07:53:44+01:00
Update information form WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011
- - - - -
2700a56a by Salvatore Bonaccorso at 2022-12-28T07:54:56+01:00
Add webkit2gtk and wpewebkit to dsa-needed list
- - - - -
37f54598 by security tracker role at 2022-12-28T08:10:22+00:00
automatic update
- - - - -
5f717860 by Aron Xu at 2022-12-28T17:45:14+08:00
Claim trafficserver
- - - - -
ed2fb9bf by Salvatore Bonaccorso at 2022-12-28T10:47:49+01:00
Process some NFUs
- - - - -
fd7a2bcb by Salvatore Bonaccorso at 2022-12-28T10:48:17+01:00
Add note that maintainer was already asked for an update
- - - - -
eb91a048 by Aron Xu at 2022-12-28T21:31:19+08:00
Unclaim trafficserver
Put back since maintainer is preparing the update.
- - - - -
bddf705d by Moritz Mühlenhoff at 2022-12-28T14:50:00+01:00
new rust-prettytable-rs issue
openjdk-17 fixed in sid
- - - - -
7c8d3c12 by Moritz Mühlenhoff at 2022-12-28T17:24:27+01:00
add python-git reference
- - - - -
6b62a408 by Moritz Mühlenhoff at 2022-12-28T17:41:58+01:00
bugnums
- - - - -
14999e71 by Moritz Mühlenhoff at 2022-12-28T18:31:05+01:00
bugnums
- - - - -
cfbae1f7 by Moritz Mühlenhoff at 2022-12-28T18:46:13+01:00
vim fixed in sid
bugnums
- - - - -
96f9432b by Moritz Mühlenhoff at 2022-12-28T19:11:18+01:00
bugnums
record protobuf fix in sid
mark png report as non issue
- - - - -
bb3db33c by Moritz Mühlenhoff at 2022-12-28T19:57:37+01:00
bugnums
- - - - -
50634cc8 by Salvatore Bonaccorso at 2022-12-28T20:45:42+01:00
Add Debian bug reference for CVE-2021-3574/imagemagick
- - - - -
5a7d349f by Salvatore Bonaccorso at 2022-12-28T20:51:29+01:00
Add Debian bug reference for CVE-2022-43272/dcmtk
- - - - -
99b910c0 by security tracker role at 2022-12-28T20:10:19+00:00
automatic update
- - - - -
b3a18de5 by Salvatore Bonaccorso at 2022-12-28T21:16:30+01:00
Process one NFU
- - - - -
29204586 by Salvatore Bonaccorso at 2022-12-28T21:24:44+01:00
Process some NFUs
- - - - -
33ddb128 by Moritz Mühlenhoff at 2022-12-29T00:08:42+01:00
bugnums
- - - - -
62a895df by Moritz Mühlenhoff at 2022-12-29T01:58:39+01:00
add commit reference for libetpan
- - - - -
51e967f0 by Chris Lamb at 2022-12-29T06:47:21+00:00
data/dla-needed.txt: Claim emacs.
- - - - -
83f0edbb by security tracker role at 2022-12-29T08:10:12+00:00
automatic update
- - - - -
6afe13cc by Salvatore Bonaccorso at 2022-12-29T09:16:17+01:00
Remove notes from now rejected CVE (former usememos)
- - - - -
990b8574 by Salvatore Bonaccorso at 2022-12-29T09:29:40+01:00
Process some NFUs
- - - - -
d2d21cbc by Salvatore Bonaccorso at 2022-12-29T09:32:11+01:00
Process some NFUs
- - - - -
95ec401b by Salvatore Bonaccorso at 2022-12-29T10:17:27+01:00
Record upstream commits for CVE-2022-1949/389-ds-base
- - - - -
17e63f52 by Salvatore Bonaccorso at 2022-12-29T10:20:33+01:00
Record upstream tag commit for CVE-2022-2850
- - - - -
c5084ee4 by Moritz Mühlenhoff at 2022-12-29T10:56:55+01:00
golang-github-containers-psgo spu
- - - - -
306e93e5 by Tobias Frost at 2022-12-29T11:18:27+01:00
Reserve DLA-3250-1 for multipath-tools
- - - - -
8ed6975a by Salvatore Bonaccorso at 2022-12-29T11:19:04+01:00
Reference new place of upstream issue for CVE-2021-34434/mosquitto
- - - - -
79d1e23e by Salvatore Bonaccorso at 2022-12-29T11:25:56+01:00
CVE-2021-41039: reference location of upstream issue on gitlab instance
- - - - -
593e4f16 by Moritz Mühlenhoff at 2022-12-29T12:54:53+01:00
jython fixed in sid
- - - - -
07229bd9 by Salvatore Bonaccorso at 2022-12-29T13:50:55+01:00
Reference upstream commit for CVE-2022-3479/nss
- - - - -
76631ff0 by Salvatore Bonaccorso at 2022-12-29T14:00:02+01:00
Update information for CVE-2022-433{7,8}/openvswitch
- - - - -
6f4ed828 by Salvatore Bonaccorso at 2022-12-29T14:30:06+01:00
Add reference to upstream issue for CVE-2022-26635/php-memcached
- - - - -
d24b6a0e by Salvatore Bonaccorso at 2022-12-29T14:31:23+01:00
Add Debian bug reference for two openvswitch issues
- - - - -
3748b8c6 by Tobias Frost at 2022-12-29T16:38:00+01:00
CVE-2021-34145 - CVE-2021-34148 in bluez-firmware have been introduced only later, after bullseye release.
- - - - -
19a81386 by Salvatore Bonaccorso at 2022-12-29T16:55:43+01:00
Adjust version information for bluez-firmware
The change between 1.2-4 and 1.2-5 did not contain any updates for
firmware files. Actually 1.2-6 introduce the firmware of Cypress for
Raspberry Pi.
Link: https://salsa.debian.org/bluetooth-team/bluez-firmware/-/commit/1ab230d88ed3dcd871b31810b68fb5eb960801e9
- - - - -
55ab53f7 by Salvatore Bonaccorso at 2022-12-29T17:31:01+01:00
Add Debian bug reference for rust-prettytable-rs issue
- - - - -
62bb487b by Moritz Muehlenhoff at 2022-12-29T19:46:56+01:00
cakephp,libyang removed
- - - - -
f357ae6b by Salvatore Bonaccorso at 2022-12-29T20:50:59+01:00
Mark phamm as removed from unstable
- - - - -
0b7e017b by Salvatore Bonaccorso at 2022-12-29T20:51:46+01:00
Mark phamm as removed from the archive in every supported suite
- - - - -
162e929b by Salvatore Bonaccorso at 2022-12-29T20:52:48+01:00
Mark libapache2-mod-ruid2 as removed from everywhere supported
- - - - -
7d96d3c5 by Salvatore Bonaccorso at 2022-12-29T21:01:41+01:00
Downgrade severity for CVE-2021-45346/sqlite3
- - - - -
ce31cdfb by Markus Koschany at 2022-12-29T21:04:46+01:00
Claim hsqldb in dsa-needed.txt
- - - - -
1621c56a by security tracker role at 2022-12-29T20:10:25+00:00
automatic update
- - - - -
c910e652 by Salvatore Bonaccorso at 2022-12-29T21:13:01+01:00
Process some NFUs
- - - - -
d571985a by Salvatore Bonaccorso at 2022-12-29T21:13:01+01:00
Replace assignment name
- - - - -
a48f466e by Salvatore Bonaccorso at 2022-12-29T21:17:04+01:00
Add CVE-2022-4843/radare2
- - - - -
777fe5ed by Salvatore Bonaccorso at 2022-12-29T21:18:26+01:00
Track fixed version for CVE-2020-28589/tinyobjloader via unstable
- - - - -
5598d05b by Salvatore Bonaccorso at 2022-12-29T21:29:51+01:00
Remove notes from CVE-2022-44721 (rejected by assigning CNA as duplicate)
- - - - -
56eebf2c by Salvatore Bonaccorso at 2022-12-29T21:37:57+01:00
Process some NFUs
- - - - -
2ca527e7 by Markus Koschany at 2022-12-29T21:39:10+01:00
Reserve DLA-3251-1 for libcommons-net-java
- - - - -
4d954b74 by Salvatore Bonaccorso at 2022-12-29T21:40:09+01:00
Track fixed version for CVE-2022-4121 via unstable
- - - - -
b400d7ca by Salvatore Bonaccorso at 2022-12-29T21:41:33+01:00
Remove notes from CVE-2022-23967 (duplicate of CVE-2019-15679)
- - - - -
f9345f84 by Markus Koschany at 2022-12-29T21:46:39+01:00
Claim libjettison-java, libitext5-java and netty and dla-needed.txt
- - - - -
9f62c0be by Markus Koschany at 2022-12-29T22:08:33+01:00
Reserve DSA-5307-1 libcommons-net-java
- - - - -
58fded44 by Ola Lundqvist at 2022-12-29T22:33:26+01:00
Marked CVE-2021-35065 as no-dsa for buster following decision for bullseye.
- - - - -
5dd44285 by Ola Lundqvist at 2022-12-29T22:33:28+01:00
Marked CVE-2022-46175 as no-dsa for buster following decision for bullseye.
- - - - -
962c76c0 by Ola Lundqvist at 2022-12-29T22:33:29+01:00
Marked CVE-2022-4556 and CVE-2022-4558 as no-dsa for buster following decision for bullseye.
- - - - -
91024c58 by Ola Lundqvist at 2022-12-29T22:33:29+01:00
LTS: add webkit2gtk to dla-needed.txt
- - - - -
47aa5469 by Thorsten Alteholz at 2022-12-30T00:31:14+01:00
claim mplayer
- - - - -
6b7d9d01 by Thorsten Alteholz at 2022-12-30T02:26:05+01:00
claim xorg-server
- - - - -
781e1d6a by Salvatore Bonaccorso at 2022-12-30T07:30:21+01:00
Add CVE-2022-4842/linux
- - - - -
bf46d04d by Salvatore Bonaccorso at 2022-12-30T07:49:56+01:00
Process CVE-2014-125026 as NFU
- - - - -
e3857b6f by Chris Lamb at 2022-12-30T06:54:32+00:00
data/dla-needed.txt: Claim openvswitch.
- - - - -
763fd456 by Salvatore Bonaccorso at 2022-12-30T08:33:54+01:00
Add commit references for CVE-2022-4479{2,3}/net-snmp
- - - - -
221d1919 by security tracker role at 2022-12-30T08:10:17+00:00
automatic update
- - - - -
68e8a4be by Salvatore Bonaccorso at 2022-12-30T09:25:24+01:00
Process some NFUs
- - - - -
408f7bf9 by Salvatore Bonaccorso at 2022-12-30T09:26:48+01:00
Add CVE-2018-25052/libcatalyst-plugin-session-perl
- - - - -
0c49b582 by Salvatore Bonaccorso at 2022-12-30T09:28:04+01:00
Add two more openimageio issues
- - - - -
d02f76c4 by Henri Salo at 2022-12-30T13:18:57+02:00
NFU
- - - - -
ed307d1a by Salvatore Bonaccorso at 2022-12-30T14:49:25+01:00
Process some NFUs
- - - - -
00ddf671 by Ola Lundqvist at 2022-12-30T15:15:02+01:00
LTS: add graphite-web to dla-needed.txt
- - - - -
3dfa2782 by Ola Lundqvist at 2022-12-30T15:15:03+01:00
Marked CVE-2020-36627 as no-dsa for buster.
- - - - -
8c9a9ecd by Salvatore Bonaccorso at 2022-12-30T16:15:01+01:00
Track fixed version for CVE-2022-22728 via unstable
It is still unclear which changes fixes the issue, the advisory though
indicate 2.17 contains the fixes. Track it as fixed version following
the upload.
- - - - -
c7432fdb by Salvatore Bonaccorso at 2022-12-30T17:14:41+01:00
Process several NFUs
- - - - -
0f3a0e1f by Salvatore Bonaccorso at 2022-12-30T17:15:29+01:00
Add CVE-2022-2582/golang-github-aws-aws-sdk-go
- - - - -
952972e2 by Salvatore Bonaccorso at 2022-12-30T17:16:09+01:00
Add CVE-2022-36437/hazelcast, itp'ed
- - - - -
5f3c8487 by Salvatore Bonaccorso at 2022-12-30T17:16:49+01:00
Add CVE-2022-31746/firefox (mfsa2022-27)
- - - - -
82985c77 by Salvatore Bonaccorso at 2022-12-30T17:19:09+01:00
Add CVE-2022-23467/openrazer
- - - - -
cfe6e7dd by Salvatore Bonaccorso at 2022-12-30T17:23:19+01:00
Add CVE-2022-23491/python-certifi
- - - - -
3a790ea1 by Salvatore Bonaccorso at 2022-12-30T17:25:55+01:00
Add CVE-2022-23537/{asterisk,ring,pjproject}
- - - - -
c52a33df by Salvatore Bonaccorso at 2022-12-30T17:28:43+01:00
Add CVE-2021-4221/firefox
- - - - -
3537217d by Salvatore Bonaccorso at 2022-12-30T17:32:38+01:00
Add CVE-2020-36567/golang-github-gin-gonic-gin
- - - - -
77cc1476 by Salvatore Bonaccorso at 2022-12-30T17:35:27+01:00
Add CVE-2022-41966/libxstream-java
- - - - -
cff0496e by Ola Lundqvist at 2022-12-30T19:45:17+01:00
Marked CVE-2022-23467 as no-dsa since physical access is necessary to exploit the vulnerability.
- - - - -
5619a1ac by Salvatore Bonaccorso at 2022-12-30T20:57:21+01:00
Process one NFU
- - - - -
6073ec15 by security tracker role at 2022-12-30T20:10:34+00:00
automatic update
- - - - -
0dd69d71 by Salvatore Bonaccorso at 2022-12-30T21:16:35+01:00
Process some NFUs
- - - - -
7f8092a4 by Salvatore Bonaccorso at 2022-12-30T21:17:32+01:00
Add CVE-2018-25060/golang-github-go-macaron-csrf
- - - - -
d0b680ec by Salvatore Bonaccorso at 2022-12-30T21:36:34+01:00
Process CVE-2019-9579 as NFU
- - - - -
f84bf4c8 by Salvatore Bonaccorso at 2022-12-30T21:41:45+01:00
Add note on webkit2gtk in dla-needed list
- - - - -
b6b6cb03 by Alberto Garcia at 2022-12-31T01:15:58+01:00
webkit2gtk DSA-5308-1 and wpewebkit DSA-5309-1
- - - - -
d072b919 by Guilhem Moulin at 2022-12-31T01:22:42+01:00
LTS: claim node-loader-utils in dla-needed.txt
- - - - -
c331f310 by Guilhem Moulin at 2022-12-31T01:35:15+01:00
Mark CVE-2022-{37599,37603} as not affecting buster.
- - - - -
cbc43eee by Guilhem Moulin at 2022-12-31T01:56:18+01:00
Reserve DLA-3252-1 for cacti
- - - - -
d327ae85 by security tracker role at 2022-12-31T08:10:11+00:00
automatic update
- - - - -
d69187d7 by Salvatore Bonaccorso at 2022-12-31T09:23:04+01:00
Process some NFUs
- - - - -
8e299879 by Salvatore Bonaccorso at 2022-12-31T09:28:28+01:00
Add CVE-2022-4864/froxlor, itp'ed
- - - - -
d68e33b3 by Salvatore Bonaccorso at 2022-12-31T09:29:41+01:00
Associate some NFUs with itp entry for froxlor
- - - - -
fe79fd33 by Salvatore Bonaccorso at 2022-12-31T09:39:56+01:00
Process some NFUs
- - - - -
c287799c by Salvatore Bonaccorso at 2022-12-31T10:10:50+01:00
Add references for commits for CVE-2021-3638/qemu
- - - - -
dab4dd6d by Salvatore Bonaccorso at 2022-12-31T10:36:35+01:00
Reserve DSA number for ruby-image-processing update
- - - - -
8e90802f by Markus Koschany at 2022-12-31T11:30:13+01:00
CVE-2022-40150, CVE-2022-45685, CVE-2022-45693,libjettison-java: fixed in
unstable
- - - - -
241b327c by Chris Lamb at 2022-12-31T11:23:25+00:00
Reserve DLA-3253-1 for openvswitch
- - - - -
b797ded2 by Chris Lamb at 2022-12-31T11:46:04+00:00
Reserve DLA-3254-1 for exuberant-ctags
- - - - -
329ddfd6 by Thorsten Alteholz at 2022-12-31T13:32:31+01:00
Reserve DLA-3255-1 for mplayer
- - - - -
4d7fba62 by Thorsten Alteholz at 2022-12-31T13:43:33+01:00
Reserve DLA-3256-1 for xorg-server
- - - - -
460da0a2 by Chris Lamb at 2022-12-31T12:44:48+00:00
Reserve DLA-3257-1 for emacs
- - - - -
9aae874e by Ola Lundqvist at 2022-12-31T14:18:15+01:00
Marked CVE-2020-36367 as no-dsa since it is a minor issue.
- - - - -
975b5e3f by Ola Lundqvist at 2022-12-31T14:24:31+01:00
Marked CVE-2018-25060 as no-dsa for buster since it is a minor issue.
- - - - -
03ff8af0 by Ola Lundqvist at 2022-12-31T14:28:50+01:00
LTS: add libxstream-java to dla-needed.txt
- - - - -
7535cac9 by Ola Lundqvist at 2022-12-31T14:34:02+01:00
LTS: add 389-ds-base to dla-needed.txt
- - - - -
62569b8c by Ola Lundqvist at 2022-12-31T14:36:54+01:00
LTS: add python-oslo.privsep to dla-needed.txt
- - - - -
f224115f by Ola Lundqvist at 2022-12-31T14:43:44+01:00
Marked CVE-2019-25078 as no-dsa for buster. Minor issue.
- - - - -
57fcc46b by Ola Lundqvist at 2022-12-31T14:54:29+01:00
Marked CVE-2022-23520, CVE-2022-23519 and CVE-2022-23517 as no-dsa or postponed for bustser.
- - - - -
eaa7ac3f by Ola Lundqvist at 2022-12-31T14:59:56+01:00
Marked CVE-2022-23514 and CVE-2022-23516 as no-dsa for buster.
- - - - -
6b93acdc by Ola Lundqvist at 2022-12-31T15:00:19+01:00
LTS: add ruby-loofah to dla-needed.txt
- - - - -
aaef304f by Ola Lundqvist at 2022-12-31T15:00:50+01:00
LTS: add ruby-rails-html-sanitizer to dla-needed.txt
- - - - -
4bae6fd2 by Ola Lundqvist at 2022-12-31T15:06:01+01:00
Marked CVE-2020-23599 as no-dsa for buster.
- - - - -
335f5b24 by Ola Lundqvist at 2022-12-31T15:15:31+01:00
LTS: add ruby-sidekiq to dla-needed.txt
- - - - -
9ff425fd by Ola Lundqvist at 2022-12-31T15:15:42+01:00
LTS: add ruby-sinatra to dla-needed.txt
- - - - -
1c7dc42e by Salvatore Bonaccorso at 2022-12-31T16:55:17+01:00
Merge notes in dla-needed referring to ruby-sidekiq
Fixes: 5ef178c97007 ("Merge notes in dla-needed referring to ruby-sidekiq")
- - - - -
2b698bb1 by Guilhem Moulin at 2022-12-31T17:18:20+01:00
Reserve DLA-3258-1 for node-loader-utils
- - - - -
b3a5378a by Markus Koschany at 2022-12-31T18:17:33+01:00
Reserve DLA-3259-1 for libjettison-java
- - - - -
926036c6 by Guilhem Moulin at 2022-12-31T18:52:13+01:00
LTS: claim node-xmldom in dla-needed.txt
- - - - -
0fcf4f9d by Abhijith PA at 2022-12-31T23:52:54+05:30
data/dla-needed.txt: claim xrdp
- - - - -
25ed095d by security tracker role at 2022-12-31T20:10:17+00:00
automatic update
- - - - -
ba64b273 by Salvatore Bonaccorso at 2022-12-31T21:18:11+01:00
Add two CVes for froxlor, itp'ed
- - - - -
e961d2fb by Salvatore Bonaccorso at 2022-12-31T21:18:52+01:00
Process some NFUs
- - - - -
51e35d25 by security tracker role at 2023-01-01T08:10:11+00:00
automatic update
- - - - -
a99f561e by Salvatore Bonaccorso at 2023-01-01T10:23:36+01:00
Process two NFUs
- - - - -
b6ea994f by Salvatore Bonaccorso at 2023-01-01T10:30:20+01:00
Drop some TODO items for CVEs meant to be REJECTED
The assigning CNA (Altassian) has only updated the description for some
reason but not properly marked the CVEs as REJECTED. For now associate
them with a NFU for Atlassian, which hopefully propagates soon to a
clean rejected entry.
- - - - -
c62e0807 by Ola Lundqvist at 2023-01-01T14:58:17+01:00
LTS: add snakeyaml to dla-needed.txt
- - - - -
fb87e8e5 by Ola Lundqvist at 2023-01-01T15:04:54+01:00
Reverted d2c2b240ffcc27edbc1008b66866fe49a62457dd since it is unclear whether nvidia drivers are supported in buster or not.
- - - - -
f1f6f5eb by Ola Lundqvist at 2023-01-01T15:07:09+01:00
Reverted 2e3d48cd6e6cb00f6d7dcc2adb7a7ad9e49ad6a5 sicne it is unclear whether nvidia drivers are supported in buster or not.
- - - - -
a4dfbae2 by Ola Lundqvist at 2023-01-01T15:12:42+01:00
LTS: add nheko to dla-needed.txt
- - - - -
33e39279 by Ola Lundqvist at 2023-01-01T15:18:44+01:00
Marked CVE-2022-39209 and CVE-2022-24724 as no-dsa for buster following the same line as other packages in the same CVEs.
- - - - -
264fbf07 by Ola Lundqvist at 2023-01-01T15:22:42+01:00
LTS: add smarty3 to dla-needed.txt
- - - - -
661a7231 by Salvatore Bonaccorso at 2023-01-01T17:21:07+01:00
Add CVE-2022-3341/ffmpeg
- - - - -
ffcb381a by Guilhem Moulin at 2023-01-01T17:49:36+01:00
Reserve DLA-3260-1 for node-xmldom
- - - - -
1b6534f1 by Salvatore Bonaccorso at 2023-01-01T17:59:02+01:00
Process some NFUs
- - - - -
c4a685e5 by Markus Koschany at 2023-01-01T19:07:24+01:00
CVE-2022-41881,netty: Link to fixing commit
- - - - -
18eefb99 by Markus Koschany at 2023-01-01T19:10:06+01:00
CVE-2022-41915,netty: Link to fixing commit
- - - - -
95d4d60c by Salvatore Bonaccorso at 2023-01-01T20:53:42+01:00
Track fixed version via unstable for CVE-2018-109{8,9}/etcd
- - - - -
1ced87e7 by Salvatore Bonaccorso at 2023-01-01T21:08:30+01:00
Track fixed version via unstable for CVE-2022-46175/node-json5
- - - - -
eca7adfc by security tracker role at 2023-01-01T20:10:35+00:00
automatic update
- - - - -
c1d1e9a7 by Salvatore Bonaccorso at 2023-01-01T21:16:01+01:00
Process some NFUs
- - - - -
9871529d by Stefano Rivera at 2023-01-01T18:00:10-04:00
buster isn't affected by CVE-2020-27839
- - - - -
9dcadd10 by Markus Koschany at 2023-01-01T23:16:55+01:00
CVE-2021-37136,CVE-2021-37137,CVE-2021-43797,CVE-2022-41881,CVE-2022-41915,netty
fixed in unstable
- - - - -
3ebdc0cf by Salvatore Bonaccorso at 2023-01-02T07:29:01+01:00
Add CVE-2023-0030/linux
- - - - -
ee621025 by Salvatore Bonaccorso at 2023-01-02T07:32:30+01:00
Add CVE-2022-47952/lxc
- - - - -
f13c457b by Salvatore Bonaccorso at 2023-01-02T07:36:18+01:00
Add additionally git tag information for two upstream commits
- - - - -
5997f2aa by Chris Lamb at 2023-01-02T07:06:40+00:00
data/dla-needed.txt: Claim smarty3.
- - - - -
9707578c by Chris Lamb at 2023-01-02T07:10:09+00:00
data/dla-needed.txt: Claim ruby-sinatra.
- - - - -
75cfb7db by security tracker role at 2023-01-02T08:10:16+00:00
automatic update
- - - - -
f09028b9 by Salvatore Bonaccorso at 2023-01-02T10:30:38+01:00
Process two NFUs
- - - - -
807118d1 by Salvatore Bonaccorso at 2023-01-02T11:13:19+01:00
Clarify that webkit2gtk has been uploaded and needs the DLA
- - - - -
40fe39be by Salvatore Bonaccorso at 2023-01-02T11:23:02+01:00
Reference upstream commit for CVE-2021-39359/libgda5
- - - - -
7a362bc6 by Salvatore Bonaccorso at 2023-01-02T15:29:02+01:00
Track upstream commit for CVE-2021-3468/avahi
- - - - -
9c926fc4 by Stefano Rivera at 2023-01-02T10:55:47-04:00
More triage of current ceph issues
- - - - -
e9c98e73 by Salvatore Bonaccorso at 2023-01-02T20:54:12+01:00
Update information for CVE-2022-40151 and CVE-2022-40152
Clarified status, CVE-2022-40151 is for x-stream, while CVE-2022-40152
is related to Woodstox.
- - - - -
da7114af by Salvatore Bonaccorso at 2023-01-02T20:59:59+01:00
Add additional references for CVE-2022-40151 and CVE-2022-40152
- - - - -
0d29459d by Salvatore Bonaccorso at 2023-01-02T21:03:08+01:00
Add commit reference for CVE-2022-41966
- - - - -
faca8f83 by security tracker role at 2023-01-02T20:10:25+00:00
automatic update
- - - - -
d5661ee2 by Salvatore Bonaccorso at 2023-01-02T21:11:26+01:00
Add Debian bug reference for CVE-2022-41966/libxstream-java
- - - - -
24bdb7da by Salvatore Bonaccorso at 2023-01-03T07:39:37+01:00
Track fixed version for two net-snmp issues via unstable
- - - - -
7d877681 by Salvatore Bonaccorso at 2023-01-03T07:52:01+01:00
Add project-zero reference for CVE-2022-41912
- - - - -
27974933 by Moritz Muehlenhoff at 2023-01-03T08:42:16+01:00
add old firefox/thunderbird issue
- - - - -
118c00f1 by security tracker role at 2023-01-03T08:10:16+00:00
automatic update
- - - - -
00797c96 by Salvatore Bonaccorso at 2023-01-03T09:47:43+01:00
Process some NFUs
- - - - -
b3be6a11 by Anton Gladky at 2023-01-03T10:01:11+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
93835a51 by Vincent Cheng at 2023-01-03T09:40:31+00:00
register embedded code copy of tolua++ in conky 1.17+
- - - - -
3aaa3b8d by Salvatore Bonaccorso at 2023-01-03T10:57:03+01:00
Move note down as it belongs to conky
- - - - -
b21c5902 by Salvatore Bonaccorso at 2023-01-03T13:13:28+01:00
Track fixed version for openvswitch issues via unstable
- - - - -
95c21213 by Salvatore Bonaccorso at 2023-01-03T14:27:24+01:00
Track fixed version for CVE-2021-41039/mosquitto via unstable
- - - - -
ef48ec50 by Stefano Rivera at 2023-01-03T10:38:10-04:00
Link to the commit that introduced the issue
- - - - -
f714da2f by Guilhem Moulin at 2023-01-03T15:48:14+01:00
LTS: claim net-snmp in dla-needed.txt
- - - - -
98fdc069 by Moritz Muehlenhoff at 2023-01-03T16:30:37+01:00
bullseye triage
- - - - -
ec26a836 by Roberto C. Sánchez at 2023-01-03T10:55:51-05:00
LTS: reclaim curl, update notes in dla-needed.txt
- - - - -
a8cbccce by Moritz Muehlenhoff at 2023-01-03T17:25:11+01:00
NFUs
- - - - -
68ac2d82 by Moritz Muehlenhoff at 2023-01-03T17:35:12+01:00
NFUs
- - - - -
7ffc3664 by Moritz Muehlenhoff at 2023-01-03T17:45:50+01:00
bugnums
- - - - -
a6e5d8a2 by Sylvain Beucler at 2023-01-03T18:24:21+01:00
dla: update nvidia status
- - - - -
bfd67edc by Sylvain Beucler at 2023-01-03T18:45:42+01:00
CVE-2022-3341/ffmpeg: buster postponed + fix-up version comment in other recent ffmpeg entries
- - - - -
902a0125 by Sylvain Beucler at 2023-01-03T20:38:09+01:00
CVE-2022-*/nvidia-graphics-drivers-legacy-340xx: buster ignored
- - - - -
3cd25e2e by security tracker role at 2023-01-03T20:10:26+00:00
automatic update
- - - - -
ce44d3df by Salvatore Bonaccorso at 2023-01-03T21:12:22+01:00
Process some NFUs
- - - - -
a1b705fb by Salvatore Bonaccorso at 2023-01-03T21:17:10+01:00
Process some NFUs
- - - - -
24532e8f by Salvatore Bonaccorso at 2023-01-03T21:35:08+01:00
Add CVE-2023-22456/viewvc
- - - - -
6fffd210 by Salvatore Bonaccorso at 2023-01-03T21:46:48+01:00
Add CVE-2022-45143/tomcat
- - - - -
44d06a8b by Salvatore Bonaccorso at 2023-01-03T21:47:48+01:00
Drop trailing whitespaces on some notes
- - - - -
a9040507 by Salvatore Bonaccorso at 2023-01-03T22:03:38+01:00
Add CVE-2022-4025/chromium
- - - - -
dadd03bd by Salvatore Bonaccorso at 2023-01-03T22:08:40+01:00
Add CVE-2022-3863/chromium
- - - - -
7a5d4909 by Salvatore Bonaccorso at 2023-01-03T22:10:50+01:00
Add CVE-2022-3842/chromium
- - - - -
f73bd13b by Salvatore Bonaccorso at 2023-01-03T22:13:56+01:00
Process some NFUs
- - - - -
51044bc6 by Salvatore Bonaccorso at 2023-01-04T06:57:55+01:00
Track fixed version for frr issues via unstable
- - - - -
78cf17c9 by Salvatore Bonaccorso at 2023-01-04T07:01:30+01:00
Add upstream references for CVE-2022-37035/frr
- - - - -
db1c6f02 by security tracker role at 2023-01-04T08:10:15+00:00
automatic update
- - - - -
47ef6b65 by Salvatore Bonaccorso at 2023-01-04T09:27:54+01:00
Process one NFU
- - - - -
faa4fdfb by Salvatore Bonaccorso at 2023-01-04T09:30:41+01:00
Process some NFUs
- - - - -
c33d95f1 by Chris Lamb at 2023-01-04T08:32:34+00:00
data/dla-needed.txt: Claim libetpan.
- - - - -
53d75862 by Salvatore Bonaccorso at 2023-01-04T09:45:19+01:00
Add CVE-2023-20928/linux
- - - - -
d95ee4d5 by Moritz Muehlenhoff at 2023-01-04T11:20:07+01:00
"new" gdvb issue
- - - - -
920f7ead by Moritz Muehlenhoff at 2023-01-04T12:30:21+01:00
NFUs
- - - - -
d43dfe62 by Moritz Muehlenhoff at 2023-01-04T12:31:09+01:00
dcmtk fixed in sid
- - - - -
c206e26c by Salvatore Bonaccorso at 2023-01-04T16:03:05+01:00
Add CVE-2023-22464/viewvc and update reference for CVE-2023-22456
- - - - -
f4a0cfa2 by Sylvain Beucler at 2023-01-04T18:23:24+01:00
CVE-2019-25085/glib2.0: buster not-affected
- - - - -
756a4a93 by Salvatore Bonaccorso at 2023-01-04T19:56:47+01:00
Adjust reference for glib2.0 commit for CVE-2019-25085
- - - - -
d7d44214 by Sylvain Beucler at 2023-01-04T20:02:17+01:00
LTS: add viewvc to dla-needed.txt
- - - - -
d8fd7e99 by security tracker role at 2023-01-04T20:10:20+00:00
automatic update
- - - - -
0a25f202 by Salvatore Bonaccorso at 2023-01-04T21:18:28+01:00
Process some NFUs
- - - - -
174af14c by Salvatore Bonaccorso at 2023-01-04T21:31:30+01:00
Add CVE-2023-00{54,51,49}/vim
- - - - -
334471e2 by Salvatore Bonaccorso at 2023-01-04T22:23:59+01:00
Process some NFUs
- - - - -
6d80b678 by Salvatore Bonaccorso at 2023-01-05T07:06:40+01:00
Add reference for CVE-2022-4178/chromium
- - - - -
1f595766 by Salvatore Bonaccorso at 2023-01-05T07:16:00+01:00
Add CVE-2022-31631/php
- - - - -
2d4fadba by Salvatore Bonaccorso at 2023-01-05T07:21:45+01:00
Add CVE-2022-41861/freeradius
- - - - -
7a854d1d by Salvatore Bonaccorso at 2023-01-05T07:26:30+01:00
Add CVE-2022-41860/freeradius
- - - - -
9c7ccd66 by Salvatore Bonaccorso at 2023-01-05T07:57:28+01:00
Add CVE-2017-20146/golang-github-gorilla-handlers
- - - - -
99427ed5 by Salvatore Bonaccorso at 2023-01-05T07:58:48+01:00
Add CVE-2023-0044 as NFU
- - - - -
2d22a706 by Salvatore Bonaccorso at 2023-01-05T08:05:20+01:00
Add CVE-2023-0047/linux
- - - - -
b06244da by security tracker role at 2023-01-05T08:10:21+00:00
automatic update
- - - - -
7c533b24 by Salvatore Bonaccorso at 2023-01-05T09:33:09+01:00
Process some NFUs
- - - - -
6117b5b6 by Moritz Muehlenhoff at 2023-01-05T12:19:30+01:00
bullseye triage
- - - - -
8d7f7db5 by Sylvain Beucler at 2023-01-05T14:08:11+01:00
CVE-2021-33621/ruby*: fix patch version
- - - - -
2041dd5f by Salvatore Bonaccorso at 2023-01-05T14:56:21+01:00
Update status for CVE-2021-36081/tesseract
- - - - -
77d8152f by Moritz Muehlenhoff at 2023-01-05T16:17:16+01:00
NFUs
- - - - -
d4f81d80 by Salvatore Bonaccorso at 2023-01-05T16:22:30+01:00
Update information for CVE-2022-31631/php
- - - - -
8f1cd9c7 by Moritz Muehlenhoff at 2023-01-05T17:31:39+01:00
add more information to freeradius issues
- - - - -
f0c711cf by Sylvain Beucler at 2023-01-05T17:57:58+01:00
dla: check bullseye 11.6 updates
- - - - -
e143b31f by Chris Lamb at 2023-01-05T17:00:57+00:00
Reserve DLA-3261-1 for libetpan
- - - - -
2a3dda01 by Sylvain Beucler at 2023-01-05T18:12:41+01:00
dla: add fig2dev
- - - - -
19a48e04 by Chris Lamb at 2023-01-05T17:40:52+00:00
Reserve DLA-3262-1 for smarty3
- - - - -
ae5c4d76 by security tracker role at 2023-01-05T20:10:18+00:00
automatic update
- - - - -
c3ea7ee5 by Salvatore Bonaccorso at 2023-01-05T21:19:02+01:00
Process some NFUs
- - - - -
144ab1ec by Salvatore Bonaccorso at 2023-01-05T21:34:58+01:00
Process some NFUs
- - - - -
a697ea9b by Salvatore Bonaccorso at 2023-01-05T21:37:25+01:00
Add CVE-2019-2509{6,7,8}/extplorer
- - - - -
cd8270d0 by Salvatore Bonaccorso at 2023-01-06T06:17:45+01:00
Track fixed version for CVE-2022-2347/u-boot via unstable
- - - - -
e2a72244 by Salvatore Bonaccorso at 2023-01-06T06:38:19+01:00
Add CVE-2021-4235/golang-yaml.v2
- - - - -
6f23468c by Salvatore Bonaccorso at 2023-01-06T07:09:15+01:00
Add CVE-2023-0091 as NFU
- - - - -
78290382 by Salvatore Bonaccorso at 2023-01-06T07:42:31+01:00
Process some NFUs
- - - - -
52718548 by Henri Salo at 2023-01-06T09:38:17+02:00
NFU
- - - - -
c725884f by security tracker role at 2023-01-06T08:10:16+00:00
automatic update
- - - - -
dfd0f3bc by Chris Lamb at 2023-01-06T09:18:27+00:00
data/dla-needed.txt: Claim libtasn1-6.
- - - - -
9c75b5c3 by Chris Lamb at 2023-01-06T09:20:02+00:00
data/dla-needed.txt: Claim viewvc.
- - - - -
0a5dafe2 by Sylvain Beucler at 2023-01-06T13:17:43+01:00
CVE-2022-31631/php7.3: buster postponed
- - - - -
3a61088e by Sylvain Beucler at 2023-01-06T14:14:25+01:00
golang* buster triage/harmonization
- - - - -
21deeef5 by Salvatore Bonaccorso at 2023-01-06T14:36:52+01:00
Update information on CVE-2022-24724/ruby-commonmarker
- - - - -
108a9936 by Salvatore Bonaccorso at 2023-01-06T20:03:17+01:00
Add CVE-2023-22671/ghidra
- - - - -
7e0d46aa by Salvatore Bonaccorso at 2023-01-06T20:05:59+01:00
Process some NFUs
- - - - -
2d0a4e8e by Salvatore Bonaccorso at 2023-01-06T20:06:52+01:00
Process two "new" network-manager issues, CVE-2014-12504{2,3}
- - - - -
e463af49 by Salvatore Bonaccorso at 2023-01-06T20:29:32+01:00
Update information for CVE-2022-31631/php
Track fixed version for php8.2 via unstable and expand note to cover
fixes in 8.2.1.
- - - - -
d5fff9e6 by security tracker role at 2023-01-06T20:10:22+00:00
automatic update
- - - - -
23b4bd2a by Salvatore Bonaccorso at 2023-01-06T21:19:51+01:00
Process some NFUs
- - - - -
873a6b4f by Salvatore Bonaccorso at 2023-01-06T21:29:12+01:00
Process some NFUs
- - - - -
4b381872 by Salvatore Bonaccorso at 2023-01-06T21:30:15+01:00
Process some NFUs
- - - - -
f09c760a by Salvatore Bonaccorso at 2023-01-06T21:40:14+01:00
Add openvswitch for DSA (review)
- - - - -
3673b9ad by Salvatore Bonaccorso at 2023-01-06T22:14:25+01:00
Add upstream tag information for three libbpf issues
- - - - -
14941824 by Salvatore Bonaccorso at 2023-01-06T22:16:42+01:00
Track fixed version for libbpf issues CVE-2022-353{3,4} and CVE-2022-3606
- - - - -
7e719e94 by Salvatore Bonaccorso at 2023-01-07T08:27:20+01:00
Add CVE-2022-40897/setuptools
- - - - -
1c504ceb by Salvatore Bonaccorso at 2023-01-07T08:30:50+01:00
Mark CVE-2022-40897 as no-dsa for bullseye
- - - - -
75076f38 by security tracker role at 2023-01-07T08:10:16+00:00
automatic update
- - - - -
9599b2ea by Salvatore Bonaccorso at 2023-01-07T10:03:45+01:00
Process some NFUs
- - - - -
56175c41 by Salvatore Bonaccorso at 2023-01-07T14:58:00+01:00
Track fixed version for various linux CVEs via unstable
- - - - -
f1eaa38c by Sylvain Beucler at 2023-01-07T17:32:43+01:00
CVE-2022-47952/lxc: buster postponed
- - - - -
123af2b8 by Moritz Muehlenhoff at 2023-01-07T20:24:43+01:00
python-git fixed in sid
- - - - -
8c6e6d5f by security tracker role at 2023-01-07T20:10:19+00:00
automatic update
- - - - -
3eb73311 by Salvatore Bonaccorso at 2023-01-07T21:28:35+01:00
Process some NFUs
- - - - -
b32a565f by security tracker role at 2023-01-08T08:10:17+00:00
automatic update
- - - - -
898f6ce8 by Salvatore Bonaccorso at 2023-01-08T17:25:58+01:00
Process some new gpac issues
- - - - -
734365e7 by Salvatore Bonaccorso at 2023-01-08T17:30:33+01:00
Update information for CVE-2019-6129/libpng1.6
- - - - -
9e5c7216 by Salvatore Bonaccorso at 2023-01-08T17:33:05+01:00
Add CVE-2022-47655/libde265
- - - - -
5e6ee740 by Salvatore Bonaccorso at 2023-01-08T17:42:31+01:00
Add two more gpac issues
- - - - -
8c34740f by Moritz Muehlenhoff at 2023-01-08T19:06:19+01:00
node-socks in the archive now
- - - - -
e10131c4 by Moritz Mühlenhoff at 2023-01-08T19:11:19+01:00
radare n/a
- - - - -
55b08940 by Moritz Mühlenhoff at 2023-01-08T19:17:06+01:00
ATS DSA
- - - - -
e3c5b14e by Salvatore Bonaccorso at 2023-01-08T20:19:31+01:00
Track ruby3.0 as removed from unstable
- - - - -
ed10cddb by Salvatore Bonaccorso at 2023-01-08T20:20:17+01:00
Track ruby3.0 as removed from the archive
- - - - -
f22bc58f by Salvatore Bonaccorso at 2023-01-08T20:38:03+01:00
Process some more gpac issues
- - - - -
8000164d by Salvatore Bonaccorso at 2023-01-08T20:42:40+01:00
Add CVE-2022-4645{6,7}/nasm
- - - - -
7e8ca9ed by Salvatore Bonaccorso at 2023-01-08T20:44:26+01:00
Add two more gpac issues: CVE-2022-464{89,90}
- - - - -
7aefa6a8 by Salvatore Bonaccorso at 2023-01-08T21:02:42+01:00
Process one NFU
- - - - -
e05e0474 by Salvatore Bonaccorso at 2023-01-08T21:07:05+01:00
Add CVE-2020-36646/libzen
- - - - -
a3df6ea9 by security tracker role at 2023-01-08T20:10:33+00:00
automatic update
- - - - -
a44f3773 by Salvatore Bonaccorso at 2023-01-08T21:17:26+01:00
Process some NFUs
- - - - -
e5655bd9 by Aron Xu at 2023-01-09T11:42:11+08:00
Claim tiff in dsa-needed.txt
- - - - -
932fce87 by security tracker role at 2023-01-09T08:10:49+00:00
automatic update
- - - - -
3ad52e3d by Moritz Muehlenhoff at 2023-01-09T10:28:37+01:00
bullseye triage
- - - - -
62597546 by Moritz Muehlenhoff at 2023-01-09T10:39:24+01:00
NFU
- - - - -
478c3db0 by Chris Lamb at 2023-01-09T12:49:26+00:00
Reserve DLA-3263-1 for libtasn1-6
- - - - -
0015a986 by Moritz Mühlenhoff at 2023-01-09T15:46:21+01:00
ceph fixed in sid
- - - - -
24493847 by Moritz Muehlenhoff at 2023-01-09T16:59:33+01:00
bullseye triage
- - - - -
233b0d56 by Moritz Muehlenhoff at 2023-01-09T18:00:02+01:00
NFU
- - - - -
6de7d6b9 by Moritz Muehlenhoff at 2023-01-09T18:34:10+01:00
NFUs
- - - - -
de622274 by Salvatore Bonaccorso at 2023-01-09T19:31:05+01:00
Add back trailing line for dsa-needed list
- - - - -
e20496b6 by Salvatore Bonaccorso at 2023-01-09T19:31:45+01:00
Take varnish from dsa-needed list
- - - - -
fc96a69c by Moritz Muehlenhoff at 2023-01-09T19:59:54+01:00
new patchelf issue
- - - - -
37363961 by Moritz Muehlenhoff at 2023-01-09T20:02:04+01:00
new rust-tokio issue
- - - - -
20036c8d by security tracker role at 2023-01-09T20:10:26+00:00
automatic update
- - - - -
7506f689 by Salvatore Bonaccorso at 2023-01-09T21:14:19+01:00
Add upstream tag reference for CVE-2022-44940
- - - - -
2f69c501 by Salvatore Bonaccorso at 2023-01-09T21:17:35+01:00
Process two NFUs
- - - - -
9a41e420 by Salvatore Bonaccorso at 2023-01-09T21:29:29+01:00
Process some NFUs
- - - - -
fc1144c0 by Salvatore Bonaccorso at 2023-01-09T21:33:37+01:00
Remove TODO item for CVE-2023-22460
- - - - -
d1fbc5f5 by security tracker role at 2023-01-10T08:10:11+00:00
automatic update
- - - - -
053e0f45 by Salvatore Bonaccorso at 2023-01-10T09:14:43+01:00
Add CVE-2023-0105 as NFU
- - - - -
44fe46c6 by Salvatore Bonaccorso at 2023-01-10T09:32:12+01:00
Add CVE-2023-0122/linux
- - - - -
1dc9a6df by Salvatore Bonaccorso at 2023-01-10T10:55:12+01:00
Process some NFUs
- - - - -
accb17ef by Helmut Grohne at 2023-01-10T11:59:40+01:00
triage leptonlib
* Remove a bunch of annotations that will end up conflicting with the
ELTS tracker.
* Note patch for CVE-2018-7442 and explain that it changes behaviour.
* Note that CVE-2018-7441 is not neutralized, remove unimportant, list
patches.
- - - - -
d76eea3e by Moritz Muehlenhoff at 2023-01-10T12:01:40+01:00
dlt-daemon fixed in sid
- - - - -
9df4383d by Moritz Muehlenhoff at 2023-01-10T12:05:32+01:00
avahi fixed in sid
- - - - -
af454f42 by Moritz Muehlenhoff at 2023-01-10T12:13:07+01:00
new kodi issue
- - - - -
45408248 by Chris Lamb at 2023-01-10T11:19:30+00:00
Reserve DLA-3264-1 for ruby-sinatra
- - - - -
1d9742d8 by Salvatore Bonaccorso at 2023-01-10T13:12:49+01:00
Track proposed update for avahi via bullseye-pu
- - - - -
ee63c827 by Moritz Muehlenhoff at 2023-01-10T13:38:14+01:00
NFUs
- - - - -
16e13cfc by Moritz Muehlenhoff at 2023-01-10T13:52:20+01:00
new rust-bzip2 issue
- - - - -
89e9f403 by Helmut Grohne at 2023-01-10T14:21:19+01:00
delete heimdal annotations conflicting with ELTS tracker
- - - - -
b632e32d by Helmut Grohne at 2023-01-10T14:21:20+01:00
triage exiv2
* This is mostly adding <not-affected> for LTS.
* Also deleting annotations that conflict with the ELTS tracker.
* CVE-2021-31292 is a duplicate of CVE-2021-29458
* Add detail to some CVEs such as patches.
- - - - -
5b1b1a0b by Chris Lamb at 2023-01-10T15:37:37+00:00
Correct version number for ruby-sinatra in DLA-3264-1.
- - - - -
64c3ca93 by Helmut Grohne at 2023-01-10T17:44:15+01:00
reserve DLA-3265-1 for exiv2
- - - - -
c2f48578 by Salvatore Bonaccorso at 2023-01-10T20:43:27+01:00
Add CVE-2022-46176/cargo
- - - - -
fd45a7ca by security tracker role at 2023-01-10T20:10:27+00:00
automatic update
- - - - -
5cb57faa by Salvatore Bonaccorso at 2023-01-10T21:18:40+01:00
Process some NFUs
- - - - -
d4b94956 by Salvatore Bonaccorso at 2023-01-10T22:42:12+01:00
CVE-2021-29507: Reference upstream tag and non-merge commit
- - - - -
d52efcca by Markus Koschany at 2023-01-10T23:56:35+01:00
Reserve DSA-5312-1 for libjettison-java.
- - - - -
a920ba6e by Markus Koschany at 2023-01-10T23:57:39+01:00
Reserve DSA-5313-1 for hsqldb
- - - - -
c5733ce5 by Markus Koschany at 2023-01-11T00:37:14+01:00
Claim libxstream-java in dsa-needed.txt
- - - - -
f257e700 by Salvatore Bonaccorso at 2023-01-11T06:19:56+01:00
Document that maintainer is preparing updates for lava
- - - - -
4037b370 by Salvatore Bonaccorso at 2023-01-11T06:30:43+01:00
Add new chromium issues
- - - - -
bc6470c0 by Anton Gladky at 2023-01-11T06:50:53+01:00
LTS: Add missing VCS information in packages
- - - - -
14dce102 by Anton Gladky at 2023-01-11T07:13:02+01:00
LTS: Add missing meta information in packages
- - - - -
a99daf8d by Salvatore Bonaccorso at 2023-01-11T07:25:30+01:00
Add CVE-2023-0210/linux
- - - - -
8d2d0056 by security tracker role at 2023-01-11T08:10:14+00:00
automatic update
- - - - -
f3542806 by Chris Lamb at 2023-01-11T08:19:54+00:00
Reserve DLA-3266-1 for viewvc
- - - - -
15cda1a0 by Moritz Muehlenhoff at 2023-01-11T09:50:24+01:00
python3.9 removed from sid
- - - - -
6c99b673 by Moritz Muehlenhoff at 2023-01-11T11:04:53+01:00
golang-github-masterminds-goutils n/a, NFU (concludes external check)
- - - - -
4f216301 by Markus Koschany at 2023-01-11T14:05:01+01:00
CVE-2022-41966,libxstream-java: fixed in unstable
- - - - -
1310760a by Moritz Muehlenhoff at 2023-01-11T14:47:36+01:00
bookworm triage
- - - - -
e7c7cc32 by Moritz Mühlenhoff at 2023-01-11T19:50:56+01:00
emacs DSA
- - - - -
8d310b05 by Salvatore Bonaccorso at 2023-01-11T20:42:53+01:00
Update status for CVE-2022-45132/lava
Thanks: Antonio Terceiro
- - - - -
aedad73a by security tracker role at 2023-01-11T20:10:19+00:00
automatic update
- - - - -
feb7a3db by Salvatore Bonaccorso at 2023-01-11T21:17:21+01:00
Process some NFUs
- - - - -
1ce5877f by Salvatore Bonaccorso at 2023-01-11T21:27:59+01:00
Add CVE-2022-4696/linux
- - - - -
dfd9ad5c by Salvatore Bonaccorso at 2023-01-11T21:47:58+01:00
Process some NFUs
- - - - -
78edef02 by Salvatore Bonaccorso at 2023-01-11T21:59:35+01:00
Track fixed version for CVE-2022-37454/pysha3
While it initially was removed from unstable, it got reintroduced again.
this update fixes at least CVE-2022-37454.
- - - - -
fea5d93d by Salvatore Bonaccorso at 2023-01-11T22:22:13+01:00
Process some NFUs
- - - - -
1b7f651a by Salvatore Bonaccorso at 2023-01-11T22:25:13+01:00
Add CVE-2023-22626/ruby-pghero
- - - - -
179ca9bd by Markus Koschany at 2023-01-11T23:23:33+01:00
Reserve DSA-5315-1 libxstream-java
- - - - -
a3c975ce by Markus Koschany at 2023-01-11T23:24:43+01:00
Reserve DSA-5316-1 netty
- - - - -
d55dd260 by Markus Koschany at 2023-01-11T23:40:25+01:00
Reserve DLA-3267-1 for libxstream-java
- - - - -
d6fe26eb by Markus Koschany at 2023-01-11T23:42:28+01:00
Reserve DLA-3268-1 for netty
- - - - -
bac249d4 by Salvatore Bonaccorso at 2023-01-12T06:33:32+01:00
Mark guacamole-client as removed from unstable
- - - - -
132509c1 by Salvatore Bonaccorso at 2023-01-12T06:36:38+01:00
Mark kopanocore as removed from unstable
- - - - -
17fa7f70 by Salvatore Bonaccorso at 2023-01-12T06:38:19+01:00
Mark guacamole-client as dropped in every supported suite
- - - - -
1c81ac53 by Salvatore Bonaccorso at 2023-01-12T08:07:33+01:00
Process one NFU
- - - - -
96d7d134 by Salvatore Bonaccorso at 2023-01-12T08:29:50+01:00
Track proposed exiv2 update via bullseye-pu
Did not include CVE-2021-3129, as CVE-2021-29458 are treated as
distinct CVEs.
- - - - -
1607e908 by security tracker role at 2023-01-12T08:10:14+00:00
automatic update
- - - - -
61731a4e by Salvatore Bonaccorso at 2023-01-12T09:46:41+01:00
Add CVE-2023-2345{4,5}/linux
- - - - -
d150300e by Salvatore Bonaccorso at 2023-01-12T10:37:24+01:00
Process some NFUs
- - - - -
0481c8b6 by Moritz Muehlenhoff at 2023-01-12T10:40:59+01:00
link CVE-2020-17354 to lilypond, now public
- - - - -
89ef49aa by Moritz Muehlenhoff at 2023-01-12T10:45:53+01:00
NFUs
- - - - -
607598cf by Moritz Muehlenhoff at 2023-01-12T15:56:42+01:00
NFUs
- - - - -
c49e5ea2 by Moritz Muehlenhoff at 2023-01-12T16:24:11+01:00
cargo fixed in sid
- - - - -
db60257a by Salvatore Bonaccorso at 2023-01-12T20:38:30+01:00
Update information for ancient CVE-2006-3360/pypsysinfo
- - - - -
bd7d9b8e by Salvatore Bonaccorso at 2023-01-12T20:46:50+01:00
Track fixed version for CVE-2022-2414/dogtag-pki
- - - - -
25464864 by Salvatore Bonaccorso at 2023-01-12T21:00:03+01:00
Track fixed version for CVE-2022-46176/rust-cargo via unstable
- - - - -
90cebfef by Salvatore Bonaccorso at 2023-01-12T21:03:12+01:00
Track fixed version for chromium issues via unstable
- - - - -
f074c5fe by Salvatore Bonaccorso at 2023-01-12T21:05:55+01:00
Add chromium to dsa-needed list
- - - - -
bf06d7b3 by Moritz Muehlenhoff at 2023-01-12T21:07:13+01:00
claim DSAs
- - - - -
fd267220 by security tracker role at 2023-01-12T20:10:28+00:00
automatic update
- - - - -
a38b5300 by Salvatore Bonaccorso at 2023-01-12T21:29:21+01:00
Process one NFU
- - - - -
7a90a9b1 by Salvatore Bonaccorso at 2023-01-12T22:00:13+01:00
Add CVE-2023-2345{6,7}/upx-ucl
- - - - -
87ed4bd4 by Salvatore Bonaccorso at 2023-01-12T22:02:29+01:00
Process some NFUs
- - - - -
d0a3610f by Salvatore Bonaccorso at 2023-01-12T22:06:29+01:00
Update information on CVE-2023-0122/linux
- - - - -
0875fc59 by Salvatore Bonaccorso at 2023-01-12T22:29:27+01:00
Process NFUs
- - - - -
0b2c7ea7 by Salvatore Bonaccorso at 2023-01-12T22:31:05+01:00
Add CVE-2022-43974/matrixssl
- - - - -
c6836a4e by Salvatore Bonaccorso at 2023-01-12T22:32:35+01:00
Track fixed version for varnish issue via unstable
- - - - -
e55dcd1c by Salvatore Bonaccorso at 2023-01-12T22:35:55+01:00
Adjust version for CVE-2022-3643/linux to 6.1.4-1
6.0.12-1 contained only one part of the two-patches series to address
CVE-2022-3643. Consider thus CVE-2022-3643 fixed only with both commits
applied, and so bump the version to 6.1.4-1.
- - - - -
f22b0db5 by Salvatore Bonaccorso at 2023-01-12T22:42:12+01:00
Add CVE-2022-46449/mpd
- - - - -
f8dd91c4 by Salvatore Bonaccorso at 2023-01-12T22:44:01+01:00
CVE-2022-434{4,5}wireshark assigned
- - - - -
096f997a by Salvatore Bonaccorso at 2023-01-13T06:26:13+01:00
Add CVE-2022-4743/libsdl2
- - - - -
7a2da0ad by security tracker role at 2023-01-13T08:10:12+00:00
automatic update
- - - - -
a1ed8e02 by Moritz Muehlenhoff at 2023-01-13T09:26:36+01:00
NFUs
- - - - -
691f6df3 by Moritz Muehlenhoff at 2023-01-13T11:17:43+01:00
NFUs
- - - - -
b4123b42 by Moritz Muehlenhoff at 2023-01-13T12:07:22+01:00
new tor issue (fixed in sid)
- - - - -
f605b5e5 by Tobias Frost at 2023-01-13T12:09:19+01:00
LTS: claim modsecurity-crs in dla-needed.txt
- - - - -
551c7058 by Moritz Muehlenhoff at 2023-01-13T12:38:57+01:00
NFUs
- - - - -
8e9b25ce by Tobias Frost at 2023-01-13T13:24:18+01:00
LTS: claim libde265 in dla-needed.txt
- - - - -
05feef75 by Tobias Frost at 2023-01-13T15:58:21+01:00
LTS: claim libapreq2 in dla-needed.txt
- - - - -
8188f177 by Salvatore Bonaccorso at 2023-01-13T18:52:44+01:00
Add CVE-2023-0179/linux
- - - - -
18990ba0 by Salvatore Bonaccorso at 2023-01-13T18:57:13+01:00
Drop unimportant severity for CVE-2023-23456
It's a write heap-buffer overflow in the end, we cannot determine that
the impact is negligible and should be re-evaluated for a potential
marking it no-dsa. But unimportant severity was defintively not right.
Fixes: 7a90a9b1786f ("Add CVE-2023-2345{6,7}/upx-ucl")
- - - - -
960916af by Sylvain Beucler at 2023-01-13T19:27:09+01:00
CVE-2022-1622,CVE-2022-1623/tiff: buster not-affected
- - - - -
5f585cf1 by Moritz Mühlenhoff at 2023-01-13T20:10:47+01:00
openvswitch, lava, chromium DSAs
- - - - -
a00d78c5 by Moritz Mühlenhoff at 2023-01-13T20:16:11+01:00
fix CVE list
- - - - -
b9b64deb by Salvatore Bonaccorso at 2023-01-13T20:37:22+01:00
Add CVE-2023-0266/linux
- - - - -
d80c3d53 by Salvatore Bonaccorso at 2023-01-13T21:01:40+01:00
Add CVE-2023-23559/linux
- - - - -
8b53d87d by security tracker role at 2023-01-13T20:10:22+00:00
automatic update
- - - - -
1152c517 by Salvatore Bonaccorso at 2023-01-13T21:20:57+01:00
Add CVE-2023-0288/vim
- - - - -
6455b8b1 by Salvatore Bonaccorso at 2023-01-13T22:58:09+01:00
Drop notes from CVE-2022-22199
Got rejected and unused from the assigning CNA.
- - - - -
1559a16f by Salvatore Bonaccorso at 2023-01-13T23:00:34+01:00
Drop notes from CVE-2022-20531
Got rejected and further investigation showed it is not a security
issue.
- - - - -
4804d8cb by Salvatore Bonaccorso at 2023-01-13T23:01:05+01:00
Remove notes from CVE-2015-3208
Further investigation showed that it was not a security issue and the
CVE got rejected.
- - - - -
395ffa07 by Salvatore Bonaccorso at 2023-01-13T23:07:41+01:00
Add CVE-2023-0057/pyload
- - - - -
1dc00e57 by Salvatore Bonaccorso at 2023-01-13T23:08:40+01:00
Process some NFUs
- - - - -
4f3e0fa4 by Thorsten Alteholz at 2023-01-14T00:55:05+01:00
mark CVE-2019-25085 as not-affected for epiphany-browser/buster
- - - - -
a5908a06 by Thorsten Alteholz at 2023-01-14T01:00:15+01:00
mark several CVEs of gpac as either not-affected or EOL in Buster
- - - - -
809887b9 by Jeremy Bicha at 2023-01-13T19:02:31-05:00
CVE-2022-37290/nautilus fixed in unstable
- - - - -
56150b89 by Thorsten Alteholz at 2023-01-14T01:26:21+01:00
mark CVE-2023-0054 as no-dsa for Buster
- - - - -
df6496f4 by Thorsten Alteholz at 2023-01-14T01:29:21+01:00
mark CVE-2022-45143 as postponed for Buster
- - - - -
76e7a9d3 by Salvatore Bonaccorso at 2023-01-14T07:48:00+00:00
Merge branch 'nautilus-2022-37290' into 'master'
CVE-2022-37290/nautilus fixed in unstable
See merge request security-tracker-team/security-tracker!121
- - - - -
41311210 by Salvatore Bonaccorso at 2023-01-14T09:02:00+01:00
CVE assigned for tor issue
- - - - -
438d5d32 by security tracker role at 2023-01-14T08:10:17+00:00
automatic update
- - - - -
f7b3c4cc by Salvatore Bonaccorso at 2023-01-14T09:28:53+01:00
Reference upstream commit for CVE-2022-37290/nautilus
- - - - -
235778df by Salvatore Bonaccorso at 2023-01-14T09:44:57+01:00
Process some NFUs
- - - - -
1734a30f by Salvatore Bonaccorso at 2023-01-14T09:51:21+01:00
Add several new tikiwiki CVEs
- - - - -
65afed84 by Tobias Frost at 2023-01-14T17:00:52+01:00
Reserve DLA-3269-1 for libapreq2
- - - - -
a7addd44 by Salvatore Bonaccorso at 2023-01-14T17:30:44+01:00
Add CVE-2018-14628/samba
- - - - -
4c9ce7e4 by security tracker role at 2023-01-14T20:10:18+00:00
automatic update
- - - - -
fddecd8e by Salvatore Bonaccorso at 2023-01-14T21:25:37+01:00
Add CVE-2023-0297/pyload
- - - - -
0300b95e by Salvatore Bonaccorso at 2023-01-14T21:31:24+01:00
Process some NFUs
- - - - -
8f2611d4 by Guilhem Moulin at 2023-01-15T02:59:24+01:00
LTS: claim node-minimatch in dla-needed.txt
- - - - -
c9864ffb by Guilhem Moulin at 2023-01-15T03:16:46+01:00
LTS: claim node-moment in dla-needed.txt
- - - - -
e3d7e8d3 by Guilhem Moulin at 2023-01-15T03:22:09+01:00
Reserve DLA-3270-1 for net-snmp
- - - - -
6eb1486c by security tracker role at 2023-01-15T08:10:11+00:00
automatic update
- - - - -
03f22cb3 by Salvatore Bonaccorso at 2023-01-15T14:33:50+01:00
Track fixed version for CVE-2021-33621/ruby3.1
- - - - -
4cbb3ed7 by Utkarsh Gupta at 2023-01-15T19:27:13+05:30
Re-claim node-moment from Guilhem
- - - - -
14c44648 by Guilhem Moulin at 2023-01-15T14:58:03+01:00
LTS: claim lemonldap-ng in dla-needed.txt
- - - - -
5049f1e5 by Guilhem Moulin at 2023-01-15T15:20:25+01:00
CVE-2022-3517: Add links to follow commits.
- - - - -
e16694a2 by Salvatore Bonaccorso at 2023-01-15T16:01:25+01:00
Add fixed version via unstable for CVE-2022-4285/binutils
- - - - -
ad495517 by Salvatore Bonaccorso at 2023-01-15T16:03:23+01:00
Track fixed version for CVE-2022-38533/binutils via unstable
- - - - -
6f8b040c by Guilhem Moulin at 2023-01-15T16:20:33+01:00
Reserve DLA-3271-1 for node-minimatch
- - - - -
fa84c288 by Thorsten Alteholz at 2023-01-15T19:05:17+01:00
mark CVEs of freeradius as no-dsa for Buster
- - - - -
c9893585 by Thorsten Alteholz at 2023-01-15T19:05:17+01:00
add tor
- - - - -
b5eecb13 by Thorsten Alteholz at 2023-01-15T19:05:19+01:00
mark CVE-2023-22895 as no-dsa for Buster
- - - - -
6b225caa by Thorsten Alteholz at 2023-01-15T19:05:20+01:00
mark temporary issue for kodi as no-dsa
- - - - -
ded3f861 by Thorsten Alteholz at 2023-01-15T19:05:22+01:00
mark CVE-2022-4743 as no-dsa for Buster
- - - - -
b6df140f by Thorsten Alteholz at 2023-01-15T19:30:00+01:00
mark CVE-2023-0288 as no-dsa for Buster
- - - - -
ba7f9ec7 by Thorsten Alteholz at 2023-01-15T19:41:59+01:00
add libzen
- - - - -
154f219e by security tracker role at 2023-01-15T20:10:22+00:00
automatic update
- - - - -
528b6311 by Salvatore Bonaccorso at 2023-01-15T21:31:55+01:00
Process some NFUs
- - - - -
3e93e31d by Salvatore Bonaccorso at 2023-01-16T06:29:53+01:00
Add temporary entry for sgt-puzzles issues
- - - - -
45925203 by Anton Gladky at 2023-01-16T06:34:20+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
aae91bcb by Anton Gladky at 2023-01-16T07:10:22+01:00
LTS: Add VCS information
- - - - -
a2148892 by Anton Gladky at 2023-01-16T07:15:29+01:00
LTS: take xfig
- - - - -
7b2a753c by Salvatore Bonaccorso at 2023-01-16T08:21:14+01:00
Add CVE-2022-40704/phoronix-test-suite
- - - - -
1576ad40 by Salvatore Bonaccorso at 2023-01-16T08:30:56+01:00
Track update for CVE-2022-46175/node-json5 proposed for bullseye-pu
- - - - -
d26f6c61 by security tracker role at 2023-01-16T08:10:14+00:00
automatic update
- - - - -
d1800859 by Salvatore Bonaccorso at 2023-01-16T09:26:31+01:00
Add CVE-2023-031{5,6}/froxlor
- - - - -
e85e5f27 by Salvatore Bonaccorso at 2023-01-16T09:28:03+01:00
Process some NFUs
- - - - -
f8f1a07a by Moritz Muehlenhoff at 2023-01-16T12:41:10+01:00
NFUs
- - - - -
7ee10f8b by Moritz Muehlenhoff at 2023-01-16T13:09:50+01:00
bullseye triage
- - - - -
3e50a176 by Salvatore Bonaccorso at 2023-01-16T13:11:34+01:00
Process some NFUs
- - - - -
7ff87bd8 by Salvatore Bonaccorso at 2023-01-16T13:12:27+01:00
Add two more NFUs for Apache Superset
- - - - -
11a66e2a by Salvatore Bonaccorso at 2023-01-16T14:27:15+01:00
Process two more NFUs
- - - - -
f99704f6 by Moritz Muehlenhoff at 2023-01-16T15:39:15+01:00
new radare2 issue
- - - - -
73b02daa by Moritz Muehlenhoff at 2023-01-16T15:43:32+01:00
"new" nim issue
- - - - -
4efae9dd by Moritz Muehlenhoff at 2023-01-16T16:07:25+01:00
new log4j issue
- - - - -
b9827893 by Moritz Muehlenhoff at 2023-01-16T16:17:55+01:00
"new" node-debug issue
- - - - -
163906db by Moritz Muehlenhoff at 2023-01-16T16:25:58+01:00
NFUs
- - - - -
0c5731ac by Moritz Muehlenhoff at 2023-01-16T16:27:58+01:00
new gitlab issues
- - - - -
e0194095 by Moritz Muehlenhoff at 2023-01-16T16:31:41+01:00
new shiro issue
- - - - -
44e517e9 by Moritz Muehlenhoff at 2023-01-16T16:49:58+01:00
new netdata issues
- - - - -
13e6a3ee by Tobias Frost at 2023-01-16T16:56:18+01:00
LTS: claim ring in dla-needed.txt
- - - - -
aac37694 by Moritz Mühlenhoff at 2023-01-16T20:18:18+01:00
tor DSA
- - - - -
ac7419ed by Moritz Mühlenhoff at 2023-01-16T20:36:38+01:00
bugnums
- - - - -
8d8ee43d by Salvatore Bonaccorso at 2023-01-16T20:45:42+01:00
Adjust GHSA reference for CVE-2023-22496/netdata
- - - - -
d7c879cb by security tracker role at 2023-01-16T20:10:33+00:00
automatic update
- - - - -
95935ae5 by Salvatore Bonaccorso at 2023-01-16T21:15:09+01:00
Add note for jupyter-core with respect to maintainer update
- - - - -
5d29848b by Salvatore Bonaccorso at 2023-01-16T21:20:26+01:00
Process several NFUs
- - - - -
e7556d7e by Salvatore Bonaccorso at 2023-01-16T21:25:51+01:00
Process some more NFUs
- - - - -
c080e1d9 by Moritz Muehlenhoff at 2023-01-16T22:13:07+01:00
zip4j fixed in sid
- - - - -
9a94a930 by Abhijith PA at 2023-01-17T09:53:21+05:30
reclaim xrdp
- - - - -
710e2328 by Salvatore Bonaccorso at 2023-01-17T06:51:40+01:00
Track fixed version for CVE-2022-47952/lxc
- - - - -
7fb32a92 by security tracker role at 2023-01-17T08:10:14+00:00
automatic update
- - - - -
8af4c6e4 by Moritz Muehlenhoff at 2023-01-17T10:01:16+01:00
NFUs
- - - - -
9631a922 by Moritz Muehlenhoff at 2023-01-17T10:03:11+01:00
NFU
- - - - -
86e3f40c by Moritz Muehlenhoff at 2023-01-17T10:05:04+01:00
new gitlab issues
- - - - -
7c430ed9 by Moritz Muehlenhoff at 2023-01-17T11:00:39+01:00
new rust-git2, rust-bumpalo issues
- - - - -
7cbd3752 by Moritz Muehlenhoff at 2023-01-17T11:47:06+01:00
Superset references
- - - - -
d4ccf376 by Sylvain Beucler at 2023-01-17T12:33:43+01:00
dla: claim tiff and update status
- - - - -
046bf5f7 by Emilio Pozuelo Monfort at 2023-01-17T13:04:55+01:00
lts: take firefox-esr and thunderbird
- - - - -
67898146 by Moritz Muehlenhoff at 2023-01-17T14:40:40+01:00
pypdf2 spu
- - - - -
5fd3cc60 by Sylvain Beucler at 2023-01-17T14:59:08+01:00
CVE-2022-3570/tiff: replace orphan commit with slightly different merged fix
- - - - -
5031f085 by Salvatore Bonaccorso at 2023-01-17T18:07:17+01:00
Add new libxpm issues
- - - - -
31f6bc2c by security tracker role at 2023-01-17T20:10:25+00:00
automatic update
- - - - -
30804f5d by Salvatore Bonaccorso at 2023-01-17T21:13:20+01:00
Update information from CVE-2020-23109/libheif
- - - - -
55c0403f by Salvatore Bonaccorso at 2023-01-17T21:15:43+01:00
Add CVE-2022-23521 and CVE-2022-41903 for git
- - - - -
1bc70bda by Salvatore Bonaccorso at 2023-01-17T21:23:01+01:00
Add upstream commits for CVE-2022-41903/git
- - - - -
7270f1ab by Salvatore Bonaccorso at 2023-01-17T21:26:17+01:00
Reference upstream commits for CVE-2022-23521/git
- - - - -
39e89edf by Salvatore Bonaccorso at 2023-01-17T21:36:33+01:00
Add three new apache2 issues
- - - - -
31461be5 by Salvatore Bonaccorso at 2023-01-17T22:13:11+01:00
Track libxpm fixes via unstable
- - - - -
03424644 by Salvatore Bonaccorso at 2023-01-17T22:19:02+01:00
Add CVE-2022-47950/swift
- - - - -
420676ca by Salvatore Bonaccorso at 2023-01-17T22:30:57+01:00
Add Debian bug reference for git issues
- - - - -
ff94f3c3 by Salvatore Bonaccorso at 2023-01-17T22:40:59+01:00
Drop use of CVE-2022-23816
- - - - -
879c8365 by Salvatore Bonaccorso at 2023-01-18T07:07:14+01:00
Add new firefox-esr issues from mfsa2023-02
- - - - -
91024841 by Salvatore Bonaccorso at 2023-01-18T07:08:03+01:00
Add firefox-esr to dsa-needed list
- - - - -
2ce9e003 by Salvatore Bonaccorso at 2023-01-18T07:11:56+01:00
Add firefox issues from mfsa2023-01
- - - - -
950e8a05 by Salvatore Bonaccorso at 2023-01-18T07:13:38+01:00
Add CVE-2023-0330/qemu
- - - - -
bf2f9524 by Salvatore Bonaccorso at 2023-01-18T07:23:19+01:00
Add git to dsa-needed list
- - - - -
946fc6b9 by Salvatore Bonaccorso at 2023-01-18T07:42:36+01:00
Add references for {CVE-2022-41903,CVE-2022-23521}/git
- - - - -
8df0510c by Salvatore Bonaccorso at 2023-01-18T08:18:17+01:00
Add tracking for lxc via bullseye-pu
- - - - -
83183a55 by Salvatore Bonaccorso at 2023-01-18T08:45:50+01:00
Track fixing version for firefox-esr issues for mfsa2023-02
- - - - -
56a5cae2 by Salvatore Bonaccorso at 2023-01-18T08:47:44+01:00
Track fixed version for firefox issues from mfsa2023-01
- - - - -
b61f4b38 by Salvatore Bonaccorso at 2023-01-18T08:49:55+01:00
Track fixed version for three apache2 issue fixed via unstable
- - - - -
c29f4b0e by security tracker role at 2023-01-18T08:10:22+00:00
automatic update
- - - - -
eab87e0d by Salvatore Bonaccorso at 2023-01-18T09:24:44+01:00
Process some NFUs
- - - - -
bac4bf69 by Moritz Muehlenhoff at 2023-01-18T10:08:32+01:00
new Java issues
- - - - -
161994e4 by Moritz Muehlenhoff at 2023-01-18T10:13:48+01:00
new virtualbox issues
- - - - -
b77d8fb2 by Moritz Muehlenhoff at 2023-01-18T10:31:11+01:00
new mysql issues
- - - - -
b0333997 by Salvatore Bonaccorso at 2023-01-18T12:49:45+01:00
Correct status for CVE-2023-0266/linux
- - - - -
084d59d9 by Moritz Muehlenhoff at 2023-01-18T13:55:36+01:00
new arm-trusted-firmware issue
- - - - -
9d5282a2 by Moritz Muehlenhoff at 2023-01-18T14:07:25+01:00
bullseye triage
- - - - -
db39a344 by Travis Wrightsman at 2023-01-18T08:13:07-05:00
Add minetest to irrlicht embedded code copies list
As of Minetest 5.5.0, upstream has forked Irrlicht with the long-term
plan of completely merging it into the minetest main repository. There
is no plan to maintain or reestablish any compatibility with upstream
Irrlicht. The initial discussion [0] on debian-devel-games has more
context.
[0] https://lists.debian.org/debian-devel-games/2022/02/msg00006.html
- - - - -
e9a278be by Moritz Muehlenhoff at 2023-01-18T15:37:34+01:00
bullseye triage
- - - - -
76561d2b by Thorsten Alteholz at 2023-01-18T16:09:54+01:00
claim sudo
- - - - -
5b5a6c16 by Salvatore Bonaccorso at 2023-01-18T16:18:39+01:00
Add CVE-2023-22809/sudo
- - - - -
a7ea68fe by Salvatore Bonaccorso at 2023-01-18T16:29:27+01:00
Reserve DSA number for sudo update
- - - - -
1b199708 by Thorsten Alteholz at 2023-01-18T16:36:16+01:00
Reserve DLA-3272-1 for sudo
- - - - -
601f784f by Moritz Muehlenhoff at 2023-01-18T20:04:26+01:00
bugnums
- - - - -
e3350cc5 by Moritz Muehlenhoff at 2023-01-18T20:05:14+01:00
one more firefox issue fixed
- - - - -
1b2c2aaa by Moritz Mühlenhoff at 2023-01-18T20:10:19+01:00
firefox-esr DSA
- - - - -
f3540fba by security tracker role at 2023-01-18T20:10:24+00:00
automatic update
- - - - -
e3196191 by Salvatore Bonaccorso at 2023-01-18T21:12:07+01:00
Track fixed version for some linux CVEs with unstable upload
- - - - -
105c0fce by Salvatore Bonaccorso at 2023-01-18T21:24:48+01:00
Track fixed version via unsable for CVE-2023-22809/sudo
- - - - -
89bf79eb by Salvatore Bonaccorso at 2023-01-18T21:30:05+01:00
Four openimageio CVEs fixed with unstable upload of v2.3.21.0
Link: https://github.com/OpenImageIO/oiio/releases/tag/v2.3.21.0
- - - - -
5a637425 by Salvatore Bonaccorso at 2023-01-18T21:33:05+01:00
Process some NFUs
- - - - -
fb4cf6ac by Salvatore Bonaccorso at 2023-01-18T21:41:04+01:00
Add CVE-2022-23538/singularity-container
- - - - -
e3aedd04 by Salvatore Bonaccorso at 2023-01-18T22:12:09+01:00
Add CVE-2023-0394/linux
- - - - -
9eda8f2d by Salvatore Bonaccorso at 2023-01-18T22:18:31+01:00
Adjust Debian bug references for rust-bzip2 and rust-tokio issues
- - - - -
ffe87962 by Salvatore Bonaccorso at 2023-01-18T22:26:24+01:00
Add CVE-2023-0358/gpac
- - - - -
6dba0140 by Salvatore Bonaccorso at 2023-01-18T22:27:13+01:00
Process some NFUs
- - - - -
81d87d52 by Salvatore Bonaccorso at 2023-01-18T22:29:02+01:00
Mark CVE-2022-22728/libapreq2 as no-dsa for bullseye
- - - - -
93b105cc by Markus Koschany at 2023-01-18T22:59:23+01:00
Reserve DLA-3273-1 for libitext5-java
- - - - -
4fce543a by Markus Koschany at 2023-01-18T23:29:34+01:00
Claim lava in dla-needed.txt
- - - - -
bee18429 by Salvatore Bonaccorso at 2023-01-19T07:06:31+01:00
Track fixed version via unstable for CVE-2023-22895/rust-bzip2
- - - - -
bff75050 by Salvatore Bonaccorso at 2023-01-19T07:09:53+01:00
Track fixed version via unstable for CVE-2023-22466/rust-tokio
- - - - -
9c5555a8 by Salvatore Bonaccorso at 2023-01-19T08:15:38+01:00
Add CVE-2022-35977 and CVE-2023-22458 for redis
- - - - -
fd832329 by Salvatore Bonaccorso at 2023-01-19T08:16:38+01:00
Add CVE-2023-22298/pgadmin4, itp'ed
- - - - -
5f9cad1c by Salvatore Bonaccorso at 2023-01-19T08:33:29+01:00
Add new qt issues CVE-2022-40983 and CVE-2022-43591
- - - - -
21109cf0 by security tracker role at 2023-01-19T08:10:19+00:00
automatic update
- - - - -
bab836e7 by Moritz Muehlenhoff at 2023-01-19T09:15:33+01:00
puppetserver is in the archive now
- - - - -
93dd4d10 by Moritz Muehlenhoff at 2023-01-19T09:18:16+01:00
additional sudo references
- - - - -
10d6d8bc by Emilio Pozuelo Monfort at 2023-01-19T10:22:14+01:00
lts: take webkit2gtk
- - - - -
41a5928d by Emilio Pozuelo Monfort at 2023-01-19T11:06:59+01:00
Reserve DLA-3274-1 for webkit2gtk
- - - - -
d34fe1c7 by Emilio Pozuelo Monfort at 2023-01-19T13:08:38+01:00
Reserve DLA-3275-1 for firefox-esr
- - - - -
776ae285 by Salvatore Bonaccorso at 2023-01-19T16:53:58+01:00
Add additional reference for CVE-2020-25265
- - - - -
dc793732 by Moritz Muehlenhoff at 2023-01-19T17:02:08+01:00
swift fixed in sid
- - - - -
d494fba6 by Moritz Muehlenhoff at 2023-01-19T17:59:55+01:00
NFUs
- - - - -
d14b103f by Moritz Muehlenhoff at 2023-01-19T18:16:45+01:00
NFUs
- - - - -
92a4b2a2 by Moritz Muehlenhoff at 2023-01-19T18:24:42+01:00
NFUs
- - - - -
a8702552 by Moritz Muehlenhoff at 2023-01-19T18:32:48+01:00
NFUs
- - - - -
64c50f14 by Anton Gladky at 2023-01-19T18:45:54+01:00
LTS: fix old DLA entries
- - - - -
cbdf66f9 by Salvatore Bonaccorso at 2023-01-19T21:09:03+01:00
Track proposed libapreq2 update via bullseye-pu
I am already using the adjusted version as followed up on #1029217.
- - - - -
678f4631 by security tracker role at 2023-01-19T20:10:20+00:00
automatic update
- - - - -
9bfe9110 by Salvatore Bonaccorso at 2023-01-19T21:27:07+01:00
Process some NFUs
- - - - -
444126c3 by Salvatore Bonaccorso at 2023-01-19T21:36:46+01:00
Process some NFUs
- - - - -
eebbb5a0 by Salvatore Bonaccorso at 2023-01-19T21:37:19+01:00
Add CVE-2022-47318 and CVE-2022-46648 for ruby-git
- - - - -
e579e46f by Salvatore Bonaccorso at 2023-01-19T21:41:50+01:00
Add CVE-2022-47929/linux
- - - - -
5e8a38fa by Markus Koschany at 2023-01-19T23:34:29+01:00
Reserve DSA-5323-1 for libitext5-java.
- - - - -
ba9705ac by Markus Koschany at 2023-01-19T23:54:45+01:00
Reserve DLA-3276-1 for lava
- - - - -
cc06d940 by Markus Koschany at 2023-01-20T00:30:48+01:00
Update snakeyaml NOTE and claim powerline-gitstatus in dla-needed.txt
- - - - -
2c8c3437 by Salvatore Bonaccorso at 2023-01-20T06:57:20+01:00
Track fixed version for CVE-2022-3996/openssl via unstable
- - - - -
0c4619b5 by Salvatore Bonaccorso at 2023-01-20T06:58:50+01:00
Track fixed version for lava issues via unstable
- - - - -
09544dc0 by Paul Wise at 2023-01-20T14:10:27+08:00
Add links to more CVE search services
CVE Details, CIRCL, Red Hat CVEs, Ubuntu bugs, Alpine, Arch Linux bugs/CVEs.
Also shorten SUSE bugzilla to bug and use consistent function names.
Inspired-by: the Arch Linux security issue tracker
- - - - -
5462141a by Utkarsh Gupta at 2023-01-20T13:14:16+05:30
Add modsecurity-apache to dla-needed
- - - - -
32770945 by security tracker role at 2023-01-20T08:10:16+00:00
automatic update
- - - - -
48a7c0f1 by Moritz Muehlenhoff at 2023-01-20T09:44:39+01:00
new golang-golang-x-net issue (resolved in all suites)
- - - - -
8f854fb3 by Moritz Muehlenhoff at 2023-01-20T11:59:41+01:00
android-platform-tools fixed in sid
- - - - -
11d59f96 by Salvatore Bonaccorso at 2023-01-20T13:56:23+01:00
Revert "Add links to more CVE search services"
This reverts commit 09544dc04cf8e9df4f76f0848897e59a55d58e32.
Better to discuss possible additions via merge requests. In particular
cvedetails.com is not something we owuld want to link. Other might add
value to the additional sources.
- - - - -
78dc280a by Tobias Frost at 2023-01-20T16:27:15+01:00
Add additional infos for modsecurity-apache.
- - - - -
99db44e1 by Markus Koschany at 2023-01-20T17:40:43+01:00
Reserve DLA-3277-1 for powerline-gitstatus
- - - - -
ff8c5d23 by Markus Koschany at 2023-01-20T17:56:20+01:00
Claim snort in dla-needed.txt
- - - - -
7ab1482e by Moritz Muehlenhoff at 2023-01-20T20:12:29+01:00
NFUs
- - - - -
29ef8eb0 by Salvatore Bonaccorso at 2023-01-20T20:32:01+01:00
Track fixed version for CVE-2022-29{799,800}/network-dispatcher via unstable
- - - - -
034f37a3 by security tracker role at 2023-01-20T20:10:19+00:00
automatic update
- - - - -
f471126f by Salvatore Bonaccorso at 2023-01-20T21:17:09+01:00
Process some NFUs
- - - - -
48305346 by Salvatore Bonaccorso at 2023-01-20T21:23:39+01:00
Add CVE-2022-48279/modsecurity-apache
- - - - -
fb7bd36a by Salvatore Bonaccorso at 2023-01-20T21:27:03+01:00
Add CVE-2023-24021/modsecurity-apache
- - - - -
eedd8e48 by Salvatore Bonaccorso at 2023-01-20T21:30:15+01:00
Process some NFUs
- - - - -
1abd9f1b by Salvatore Bonaccorso at 2023-01-20T22:41:39+01:00
Remove notes from rejected CVE-2010-10005
- - - - -
60bd0e20 by Sylvain Beucler at 2023-01-20T22:58:11+01:00
Reserve DLA-3278-1 for tiff
- - - - -
227c4122 by Salvatore Bonaccorso at 2023-01-20T23:08:15+01:00
Add three new gpac issues
- - - - -
b734a4bb by Salvatore Bonaccorso at 2023-01-20T23:09:49+01:00
Process some NFUs
- - - - -
2670760d by Salvatore Bonaccorso at 2023-01-20T23:12:59+01:00
Add CVE-2023-22745/tmp2-tss
- - - - -
fde62cf1 by Salvatore Bonaccorso at 2023-01-20T23:16:21+01:00
Track fixed version for two 389-ds-base issues
- - - - -
43ba9afd by Salvatore Bonaccorso at 2023-01-20T23:45:17+01:00
Add CVE-2023-22617/pdns-recursor
- - - - -
666ae359 by Tobias Frost at 2023-01-21T08:47:49+01:00
CVE-2022-48279 also affects modsecurity.
- - - - -
6b6873a8 by security tracker role at 2023-01-21T08:10:14+00:00
automatic update
- - - - -
adda83a9 by Salvatore Bonaccorso at 2023-01-21T10:47:50+01:00
Track fixed version via unstable for CVE-2022-38223/w3m
- - - - -
6b4aa5d1 by Salvatore Bonaccorso at 2023-01-21T10:19:12+00:00
Merge branch 'master' into 'master'
Add minetest to irrlicht embedded code copies list
See merge request security-tracker-team/security-tracker!122
- - - - -
1d803f09 by Salvatore Bonaccorso at 2023-01-21T14:55:19+01:00
Track fixed version for CVE-2020-10688/resteasy3.0 via unstable
- - - - -
b2389737 by Salvatore Bonaccorso at 2023-01-21T14:57:21+01:00
Add Debian bug reference for CVE-2023-24021
- - - - -
37fa3ae0 by Salvatore Bonaccorso at 2023-01-21T15:55:00+01:00
Add CVE-2023-22742/libgit2
- - - - -
bc533552 by Salvatore Bonaccorso at 2023-01-21T15:59:01+01:00
add GHSA reference for CVE-2023-22742/libgit2
- - - - -
b54a7f0b by Salvatore Bonaccorso at 2023-01-21T16:02:31+01:00
Add CVE-2023-22741/sofia-sip
- - - - -
30acdd88 by Salvatore Bonaccorso at 2023-01-21T20:12:52+01:00
Mark printfilters-ppd as removed from unstable
- - - - -
5bc8cc80 by Salvatore Bonaccorso at 2023-01-21T20:14:29+01:00
Mark printfilters-ppd as removed in every supported suite
- - - - -
43178388 by security tracker role at 2023-01-21T20:10:24+00:00
automatic update
- - - - -
063053dc by Salvatore Bonaccorso at 2023-01-21T21:21:34+01:00
Add CVE-2023-0433/vim
- - - - -
b9bb2fa5 by Salvatore Bonaccorso at 2023-01-21T21:31:38+01:00
Update information for CVE-2023-22458/redis
- - - - -
78e14b69 by Salvatore Bonaccorso at 2023-01-21T21:32:23+01:00
Add CVE-2023-22458/redis bug reference
- - - - -
8ff57360 by Salvatore Bonaccorso at 2023-01-21T22:12:12+01:00
Update information for CVE-2023-22617/pdns-recursor
- - - - -
9b3b6c89 by Salvatore Bonaccorso at 2023-01-21T22:14:21+01:00
Add Debian bug reference for CVE-2023-22617/pdns-recursor
- - - - -
44d32ce1 by Salvatore Bonaccorso at 2023-01-21T22:25:40+01:00
Add Debian bug reference for CVE-2023-22742/libgit2
- - - - -
4b20b8a6 by Salvatore Bonaccorso at 2023-01-21T22:35:44+01:00
Add Debian bug reference for CVE-2023-22745/tpm2-tss
- - - - -
1479038b by Markus Koschany at 2023-01-21T23:06:22+01:00
Update snort notes in dla-needed.txt
- - - - -
2499a371 by Markus Koschany at 2023-01-22T00:06:32+01:00
Claim libsdl2 in dla-needed.txt
- - - - -
a2b44d24 by Aron Xu at 2023-01-22T13:43:19+08:00
data/dsa-needed.txt: claim git
mirabilos has asked jrnieder about his plan on fixing the security
issues, help was offerred and let's wait for response
- - - - -
e5ba8fc6 by security tracker role at 2023-01-22T08:10:11+00:00
automatic update
- - - - -
8ad77ad6 by Salvatore Bonaccorso at 2023-01-22T09:10:55+01:00
Track fixed version for CVE-2023-22617/pdns-recursor via unstable
- - - - -
3e33fe20 by Salvatore Bonaccorso at 2023-01-22T09:13:27+01:00
Track fixed version for CVE-2019-16370/gradle via unstable
- - - - -
0702cb30 by Salvatore Bonaccorso at 2023-01-22T09:19:51+01:00
Add tempoary entries for wireshark issues wnpa-sec-2023-[01-07]
- - - - -
fbbbddcc by Salvatore Bonaccorso at 2023-01-22T09:24:24+01:00
Add CVE-2023-22884/airflow
- - - - -
bf997f0e by Salvatore Bonaccorso at 2023-01-22T09:55:48+01:00
Update status for CVE-2020-21598 CVE-2020-21600 and CVE-2020-21602
Ad investigated by Tobias Frost those issues are fixed in 1.0.9 upstream
as well, cf. https://bugs.debian.org/1004963#34 .
Link: https://bugs.debian.org/1004963#34
- - - - -
a32c17e3 by Sébastien Delafond at 2023-01-22T10:22:19+01:00
Add and claim spip
- - - - -
874f66ca by Andrej Shadura at 2023-01-22T12:17:45+01:00
Add info for CVE-2023-24056/pkgconf
- - - - -
4af63445 by Salvatore Bonaccorso at 2023-01-22T12:38:39+01:00
Add upstream tag information for CVE-2023-24056
- - - - -
a9ed8701 by Salvatore Bonaccorso at 2023-01-22T12:40:03+01:00
Assign spip to seb
- - - - -
7d46c29b by Tobias Frost at 2023-01-22T12:58:44+01:00
Update bug numbers for CVE-2022-43245, CVE-2020-21596, CVE-2020-21594 (bugs have been splitted)
- - - - -
f78ca9b6 by Salvatore Bonaccorso at 2023-01-22T13:08:49+01:00
Process some NFUs
- - - - -
aca335c4 by Salvatore Bonaccorso at 2023-01-22T13:08:50+01:00
Add CVE-2023-0434/pyload
- - - - -
724224ed by Salvatore Bonaccorso at 2023-01-22T13:08:52+01:00
Add CVE-2023-24038/libhtml-stripscripts-perl
- - - - -
41b126b2 by Salvatore Bonaccorso at 2023-01-22T13:28:29+01:00
Update information for CVE-2020-21594
Reviewing analysis from
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029396#17 seems
correct and so let's bite the bullet and consider 1.0.3 upstream fixing
the issue.
- - - - -
ae25d0eb by Salvatore Bonaccorso at 2023-01-22T13:30:39+01:00
Add Debian bug reference for CVE-2023-24038/libhtml-stripscripts-perl
- - - - -
428ae8cd by Salvatore Bonaccorso at 2023-01-22T15:09:32+01:00
Update information for several CVEs addressed in libde265/1.0.9 upstream
- - - - -
08198e14 by Salvatore Bonaccorso at 2023-01-22T15:11:26+01:00
Update information for CVE fixes via libde265/1.0.9-1.1 upload
- - - - -
88a41d9a by Salvatore Bonaccorso at 2023-01-22T16:31:41+01:00
Update information for CVE-2022-3770{3,4,5}/amanda
- - - - -
774ae6d1 by Salvatore Bonaccorso at 2023-01-22T20:26:55+01:00
Track fixed version for redis issues via unstable
- - - - -
7cbf641d by Salvatore Bonaccorso at 2023-01-22T20:34:34+01:00
Update information for two openimageio issues
- - - - -
3c381e8a by Salvatore Bonaccorso at 2023-01-22T20:48:57+01:00
Track proposed apache2 update via bullseye-pu
Maintainer proposed to update the package addressing the three CVEs via
bullseye-pu. Accordingly mark them (for now) no-dsa. We might reconsider
it if we think we still should issue a DSA.
- - - - -
6268e029 by Salvatore Bonaccorso at 2023-01-22T20:50:58+01:00
Track proposed update for w3m via bullseye-pu
- - - - -
2514409c by Utkarsh Gupta at 2023-01-23T02:29:57+05:30
Mark CVE-2023-{0358,2314{3-5}}/gpac as EOL for buster
- - - - -
3848b103 by Utkarsh Gupta at 2023-01-23T02:52:41+05:30
Mark CVE-2022-46176/cargo as no-dsa in buster
- - - - -
9719f3b6 by Utkarsh Gupta at 2023-01-23T02:55:28+05:30
Add git to dla-needed
- - - - -
2dd36d80 by Utkarsh Gupta at 2023-01-23T02:58:08+05:30
Add openjdk-11 to dla-needed
- - - - -
929f4e49 by Utkarsh Gupta at 2023-01-23T02:59:44+05:30
Add swift to dla-needed
- - - - -
e98afa9d by Utkarsh Gupta at 2023-01-23T03:01:30+05:30
Mark CVE-2022-4{4617,6285,883}/libxpm as no-dsa for buster
- - - - -
a6054f0c by Utkarsh Gupta at 2023-01-23T03:02:18+05:30
Mark CVE-2020-17354/lilypond as ignored for buster; follow bullseye
- - - - -
1e28fe4b by Utkarsh Gupta at 2023-01-23T03:02:58+05:30
Mark CVE-2022-48279/modsecurity as no-dsa for buster
- - - - -
17454138 by Utkarsh Gupta at 2023-01-23T03:37:19+05:30
Mark CVE-2023-2249{6,7}/netdata as no-dsa for buster
- - - - -
4c6244f5 by Utkarsh Gupta at 2023-01-23T03:37:46+05:30
Mark CVE-2021-46872/nim as no-dsa for buster
- - - - -
5be04707 by Utkarsh Gupta at 2023-01-23T03:38:19+05:30
Mark CVE-2022-46176/rust-cargo as no-dsa in buster
- - - - -
4f16ce9f by Utkarsh Gupta at 2023-01-23T03:39:11+05:30
Mark TEMP-1028986-7037E6/sgt-puzzles as no-dsa for buster
- - - - -
ec6899fd by Utkarsh Gupta at 2023-01-23T04:38:51+05:30
Add wireshark to dla-needed
- - - - -
2d395b4c by Anton Gladky at 2023-01-23T06:21:27+01:00
LTS: add some meta-info
- - - - -
d6099979 by Anton Gladky at 2023-01-23T06:25:34+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
67f2efdc by Salvatore Bonaccorso at 2023-01-23T07:09:43+01:00
Track fixed version for CVE-2023-22742/libgit2
- - - - -
556b8069 by security tracker role at 2023-01-23T08:10:16+00:00
automatic update
- - - - -
84a70ef7 by Emilio Pozuelo Monfort at 2023-01-23T10:56:29+01:00
lts: take openjdk-11
- - - - -
4c023ff2 by Moritz Muehlenhoff at 2023-01-23T11:18:33+01:00
bullseye triage
- - - - -
25c481a3 by Salvatore Bonaccorso at 2023-01-23T11:31:40+01:00
Add CVE-2022-48281/tiff
- - - - -
2d9f5058 by Abhijith PA at 2023-01-23T16:31:27+05:30
Reserve DLA-3279-1 for trafficserver
- - - - -
8700fd3e by Abhijith PA at 2023-01-23T17:31:54+05:30
data/dla-needed.txt: claim nheko
- - - - -
551b9d7e by Salvatore Bonaccorso at 2023-01-23T20:53:47+01:00
Reserve DSA number for linux update
- - - - -
fec92388 by security tracker role at 2023-01-23T20:10:16+00:00
automatic update
- - - - -
7df37c23 by Salvatore Bonaccorso at 2023-01-23T21:48:48+01:00
Process some NFUs
- - - - -
b997c0a1 by Salvatore Bonaccorso at 2023-01-23T22:36:02+01:00
Mark php8.1 as removed from unstable
- - - - -
0ac2d6d5 by Salvatore Bonaccorso at 2023-01-23T22:37:14+01:00
Mark php8.1 as removed from every supported suite
- - - - -
3a4d3d12 by Salvatore Bonaccorso at 2023-01-23T22:43:14+01:00
Process some NFUs
- - - - -
607581e8 by Salvatore Bonaccorso at 2023-01-23T22:43:52+01:00
Process two CVEs for signal-desktop, itp'ed
- - - - -
a375628f by Salvatore Bonaccorso at 2023-01-23T22:44:35+01:00
Add CVE-2023-0435/pyload
- - - - -
947537e7 by Salvatore Bonaccorso at 2023-01-24T08:43:06+01:00
Track fixed version for CVE-2023-24021/modsecurity-apache
- - - - -
f457038e by security tracker role at 2023-01-24T08:10:13+00:00
automatic update
- - - - -
f6bad258 by Salvatore Bonaccorso at 2023-01-24T09:18:13+01:00
Add CVE-2022-3064/golang-yaml.v2
- - - - -
ca6a99c9 by Sébastien Delafond at 2023-01-24T10:28:49+01:00
Reserve DSA-5325-1 for spip
- - - - -
aac46c0f by Moritz Muehlenhoff at 2023-01-24T14:52:24+01:00
bullseye triage
- - - - -
c66e2b50 by Moritz Muehlenhoff at 2023-01-24T15:40:21+01:00
new thunderbird issues
- - - - -
99dafa29 by Salvatore Bonaccorso at 2023-01-24T16:16:01+01:00
Take libhtml-stripscripts-perl from dsa-needed list
- - - - -
fa9fc2ea by Sylvain Beucler at 2023-01-24T16:34:08+01:00
dla: claim git
- - - - -
4a98b8fc by Moritz Muehlenhoff at 2023-01-24T17:21:34+01:00
NFUs
- - - - -
46c2acaf by Moritz Mühlenhoff at 2023-01-24T18:58:14+01:00
nodejs, swift DSAs
- - - - -
a525cdf3 by Moritz Muehlenhoff at 2023-01-24T19:04:44+01:00
new nova issue
- - - - -
0f46252b by Moritz Muehlenhoff at 2023-01-24T19:06:17+01:00
new cinder issue
- - - - -
8a55ff1f by Moritz Muehlenhoff at 2023-01-24T19:08:56+01:00
new glance issue
- - - - -
b0377fa7 by Moritz Muehlenhoff at 2023-01-24T19:48:23+01:00
NFUs
- - - - -
79339b45 by Salvatore Bonaccorso at 2023-01-24T20:37:30+01:00
Track fixed version via unstable for CVE-2023-24038
- - - - -
c4d03aa0 by security tracker role at 2023-01-24T20:10:22+00:00
automatic update
- - - - -
e4b42c02 by Salvatore Bonaccorso at 2023-01-24T21:18:06+01:00
Add reference for CVE-2022-47655
- - - - -
09450578 by Salvatore Bonaccorso at 2023-01-24T21:20:07+01:00
Drop notes for CVE-2022-3522, was REJECTED (withdrawn by CNA as no security issue)
- - - - -
7423099e by Salvatore Bonaccorso at 2023-01-24T21:29:59+01:00
Remove notes from CVE-2022-2220
Got rejected by the assigning CNA as further investigation showed that
htere is no security-issue.
- - - - -
13f7093d by Salvatore Bonaccorso at 2023-01-24T21:35:44+01:00
Process some NFUs
- - - - -
6040349f by Salvatore Bonaccorso at 2023-01-24T22:00:30+01:00
Add temporary entry for spip issues (no CVEs)
- - - - -
5c353f4b by Salvatore Bonaccorso at 2023-01-24T22:03:10+01:00
Track fixed version for thunderbird via unstable for mfsa2023-03
- - - - -
6aa49dce by Salvatore Bonaccorso at 2023-01-24T22:08:29+01:00
Remove doubled references for CVE-2022-47951
- - - - -
0b157ca9 by Tobias Frost at 2023-01-24T23:00:49+01:00
Reverse DLA-3280-1 for libde265.
- - - - -
24a110dd by Utkarsh Gupta at 2023-01-25T07:46:44+05:30
Reserve DLA-3281-1 for swift
- - - - -
4a16069d by Anton Gladky at 2023-01-25T06:24:14+01:00
Add fix link to the libhtml-stripscripts-perl
- - - - -
ffc35fcd by Anton Gladky at 2023-01-25T06:28:55+01:00
LTS: add libhtml-stripscripts-perl to dla-needed.txt
- - - - -
6c96ab38 by Anton Gladky at 2023-01-25T06:39:18+01:00
LTS: add golang-yaml.v2 to dla-needed.txt
- - - - -
f5bd72e6 by Anton Gladky at 2023-01-25T06:45:04+01:00
LTS: add sofia-sip to dla-needed.txt
- - - - -
2b4fd940 by Salvatore Bonaccorso at 2023-01-25T06:52:52+01:00
Track fixed version for mysql-8.0 issues via unstable
- - - - -
a27adda2 by Salvatore Bonaccorso at 2023-01-25T06:53:58+01:00
Track fixed version for three redmine CVEs fixed via unstable
- - - - -
6c4cc4c6 by Salvatore Bonaccorso at 2023-01-25T06:55:11+01:00
Track fixed version for three ruby-git CVEs fixed via unstable
- - - - -
5fd8c78a by Salvatore Bonaccorso at 2023-01-25T07:04:03+01:00
Add new chromium issues
- - - - -
7d040707 by Tobias Frost at 2023-01-25T07:30:46+01:00
CVE-2020-21594 was fixed in 1.0.3-1+deb10u1.
- - - - -
c1fbfc21 by Salvatore Bonaccorso at 2023-01-25T07:42:42+01:00
Remove unneeded postponed entry for CVE-2020-21594 in bullseye
Fixes: 41b126b29913 ("Update information for CVE-2020-21594")
- - - - -
42af576a by Salvatore Bonaccorso at 2023-01-25T07:43:41+01:00
Add chromium to dsa-needed list
- - - - -
47886128 by Salvatore Bonaccorso at 2023-01-25T07:48:26+01:00
Add CVE-2023-0469/linux
- - - - -
543dd283 by Salvatore Bonaccorso at 2023-01-25T07:54:35+01:00
Add CVE-2023-0468/linux
- - - - -
d8805848 by Salvatore Bonaccorso at 2023-01-25T07:58:25+01:00
Add CVE-2022-47016/tmux
- - - - -
f5ccb5ef by Tobias Frost at 2023-01-25T08:02:54+01:00
more updates of fixed CVEs in libde265
- - - - -
502a7e8f by Salvatore Bonaccorso at 2023-01-25T08:05:20+01:00
Add CVE-2022-4254/sssd
- - - - -
252c6414 by Tobias Frost at 2023-01-25T08:59:41+01:00
Revert "more updates of fixed CVEs in libde265"
This reverts commit f5ccb5ef5b6175f466ba53e1556a9dafda7cd7d0.
- - - - -
890f5de0 by security tracker role at 2023-01-25T08:10:28+00:00
automatic update
- - - - -
c278a846 by Tobias Frost at 2023-01-25T10:06:38+01:00
Amend DLA-3240-1 with CVE's that have been fixed with this upload already, remove buster references in the CVE list.
- - - - -
8083ef79 by Salvatore Bonaccorso at 2023-01-25T10:29:34+01:00
Process NFUs
- - - - -
df378eb6 by Utkarsh Gupta at 2023-01-25T16:08:06+05:30
Take libhtml-stripscripts-perl
- - - - -
3a4f7345 by Moritz Muehlenhoff at 2023-01-25T12:41:49+01:00
freedroidrpg
- - - - -
72b59d6d by Moritz Muehlenhoff at 2023-01-25T13:56:50+01:00
virtualbox fixed in sid
- - - - -
ab011c77 by Adrian Bunk at 2023-01-25T15:58:17+02:00
DLA: Take several packages
(Too) many (mostly small) packages I am taking after an initial
triage round that look doable for me for working my January hours
before Monday (perhaps with 1-3 leftover packages for February).
- - - - -
c8c45956 by Moritz Muehlenhoff at 2023-01-25T16:28:35+01:00
sgt-puzzles fixed in sid
- - - - -
ba44d12b by Moritz Muehlenhoff at 2023-01-25T20:15:37+01:00
chromium fixed in sid
- - - - -
a9d1dede by Moritz Muehlenhoff at 2023-01-25T20:29:23+01:00
new bind issues
- - - - -
137863a0 by Moritz Muehlenhoff at 2023-01-25T20:31:42+01:00
new xen issue
- - - - -
eb13e725 by Salvatore Bonaccorso at 2023-01-25T20:55:00+01:00
Track fixed version for bind9 issues via unstable
- - - - -
e3f5a46d by security tracker role at 2023-01-25T20:10:27+00:00
automatic update
- - - - -
dc5dc6bc by Salvatore Bonaccorso at 2023-01-25T21:11:02+01:00
Add additional reference for CVE-2020-1493{8,9}/freedroidrpg
- - - - -
58e5b611 by Salvatore Bonaccorso at 2023-01-25T21:15:02+01:00
Process some NFUs
- - - - -
740a6a98 by Salvatore Bonaccorso at 2023-01-25T21:34:28+01:00
Track propsed libxpm update via bullseye-pu
- - - - -
868d62e7 by Salvatore Bonaccorso at 2023-01-25T21:53:54+01:00
Add Debian bug reference for CVE-2022-48281/tiff
- - - - -
249d031a by Salvatore Bonaccorso at 2023-01-25T21:55:21+01:00
Add bind9 to dsa-needed list
- - - - -
0e06eda5 by Salvatore Bonaccorso at 2023-01-25T21:58:33+01:00
Add Debian bug reference for CVE-2023-22741/sofia-sip
- - - - -
ce7e10d8 by Anton Gladky at 2023-01-26T06:25:25+01:00
LTS: add tiff to dla-needed.txt
- - - - -
9247fe01 by Anton Gladky at 2023-01-26T06:28:22+01:00
LTS: add bind9 to dla-needed.txt
- - - - -
a3f38955 by Anton Gladky at 2023-01-26T06:30:36+01:00
LTS: add libgit2 to dla-needed.txt
- - - - -
8920c8cc by Salvatore Bonaccorso at 2023-01-26T07:49:30+01:00
Process two NFUs
- - - - -
9dac6589 by Salvatore Bonaccorso at 2023-01-26T08:11:13+01:00
Process some NFUs
- - - - -
9c24c040 by Salvatore Bonaccorso at 2023-01-26T08:30:49+01:00
Process some NFUs
- - - - -
929fad66 by Salvatore Bonaccorso at 2023-01-26T08:35:49+01:00
CVEs for wireshark assigned
- - - - -
446d2322 by Salvatore Bonaccorso at 2023-01-26T08:38:42+01:00
Track fixed version for two git CVEs addressed via unstable
- - - - -
91be6031 by Salvatore Bonaccorso at 2023-01-26T08:40:17+01:00
Add fixed version via unstable for CVE-2022-48281/tiff
- - - - -
628f8ebd by security tracker role at 2023-01-26T08:10:21+00:00
automatic update
- - - - -
c3da90e6 by Moritz Muehlenhoff at 2023-01-26T11:13:56+01:00
NFUs
- - - - -
16b5dc5b by Emilio Pozuelo Monfort at 2023-01-26T11:17:13+01:00
lts: take bind9
- - - - -
6c66a1ef by Utkarsh Gupta at 2023-01-26T16:09:23+05:30
Take tiff
- - - - -
c8516a5c by Moritz Muehlenhoff at 2023-01-26T13:05:59+01:00
bullseye triage
- - - - -
ab664c02 by Adrian Bunk at 2023-01-26T14:09:47+02:00
LTS: give back several packages to get down to 3
- - - - -
bef52eab by Moritz Muehlenhoff at 2023-01-26T13:33:44+01:00
openjdk-21 fixed in sid
- - - - -
df1cfef0 by Moritz Muehlenhoff at 2023-01-26T13:34:57+01:00
openjdk-11 fixed in sid
- - - - -
353e0aef by Moritz Muehlenhoff at 2023-01-26T13:36:39+01:00
openjdk-17 fixed in sid
- - - - -
165f46a8 by Sylvain Beucler at 2023-01-26T13:42:42+01:00
Reserve DLA-3282-1 for git
- - - - -
6a8d3ae6 by Roberto C. Sánchez at 2023-01-26T08:14:13-05:00
LTS: reclaim curl ange imagemagick; update notes
- - - - -
334b17bc by Sylvain Beucler at 2023-01-26T14:36:07+01:00
dla: claim runc
- - - - -
61e5e969 by Moritz Muehlenhoff at 2023-01-26T15:07:26+01:00
motif embeds libxpm
- - - - -
dade5e0b by Tobias Frost at 2023-01-26T16:34:35+01:00
LTS: release claim on ring in dla-needed.txt
- - - - -
9aae9976 by Salvatore Bonaccorso at 2023-01-26T18:25:39+01:00
Process two NFUs
- - - - -
c60df172 by Salvatore Bonaccorso at 2023-01-26T18:26:07+01:00
Add two new glpi issues
- - - - -
c816d560 by Moritz Mühlenhoff at 2023-01-26T19:24:25+01:00
bind9, chromium DSA
- - - - -
a96eb0b6 by Tobias Frost at 2023-01-26T19:32:10+01:00
Reserve DLA-3283-1 for modsecurity-apache
- - - - -
fac474d6 by Salvatore Bonaccorso at 2023-01-26T20:40:08+01:00
Add some new additional glpi issues
- - - - -
53594702 by Salvatore Bonaccorso at 2023-01-26T20:41:02+01:00
Add CVE-2022-47024/vim
- - - - -
5718e4d0 by Salvatore Bonaccorso at 2023-01-26T20:41:53+01:00
Process some new NFUs
- - - - -
6777a57e by Salvatore Bonaccorso at 2023-01-26T20:44:34+01:00
Add CVE-2022-45748/assimp
- - - - -
81af27b4 by Salvatore Bonaccorso at 2023-01-26T21:02:34+01:00
Expand note for multipath-tools
- - - - -
f1e8a752 by security tracker role at 2023-01-26T20:10:18+00:00
automatic update
- - - - -
8045b398 by Salvatore Bonaccorso at 2023-01-26T21:22:32+01:00
Process some NFUs
- - - - -
40c7f9f8 by Salvatore Bonaccorso at 2023-01-26T21:54:19+01:00
Process some NFUs
- - - - -
523fe4cc by Salvatore Bonaccorso at 2023-01-27T06:19:30+01:00
Add CVE-2022-3488/bind9
- - - - -
f9698ca7 by Salvatore Bonaccorso at 2023-01-27T06:25:43+01:00
Add CVE-2023-0341/editorconfig-core
- - - - -
b4dba77d by security tracker role at 2023-01-27T08:10:23+00:00
automatic update
- - - - -
975dcf7f by Helmut Grohne at 2023-01-27T09:38:00+01:00
dla-needed: sox is unfixable
- - - - -
cdc09a87 by Moritz Muehlenhoff at 2023-01-27T12:34:08+01:00
new rails issues
- - - - -
dcc4f349 by Moritz Muehlenhoff at 2023-01-27T12:48:03+01:00
new ruby-rack issues
- - - - -
65fd2192 by Moritz Muehlenhoff at 2023-01-27T12:49:16+01:00
NFU (concludes external check)
- - - - -
1a340f93 by Guilhem Moulin at 2023-01-27T13:08:13+01:00
Triage CVE-2020-36659 and CVE-2020-36658.
- - - - -
01c0d4f7 by Guilhem Moulin at 2023-01-27T13:08:13+01:00
LTS: claim libapache-session-{browseable,ldap}-perl in dla-needed.txt
These are blocking the complete fix for lemonldap-ng's CVE-2020-16093,
see https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250#note_57084 .
- - - - -
164672ee by Helmut Grohne at 2023-01-27T13:38:48+01:00
dla-needed: claim sox
- - - - -
b13c52e2 by Moritz Muehlenhoff at 2023-01-27T14:40:58+01:00
two R515 specific Nvidia issues and related NFUs
- - - - -
1d2c878b by Moritz Muehlenhoff at 2023-01-27T15:31:06+01:00
papaparse embedded in mediawiki
- - - - -
117261cd by Moritz Mühlenhoff at 2023-01-27T18:22:51+01:00
curl DSA
- - - - -
105b3816 by Salvatore Bonaccorso at 2023-01-27T20:35:46+01:00
Reference upstream commit for CVE-2020-36649
- - - - -
86b94645 by Salvatore Bonaccorso at 2023-01-27T20:44:44+01:00
Add upstream tag information for CVE-2020-36659/libapache-session-browseable-perl
- - - - -
363c2634 by Salvatore Bonaccorso at 2023-01-27T20:49:55+01:00
Update information for CVE-2020-36658
Drop doubled reference and add upstream tag information.
- - - - -
45ef8a37 by Salvatore Bonaccorso at 2023-01-27T20:56:19+01:00
Update information for CVE-2022-4457{0,1,2}
Just pinpointing the respective upstream tags for easier tracking of
fixing versions once uploaded.
- - - - -
8f1d852d by security tracker role at 2023-01-27T20:10:22+00:00
automatic update
- - - - -
d4a80297 by Salvatore Bonaccorso at 2023-01-27T21:21:17+01:00
Update information for CVE-2023-22794/rails
Drop (for now) the not-affected annoatation, as bullseye has
2:6.0.3.7+dfsg-2. The issue should affect all versions after 6.0.0.
- - - - -
cf84fe3b by Salvatore Bonaccorso at 2023-01-27T21:24:07+01:00
Add CVE-2023-22799/ruby-globalid
- - - - -
383ba65b by Salvatore Bonaccorso at 2023-01-27T21:32:56+01:00
Process some NFUs
- - - - -
fd3e7560 by Salvatore Bonaccorso at 2023-01-27T21:37:06+01:00
Sync status for CVE-2023-0468/linux with kernel-sec
- - - - -
c97a87ca by Salvatore Bonaccorso at 2023-01-27T21:52:54+01:00
Process some NFUs
- - - - -
63342e88 by Salvatore Bonaccorso at 2023-01-27T21:55:44+01:00
Add CVE-2023-0512/vim
- - - - -
f512347e by Salvatore Bonaccorso at 2023-01-27T22:03:31+01:00
Add two new CVEs for pyload, itp'ed
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
ae32f5bf by Salvatore Bonaccorso at 2023-01-27T22:23:35+01:00
Track fixed version for CVE-2021-39537/ncurses
- - - - -
0f6ea926 by security tracker role at 2023-01-28T08:10:11+00:00
automatic update
- - - - -
187fb5e0 by Salvatore Bonaccorso at 2023-01-28T09:28:58+01:00
Remove notes from CVE-2023-0047
- - - - -
aa188509 by Salvatore Bonaccorso at 2023-01-28T09:29:44+01:00
Remove notes from CVE-2022-23529 (rejected, not a vulnerability)
- - - - -
9b9b20fc by Salvatore Bonaccorso at 2023-01-28T09:31:06+01:00
Process some NFUs
- - - - -
21f4a94b by Salvatore Bonaccorso at 2023-01-28T09:34:06+01:00
Mark two openimageio issues as fixed with unstable upload
- - - - -
18481ca7 by Salvatore Bonaccorso at 2023-01-28T09:39:40+01:00
Review first batch of CVEs for openimageio
- - - - -
e3104a3f by Salvatore Bonaccorso at 2023-01-28T10:52:54+01:00
Review second batch of openimageio issues, fixed in unstable
- - - - -
b5d5f9b9 by Guilhem Moulin at 2023-01-28T12:52:04+01:00
Reserve DLA-3284-1 for libapache-session-ldap-perl
- - - - -
de9b2475 by Guilhem Moulin at 2023-01-28T12:52:32+01:00
Reserve DLA-3285-1 for libapache-session-browseable-perl
- - - - -
ada99554 by Moritz Muehlenhoff at 2023-01-28T13:15:35+01:00
bullseye triage
- - - - -
6baf8cf9 by Salvatore Bonaccorso at 2023-01-28T13:33:49+01:00
Process some NFUs
- - - - -
5b5eaab6 by Salvatore Bonaccorso at 2023-01-28T13:55:49+01:00
Reference list posts for CVE-2022-3770{4,5}/amanda
- - - - -
56e18d77 by Salvatore Bonaccorso at 2023-01-28T14:04:50+01:00
Add Debian bug reference for CVE-2022-42330/xen
- - - - -
0005d98c by Salvatore Bonaccorso at 2023-01-28T14:05:45+01:00
Add Debian bug reference for CVE-2022-3770{4,5}/amanda
- - - - -
07c2ce0e by Thorsten Alteholz at 2023-01-28T14:09:31+01:00
Reserve DLA-3286-1 for tor
- - - - -
c147d87f by Salvatore Bonaccorso at 2023-01-28T14:16:00+01:00
add Debian bug references for ruby-rack issues
- - - - -
6ecaa7e5 by Salvatore Bonaccorso at 2023-01-28T14:20:07+01:00
Add Debian bug reference for CVE-2022-45748
- - - - -
f8a0a715 by Guilhem Moulin at 2023-01-28T16:19:23+01:00
Reserve DLA-3287-1 for lemonldap-ng
- - - - -
623636a2 by Guilhem Moulin at 2023-01-28T17:00:26+01:00
LTS: claim dojo in dla-needed.txt
- - - - -
c21a3131 by Moritz Mühlenhoff at 2023-01-28T18:32:29+01:00
openjdk-11 DSA
- - - - -
d51e9502 by security tracker role at 2023-01-28T20:10:18+00:00
automatic update
- - - - -
e6a2479b by Salvatore Bonaccorso at 2023-01-28T21:16:08+01:00
Process two NFUs
- - - - -
dc2dce93 by Salvatore Bonaccorso at 2023-01-28T21:39:33+01:00
Add Debian bug reference for CVE-2023-22799/ruby-globalid
- - - - -
4bd5c236 by Roberto C. Sánchez at 2023-01-28T15:58:03-05:00
LTS: remove <postponed> tag from CVE-2022-27774, which has been fixed
- - - - -
317c1f24 by Roberto C. Sánchez at 2023-01-28T16:07:54-05:00
Reserve DLA-3288-1 for curl
- - - - -
2b181cd3 by Guilhem Moulin at 2023-01-28T22:57:33+01:00
Reserve DLA-3289-1 for dojo
- - - - -
f2247301 by Thorsten Alteholz at 2023-01-29T01:11:50+01:00
Reserve DLA-3290-1 for libzen
- - - - -
7a81e0fb by Aron Xu at 2023-01-29T15:00:36+08:00
Reserve DSA-5332-1 for git
- - - - -
d53c7a9f by Aron Xu at 2023-01-29T15:07:04+08:00
Reserve DSA-5333-1 for tiff
- - - - -
c8b7cd73 by security tracker role at 2023-01-29T08:10:14+00:00
automatic update
- - - - -
21180ba7 by Salvatore Bonaccorso at 2023-01-29T09:28:01+01:00
Add CVE-2023-0564/froxlor
- - - - -
bdef1465 by Salvatore Bonaccorso at 2023-01-29T09:47:06+01:00
Process some NFUs
- - - - -
841100ea by Guilhem Moulin at 2023-01-29T12:02:33+01:00
LTS: claim node-object-path in dla-needed.txt
- - - - -
72166d1c by Salvatore Bonaccorso at 2023-01-29T13:36:51+01:00
Track source wise fix for CVE-2022-4842/linux via unstable
- - - - -
f7db63d1 by Aron Xu at 2023-01-29T21:20:57+08:00
add tiff to dsa-needed.txt and claim it
There are three more open CVEs to be addressed which is not covered by
previous release
- - - - -
9f4b39a3 by Lee Garrett at 2023-01-29T16:53:03+01:00
LTS: Claim apache2 and asterisk
- - - - -
86672ee3 by Guilhem Moulin at 2023-01-29T17:05:53+01:00
Reserve DLA-3291-1 for node-object-path
- - - - -
c570f946 by Anton Gladky at 2023-01-29T18:23:14+01:00
LTS: take libgit2
- - - - -
2d135f18 by Anton Gladky at 2023-01-29T18:23:41+01:00
LTS: take man2html
- - - - -
4a75521a by Anton Gladky at 2023-01-29T20:51:06+01:00
LTS: add ruby-rack to dla-needed.txt
- - - - -
b7512050 by Anton Gladky at 2023-01-29T20:55:40+01:00
LTS: add tmux to dla-needed.txt
- - - - -
54f9a02f by Salvatore Bonaccorso at 2023-01-29T21:02:40+01:00
Track fixed version for CVE-2022-24839/nekohtml via unstable
- - - - -
ec623ecd by Salvatore Bonaccorso at 2023-01-29T21:03:51+01:00
Track fixed version for openjdk-8 issues fixed via unstable
- - - - -
379af556 by Salvatore Bonaccorso at 2023-01-29T21:05:02+01:00
Add CVE-2022-45907/pytorch fixed version via unstable
- - - - -
a1c82bbe by security tracker role at 2023-01-29T20:10:21+00:00
automatic update
- - - - -
ad80502d by Utkarsh Gupta at 2023-01-30T01:40:47+05:30
Take ruby-rack and tmux
- - - - -
76afcd4f by Salvatore Bonaccorso at 2023-01-29T21:18:47+01:00
Process some NFUs
- - - - -
ae9e78e7 by Adrian Bunk at 2023-01-29T23:00:41+02:00
Reserve DLA-3292-1 for sofia-sip
- - - - -
abf8ef50 by Adrian Bunk at 2023-01-29T23:01:24+02:00
DLA: take fig2dev
- - - - -
0e78894d by Salvatore Bonaccorso at 2023-01-29T22:05:44+01:00
Reserve DSA number for varnish update
- - - - -
95472c99 by Anton Gladky at 2023-01-30T06:50:17+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
ac91a2e0 by Tobias Frost at 2023-01-30T07:47:46+01:00
Reclaim modsecurity-crs
- - - - -
538b1dd0 by Salvatore Bonaccorso at 2023-01-30T08:16:49+01:00
Add two CVEs for limesurvey, itp'ed
- - - - -
c4e14364 by Salvatore Bonaccorso at 2023-01-30T08:16:50+01:00
Add CVE-2022-48007/piwigo
- - - - -
75ee869b by security tracker role at 2023-01-30T08:10:16+00:00
automatic update
- - - - -
d0756d7b by Moritz Muehlenhoff at 2023-01-30T09:34:11+01:00
also track nvidia-open-gpu-kernel-modules for recent Nvidia issues
- - - - -
145fb8f5 by Guilhem Moulin at 2023-01-30T11:33:45+01:00
dla-needed.txt: Add note for node-css-what.
- - - - -
11ade977 by Moritz Mühlenhoff at 2023-01-30T11:55:30+01:00
bullseye triage
- - - - -
0250004d by Guilhem Moulin at 2023-01-30T12:05:26+01:00
LTS: claim node-qs in dla-needed.txt
- - - - -
d137ffdb by Guilhem Moulin at 2023-01-30T12:05:31+01:00
LTS: claim node-url-parse in dla-needed.txt
- - - - -
9e5dd925 by Moritz Muehlenhoff at 2023-01-30T13:14:37+01:00
bullseye triage
- - - - -
e7e07a25 by Moritz Muehlenhoff at 2023-01-30T13:17:55+01:00
drop RUSTSEC-2023-0002 (retracted, possibly because it's for a new security feature, not vulnerability)
- - - - -
1021ab02 by Moritz Muehlenhoff at 2023-01-30T14:35:08+01:00
NFUs
- - - - -
37eb5ed5 by Moritz Muehlenhoff at 2023-01-30T14:37:24+01:00
tar non issue
- - - - -
e5eea4e8 by Moritz Muehlenhoff at 2023-01-30T15:34:46+01:00
new node-jszip issue
- - - - -
9b662276 by Moritz Muehlenhoff at 2023-01-30T15:46:14+01:00
NFUs
- - - - -
f4264848 by Moritz Muehlenhoff at 2023-01-30T15:48:39+01:00
two gitlab n/a
- - - - -
0ca94b5d by Moritz Muehlenhoff at 2023-01-30T16:09:12+01:00
new ruby-sanitize issue
- - - - -
1deaedf7 by Moritz Muehlenhoff at 2023-01-30T16:13:28+01:00
new pgpool2 issue
- - - - -
44790b81 by Guilhem Moulin at 2023-01-30T16:28:20+01:00
node-qs: Add note for CVE-2022-24999.
- - - - -
cbb2edf8 by Moritz Muehlenhoff at 2023-01-30T16:30:44+01:00
new opusfile issue
- - - - -
bd41bcf8 by Moritz Muehlenhoff at 2023-01-30T16:44:58+01:00
twisted fixed in sid
- - - - -
6d8a2ee0 by Moritz Muehlenhoff at 2023-01-30T16:50:29+01:00
NFU
- - - - -
82b1acf7 by Moritz Muehlenhoff at 2023-01-30T16:54:38+01:00
NFU
- - - - -
c6207ecd by Salvatore Bonaccorso at 2023-01-30T18:06:24+01:00
Add upstream tag information for CVE-2022-48285
- - - - -
32943e9b by Salvatore Bonaccorso at 2023-01-30T18:08:43+01:00
Add upstream commit reference for CVE-2023-23627/ruby-sanitize
- - - - -
f27ad5bf by Moritz Mühlenhoff at 2023-01-30T18:21:29+01:00
libzen spu
- - - - -
808b9e9b by Chris Lamb at 2023-01-30T09:48:29-08:00
data/dla-needed.txt: Triage cinder, glance and nova for buster LTS (CVE-2022-47951)
- - - - -
d531f8c9 by Chris Lamb at 2023-01-30T09:50:19-08:00
Triage CVE-2022-37705 in amanda for buster LTS.
- - - - -
6e6d7b5b by Moritz Mühlenhoff at 2023-01-30T19:02:12+01:00
bugnums
- - - - -
0e85f946 by Chris Lamb at 2023-01-30T10:14:41-08:00
data/dla-needed.txt: Triage redis for buster LTS (CVE-2022-35977)
- - - - -
a64db5a0 by Chris Lamb at 2023-01-30T10:14:47-08:00
data/dla-needed.txt: Claim redis.
- - - - -
709f5572 by Tobias Frost at 2023-01-30T19:15:37+01:00
Reserve DLA-3293-1 for modsecurity-crs
- - - - -
172027fc by Thorsten Alteholz at 2023-01-30T19:39:21+01:00
Reserve DLA-3294-1 for libarchive
- - - - -
de321af1 by Anton Gladky at 2023-01-30T19:54:25+01:00
Change VCS for libgit2
- - - - -
c0eaa50f by Salvatore Bonaccorso at 2023-01-30T20:41:23+01:00
Restore fixing information for CVE-2021-35368
- - - - -
9229fd15 by security tracker role at 2023-01-30T20:10:19+00:00
automatic update
- - - - -
dd6b0921 by Salvatore Bonaccorso at 2023-01-30T21:21:18+01:00
Process one NFU
- - - - -
ff9a66bf by Anton Gladky at 2023-01-30T21:30:39+01:00
Add Meta-Information to some newly added packages
- - - - -
26324005 by Salvatore Bonaccorso at 2023-01-30T21:42:57+01:00
Add CVE-2023-0240/linux
- - - - -
4abda771 by Utkarsh Gupta at 2023-01-31T02:54:50+05:30
Reserve DLA-3295-1 for node-moment
- - - - -
72ce3811 by Utkarsh Gupta at 2023-01-31T03:01:20+05:30
Reserve DLA-3296-1 for libhtml-stripscripts-perl
- - - - -
b87f2096 by Utkarsh Gupta at 2023-01-31T03:07:20+05:30
Reserve DLA-3297-1 for tiff
- - - - -
66debdde by Utkarsh Gupta at 2023-01-31T03:20:06+05:30
Reserve DLA-3298-1 for ruby-rack
- - - - -
4119f7e0 by Guilhem Moulin at 2023-01-30T22:56:02+01:00
Reserve DLA-3299-1 for node-qs
- - - - -
a16875cc by Utkarsh Gupta at 2023-01-31T03:30:00+05:30
Reserve DLA-3300-1 for glance
- - - - -
29b2cbb1 by Utkarsh Gupta at 2023-01-31T03:36:29+05:30
Reserve DLA-3301-1 for cinder
- - - - -
0fd32e1c by Utkarsh Gupta at 2023-01-31T03:37:31+05:30
Reserve DLA-3302-1 for nova
- - - - -
be53887b by Utkarsh Gupta at 2023-01-31T03:50:15+05:30
Reserve DLA-3303-1 for ruby-git
- - - - -
305e3012 by Utkarsh Gupta at 2023-01-31T06:07:26+05:30
Take ruby-sidekiq and libapache2-mod-auth-mellon
- - - - -
0da904c6 by Utkarsh Gupta at 2023-01-31T06:20:40+05:30
Add a note for rails
- - - - -
83ff8ab0 by Salvatore Bonaccorso at 2023-01-31T08:31:55+01:00
Add CVE-2023-2392{1,2,3}/moodle
- - - - -
b62e5b62 by Salvatore Bonaccorso at 2023-01-31T08:47:21+01:00
Add CVE-2022-23552 and CVE-2022-39324 for grafana
- - - - -
13a6dea4 by Salvatore Bonaccorso at 2023-01-31T09:05:26+01:00
Add CVE-2023-2248{3,4,5,6}/cmark-gfm
- - - - -
14a1bfef by security tracker role at 2023-01-31T08:10:17+00:00
automatic update
- - - - -
78c190e9 by Salvatore Bonaccorso at 2023-01-31T09:14:24+01:00
Associate CVE-2022-4510 with binwalk
- - - - -
1b98a43d by Salvatore Bonaccorso at 2023-01-31T09:18:38+01:00
Process some NFUs
- - - - -
d3de918d by Moritz Muehlenhoff at 2023-01-31T09:29:49+01:00
NFUs
- - - - -
bf84451f by Chris Lamb at 2023-01-31T08:32:34-08:00
Triage CVE-2022-45748 in assimp for buster LTS.
- - - - -
65ea5a6d by Chris Lamb at 2023-01-31T08:33:04-08:00
Triage CVE-2022-48285 in node-jszip for buster LTS.
- - - - -
0b032dad by Chris Lamb at 2023-01-31T08:33:23-08:00
Triage CVE-2023-24056 in pkgconf for buster LTS.
- - - - -
e12b04c1 by Chris Lamb at 2023-01-31T08:35:02-08:00
data/dla-needed.txt: Triage sssd for buster LTS (CVE-2022-4254)
- - - - -
abe634e0 by Adrian Bunk at 2023-01-31T19:24:35+02:00
The code affected by CVE-2021-37530 was not present before bullseye
- - - - -
12b86abf by Emilio Pozuelo Monfort at 2023-01-31T18:32:38+01:00
Triage bind9 issues for buster
- - - - -
ab3bfc39 by Adrian Bunk at 2023-01-31T19:48:34+02:00
CVE-2021-37529 was introduced in 3.2.8 in the same commit as CVE-2021-37530
- - - - -
d2c787fd by Salvatore Bonaccorso at 2023-01-31T19:20:00+01:00
Add CVE-2022-3560/pesign
- - - - -
ab5e76a5 by Adrian Bunk at 2023-01-31T20:43:01+02:00
Remove no-dsa for buster for CVEs fixed in the DLA
- - - - -
5a1a9751 by Adrian Bunk at 2023-01-31T20:43:59+02:00
Reserve DLA-3304-1 for fig2dev
- - - - -
c97dcb28 by Salvatore Bonaccorso at 2023-01-31T21:07:04+01:00
Add Debian bug reference for CVE-2022-3560/pesign
- - - - -
cc002078 by security tracker role at 2023-01-31T20:10:24+00:00
automatic update
- - - - -
8b85c246 by Salvatore Bonaccorso at 2023-01-31T22:07:31+01:00
Add CVE-2022-28331/apr
- - - - -
57882a37 by Salvatore Bonaccorso at 2023-01-31T22:10:15+01:00
Add CVE-2022-25147/apr
- - - - -
c98fb5ed by Salvatore Bonaccorso at 2023-01-31T22:11:17+01:00
Add CVE-2022-24963/apr
- - - - -
213c152e by Salvatore Bonaccorso at 2023-01-31T22:33:21+01:00
Process some NFUs
- - - - -
b0e3f13f by Salvatore Bonaccorso at 2023-01-31T22:35:38+01:00
Add CVE-2022-47854/i-librarian, itp'ed
- - - - -
ab739933 by Adrian Bunk at 2023-01-31T23:56:41+02:00
CVE-2019-15058/CVE-2019-20056: Add notes about possible regression in upstream issue
- - - - -
ab24b059 by Adrian Bunk at 2023-01-31T23:56:58+02:00
CVE-2021-37789: Link to commit that fixed it
- - - - -
2757676f by Adrian Bunk at 2023-01-31T23:48:29+02:00
CVE-2021-42716 does not affect buster or bullseye
- - - - -
57d0c7cb by Adrian Bunk at 2023-01-31T23:51:40+02:00
Reserve DLA-3305-1 for libstb
- - - - -
f56c99fd by Salvatore Bonaccorso at 2023-02-01T07:46:11+01:00
Add CVE-2023-0590/linux
- - - - -
e66ab70c by Salvatore Bonaccorso at 2023-02-01T07:56:12+01:00
Correct tracking for CVE-2019-13990/libquartz-java
- - - - -
0b64ece5 by security tracker role at 2023-02-01T08:10:16+00:00
automatic update
- - - - -
f2c27106 by Petter Reinholdtsen at 2023-02-01T09:12:12+01:00
Added two references for the CVE-2013-2238 issue in freeswitch.
- - - - -
a13e905a by Henri Salo at 2023-02-01T10:13:41+02:00
NFU
- - - - -
a7a0cead by Salvatore Bonaccorso at 2023-02-01T09:21:27+01:00
Process two NFUs
- - - - -
93b93c5b by Petter Reinholdtsen at 2023-02-01T09:24:26+01:00
Documented a few fixed CVEs in vorbis-tools for Wheezy.
- - - - -
ac2e0fd3 by Emilio Pozuelo Monfort at 2023-02-01T09:34:06+01:00
Revert "Documented a few fixed CVEs in vorbis-tools for Wheezy."
It's already marked as fixed in DLA-1010-1, so there's no need
to reference it in CVE/list again. Besides, the syntax is wrong
and breaks the tracker.
This reverts commit 93b93c5b6bb15ba3ab002b9c5d36c17807b5571d.
- - - - -
503fcb1e by Salvatore Bonaccorso at 2023-02-01T09:36:56+01:00
Update information for CVE-2022-25147 and CVE-2022-24963
Thanks: Stefan Fritsch
- - - - -
a99c4c2e by Salvatore Bonaccorso at 2023-02-01T09:51:11+01:00
Update information for CVE-2022-4382/linux
- - - - -
891c57d1 by Henri Salo at 2023-02-01T12:44:45+02:00
NFU
- - - - -
6bab85f5 by Salvatore Bonaccorso at 2023-02-01T16:06:55+01:00
Add CVE-2023-23969/python-django
- - - - -
b47c6145 by Chris Lamb at 2023-02-01T07:58:06-08:00
Add bug for python-django/CVE-2023-23969
- - - - -
f88b5e4e by Chris Lamb at 2023-02-01T07:59:25-08:00
data/dla-needed.txt: Triage python-django for buster LTS (CVE-2023-23969)
- - - - -
6bd28ff8 by Chris Lamb at 2023-02-01T07:59:32-08:00
data/dla-needed.txt: Claim python-django.
- - - - -
05ecf8ae by Chris Lamb at 2023-02-01T08:05:23-08:00
Triage CVE-2023-0341 in editorconfig-core for buster LTS.
- - - - -
0433f650 by Chris Lamb at 2023-02-01T08:05:45-08:00
Triage CVE-2022-40152 in libwoodstox-java for buster LTS.
- - - - -
8df4ca80 by Chris Lamb at 2023-02-01T08:06:12-08:00
Triage CVE-2022-47021 in opusfile for buster LTS.
- - - - -
5bc2df27 by Chris Lamb at 2023-02-01T08:06:32-08:00
Triage CVE-2023-22745 in tpm2-tss for buster LTS.
- - - - -
729057f5 by Moritz Muehlenhoff at 2023-02-01T17:29:17+01:00
NFus
- - - - -
c02f4e47 by Moritz Muehlenhoff at 2023-02-01T17:55:08+01:00
Django fixed in sid
- - - - -
0df1bef5 by Salvatore Bonaccorso at 2023-02-01T18:09:02+01:00
Mark CVE-2019-13990 as no-dsa for bullseye
- - - - -
a4aaac69 by Salvatore Bonaccorso at 2023-02-01T18:12:42+01:00
Add additional reference for CVE-2022-3560/pesign
- - - - -
ddfadbc4 by Moritz Mühlenhoff at 2023-02-01T19:23:47+01:00
openjdk-17,cinder,nova,glance DSAs
- - - - -
6c354e79 by Chris Lamb at 2023-02-01T10:42:58-08:00
Reserve DLA-3306-1 for python-django
- - - - -
696a7296 by Chris Lamb at 2023-02-01T11:27:55-08:00
Mark a series of redis vulnerabilities as 'ignored'; they all require an elevated (and possibly raw TCP-) level of access.
- - - - -
81ed9068 by Chris Lamb at 2023-02-01T11:32:03-08:00
Remove redis.git reference; canonical repo is https://salsa.debian.org/lamby/pkg-redis.
- - - - -
ef0d90ee by Chris Lamb at 2023-02-01T11:34:06-08:00
Triage CVE-2022-35977 in redis for buster LTS.
- - - - -
95b09bc6 by security tracker role at 2023-02-01T20:10:20+00:00
automatic update
- - - - -
7a6927d5 by Salvatore Bonaccorso at 2023-02-01T21:20:35+01:00
Mark CVE-2022-47016 as unimportant
- - - - -
afd383c3 by Chris Lamb at 2023-02-01T12:24:23-08:00
Mark a series of src:redis CVEs as ignored in both buster and stretch to match bullseye.
- - - - -
c3efad38 by Salvatore Bonaccorso at 2023-02-02T07:44:42+01:00
Add CVE-2023-0615/linux
- - - - -
3d7a94e3 by Salvatore Bonaccorso at 2023-02-02T07:48:52+01:00
Add CVE-2023-0597/linux
- - - - -
c4c2183a by security tracker role at 2023-02-02T08:10:19+00:00
automatic update
- - - - -
bda75c8f by Salvatore Bonaccorso at 2023-02-02T09:31:31+01:00
Add CVE-2023-25012/linux
- - - - -
f7403df6 by Emilio Pozuelo Monfort at 2023-02-02T11:03:07+01:00
lts: triage CVE-2022-4055/xdg-utils as no-dsa for buster
- - - - -
90a25342 by Salvatore Bonaccorso at 2023-02-02T14:32:47+01:00
Process some more NFUs
- - - - -
0923316e by Salvatore Bonaccorso at 2023-02-02T16:46:31+01:00
Add new issue in openssh
- - - - -
fd71637a by Salvatore Bonaccorso at 2023-02-02T16:48:58+01:00
Reference introducing commit for openssh issue
- - - - -
184a4c43 by Salvatore Bonaccorso at 2023-02-02T16:51:36+01:00
Add information for CVE-2023-23924
- - - - -
c7894b9f by Moritz Muehlenhoff at 2023-02-02T17:27:17+01:00
new symfony issues
- - - - -
d6e7b381 by Moritz Muehlenhoff at 2023-02-02T17:41:30+01:00
NFUs
- - - - -
4edf3256 by Alberto Garcia at 2023-02-02T18:05:32+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0001
- - - - -
e61edf5c by Chris Lamb at 2023-02-02T09:18:19-08:00
data/dla-needed.txt: Triage trafficserver for buster LTS (CVE-2022-31779, CVE-2022-32749 & CVE-2022-37392)
- - - - -
0e77da58 by security tracker role at 2023-02-02T20:10:27+00:00
automatic update
- - - - -
45f6d019 by Salvatore Bonaccorso at 2023-02-02T21:22:39+01:00
Process one NFU
- - - - -
108028de by Salvatore Bonaccorso at 2023-02-02T21:39:35+01:00
Process some NFUs
- - - - -
935d50d7 by Stefan Fritsch at 2023-02-03T00:01:39+01:00
note apr fix
- - - - -
7f8e69f4 by Henri Salo at 2023-02-03T05:48:54+02:00
CVE-2022-26068/pistache
- - - - -
ac4f4ef7 by Salvatore Bonaccorso at 2023-02-03T05:57:31+01:00
Track fixed version for three libde265 issues fixed via unstable
- - - - -
9053892e by Salvatore Bonaccorso at 2023-02-03T06:08:14+01:00
Update information for CVE-2022-26068/pistache
- - - - -
69adf9ce by security tracker role at 2023-02-03T08:10:13+00:00
automatic update
- - - - -
a94c7861 by Salvatore Bonaccorso at 2023-02-03T13:47:53+01:00
Add Debian bug reference for CVE-2022-3715/bash
- - - - -
7a61c596 by Salvatore Bonaccorso at 2023-02-03T13:48:57+01:00
CVE-2023-25136/openssh assigned
- - - - -
ce5690ad by Salvatore Bonaccorso at 2023-02-03T13:51:44+01:00
Add CVE-2023-25139/glibc
- - - - -
3eb1914b by Sylvain Beucler at 2023-02-03T14:48:29+01:00
CVE-2019-16884/runc: reference patch and mitigations
- - - - -
67d6d19a by Salvatore Bonaccorso at 2023-02-03T19:19:08+01:00
Track fixed version for some sox issues
- - - - -
14b4cde5 by Salvatore Bonaccorso at 2023-02-03T20:51:49+01:00
Add CVE-2023-0045/linux
- - - - -
3f4368e2 by security tracker role at 2023-02-03T20:10:18+00:00
automatic update
- - - - -
bc1453e2 by Chris Lamb at 2023-02-03T12:12:05-08:00
data/dla-needed.txt: Triage webkit2gtk for buster LTS (CVE-2022-42826, CVE-2023-23517 & CVE-2023-23518)
- - - - -
a83f0a31 by Chris Lamb at 2023-02-03T12:21:39-08:00
data/dla-needed.txt: Claim graphite-web.
- - - - -
c269fc50 by Salvatore Bonaccorso at 2023-02-03T21:25:29+01:00
Process some NFUs
- - - - -
e2067769 by Salvatore Bonaccorso at 2023-02-03T21:36:01+01:00
Update information on CVE-2023-25139/glibc
- - - - -
d9256041 by Salvatore Bonaccorso at 2023-02-03T23:01:02+01:00
Track fixed version for CVE-2022-25147/apr-util via unstable
- - - - -
a6841ce1 by security tracker role at 2023-02-04T08:10:12+00:00
automatic update
- - - - -
650f425c by Salvatore Bonaccorso at 2023-02-04T09:36:50+01:00
Track fixed version for two CVEs in php-dompdf
One is actually unlear if the older version are affected:
CVE-2023-23924, which may affect only a specific version. Needs review.
- - - - -
917fef3b by Salvatore Bonaccorso at 2023-02-04T09:59:30+01:00
Reference oss-security post with patches for sox issues
- - - - -
e3109616 by Henri Salo at 2023-02-04T11:07:20+02:00
NFU
- - - - -
cc99c2fc by Salvatore Bonaccorso at 2023-02-04T11:26:51+01:00
lib/debian-releases.mk: Add support for fetching from different archive areas
For suites older than bookworm, fix section to main, contrib and
non-free. Starting in bookworm an additonal archive section
non-free-firmware will be present.
Link: https://bugs.debian.org/1030321
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
f38abb2f by Salvatore Bonaccorso at 2023-02-04T11:26:51+01:00
Makefile: Do not hardcode archive areas to fetch from
Use the list of archive areas depending on the Debian release affected.
Link: https://bugs.debian.org/1030321
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
f63ca333 by Salvatore Bonaccorso at 2023-02-04T11:26:51+01:00
grab-cve-in-fix: Adjust comment to mention non-free-firmware Sources
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
27e0a6e7 by Salvatore Bonaccorso at 2023-02-04T10:50:31+00:00
Merge branch 'non-free-firmware-support' into 'master'
Add support for non-free-firmware archive component
See merge request security-tracker-team/security-tracker!124
- - - - -
b60e165b by Salvatore Bonaccorso at 2023-02-04T12:12:59+01:00
Add CVE-2023-0056/haproxy
- - - - -
acebffef by Salvatore Bonaccorso at 2023-02-04T12:14:44+01:00
Add CVE-2023-0430/thunderbird
- - - - -
7e4a28d4 by Salvatore Bonaccorso at 2023-02-04T12:21:01+01:00
Add CVE-2023-0634/shadow
- - - - -
806c9cac by Salvatore Bonaccorso at 2023-02-04T16:24:17+01:00
Update information for CVE-2023-23924
- - - - -
0b93dd75 by security tracker role at 2023-02-04T20:10:24+00:00
automatic update
- - - - -
3cf5223c by Salvatore Bonaccorso at 2023-02-04T22:04:18+01:00
Add CVE-2023-067{6,7,8}/phpipam, itp'ed
- - - - -
7c7ffc1e by Salvatore Bonaccorso at 2023-02-04T22:05:11+01:00
Process some NFUs
- - - - -
eed9a8c6 by Salvatore Bonaccorso at 2023-02-04T22:06:58+01:00
Add CVE-2023-0671/froxlor, itp'ed
- - - - -
d0a13ca8 by Salvatore Bonaccorso at 2023-02-04T22:54:33+01:00
Track proposed update for modsecurity-apache via bullseye-pu
- - - - -
5835fe4e by Salvatore Bonaccorso at 2023-02-04T23:38:29+01:00
Update information for CVE-2022-2489{4,5}/symfony
- - - - -
04086802 by security tracker role at 2023-02-05T08:10:15+00:00
automatic update
- - - - -
af108567 by Tobias Frost at 2023-02-05T09:13:29+01:00
LTS: claim wireshark in dla-needed.txt
- - - - -
01fe1096 by Helmut Grohne at 2023-02-05T13:35:06+01:00
sox: bump fixed version for previously incomplete fixes
- - - - -
e1c752b9 by Salvatore Bonaccorso at 2023-02-05T13:50:52+01:00
CVE-2023-0045/linux: reference writeup
- - - - -
dbafd762 by Salvatore Bonaccorso at 2023-02-05T13:58:57+01:00
Add two more php-dompdf CVEs from 2.0.0 upstream release
- - - - -
c2435b31 by Tobias Frost at 2023-02-05T14:45:13+01:00
wireshark's CVE-2022-3190 does not affect buster.
- - - - -
e0d79f4b by Salvatore Bonaccorso at 2023-02-05T15:11:48+01:00
Add CVE-2023-25193/harfbuzz
- - - - -
a66c09cd by Salvatore Bonaccorso at 2023-02-05T15:37:15+01:00
Track fixed version for various imagemagick issues
- - - - -
625a8f75 by Salvatore Bonaccorso at 2023-02-05T15:46:01+01:00
Reference upstream tag for CVE-2021-2682{5,6}/godot
- - - - -
fb507625 by Salvatore Bonaccorso at 2023-02-05T15:47:29+01:00
Track fixed version for godot issues via unstable
- - - - -
ff345354 by Salvatore Bonaccorso at 2023-02-05T16:37:30+01:00
Reserve DSA number for libhtml-stripscripts-perl update
- - - - -
bf331bf0 by Tobias Frost at 2023-02-05T16:48:48+01:00
wireshark's CVE-2022-4344 does not affect buster.
- - - - -
5308c1f4 by Tobias Frost at 2023-02-05T16:50:48+01:00
Replace possible fixing commit with one from the wireshark repo.
- - - - -
6898f7f2 by Tobias Frost at 2023-02-05T17:22:43+01:00
Add possible fixes for CVE-2022-4345 (wireshark)
- - - - -
dd293b75 by Salvatore Bonaccorso at 2023-02-05T17:35:41+01:00
Add debian bug reference for CVE-2023-25193/harfbuzz
- - - - -
f17072bd by Anton Gladky at 2023-02-05T20:46:49+01:00
LTS: add missing meta-information
- - - - -
e625081d by Salvatore Bonaccorso at 2023-02-05T20:54:56+01:00
Track fixed version for two mitmproxy issues
- - - - -
b18ebef4 by Salvatore Bonaccorso at 2023-02-05T20:56:14+01:00
Track fixed version for CVE-2022-47021/opusfile via unstable
- - - - -
cd3c7b61 by security tracker role at 2023-02-05T20:10:29+00:00
automatic update
- - - - -
c20c322d by Salvatore Bonaccorso at 2023-02-05T21:17:29+01:00
Process some NFUs
- - - - -
72331571 by Salvatore Bonaccorso at 2023-02-05T21:17:31+01:00
Add CVE-2023-0576/yugabyte-db
- - - - -
a91697ea by Salvatore Bonaccorso at 2023-02-05T21:17:32+01:00
Associate some NFUs to jellyfin, itp'ed
- - - - -
7ac9c6fa by Salvatore Bonaccorso at 2023-02-05T21:17:34+01:00
Add CVE-2023-2363{5,6}/jellyfin
- - - - -
66cc402e by Anton Gladky at 2023-02-06T07:08:35+01:00
LTS: Add VCS information into the packages
- - - - -
642644cf by Anton Gladky at 2023-02-06T07:08:52+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
272931f4 by security tracker role at 2023-02-06T08:10:13+00:00
automatic update
- - - - -
30285ea2 by Moritz Muehlenhoff at 2023-02-06T09:34:03+01:00
ruby-rails-html-sanitizer fixed in sid
- - - - -
93ad7f8c by Moritz Muehlenhoff at 2023-02-06T09:34:48+01:00
puppet-module-puppetlabs-apt fixed in sid
- - - - -
d9ddbc94 by Moritz Muehlenhoff at 2023-02-06T09:36:15+01:00
NFU
- - - - -
f1b5cd3b by Emilio Pozuelo Monfort at 2023-02-06T09:38:03+01:00
lts: take webkit2gtk
- - - - -
725c1659 by Moritz Muehlenhoff at 2023-02-06T12:46:49+01:00
NFU
- - - - -
9c2f6127 by Moritz Muehlenhoff at 2023-02-06T12:47:49+01:00
zabbix fixed in sid
- - - - -
ead49fad by Helmut Grohne at 2023-02-06T13:41:16+01:00
LTS: claim heimdal
- - - - -
daeeb120 by Emilio Pozuelo Monfort at 2023-02-06T15:55:58+01:00
LTS: add spip to dla-needed.txt
- - - - -
05217da4 by Emilio Pozuelo Monfort at 2023-02-06T15:57:55+01:00
Reserve DLA-3307-1 for openjdk-11
- - - - -
8a60123f by Emilio Pozuelo Monfort at 2023-02-06T16:13:06+01:00
lts: CVE-2023-23456/upx-ucl no-dsa on buster
- - - - -
1634dc77 by Alberto Garcia at 2023-02-06T16:32:30+01:00
webkit2gtk DSA-5340-1 and wpewebkit DSA-5341-1
- - - - -
891d9dab by Moritz Muehlenhoff at 2023-02-06T16:53:15+01:00
bullseye triage
- - - - -
d895a354 by Tobias Frost at 2023-02-06T17:23:27+01:00
CVE-2023-0414 (wireshark) is not affecting buster.
- - - - -
00d88108 by Moritz Muehlenhoff at 2023-02-06T17:52:59+01:00
NFUs
- - - - -
38ec7eba by Emilio Pozuelo Monfort at 2023-02-06T20:02:38+01:00
Reserve DLA-3308-1 for webkit2gtk
- - - - -
a37aca57 by Salvatore Bonaccorso at 2023-02-06T21:05:47+01:00
Update information for CVE-2021-23385/flask-security
- - - - -
0a4a6839 by security tracker role at 2023-02-06T20:10:25+00:00
automatic update
- - - - -
c5fc4428 by Salvatore Bonaccorso at 2023-02-06T21:35:47+01:00
Process two NFUs
- - - - -
56ed23ae by Salvatore Bonaccorso at 2023-02-06T21:56:29+01:00
Add CVE-2023-0687/glibc
- - - - -
005711b1 by Salvatore Bonaccorso at 2023-02-06T22:01:26+01:00
Process some NFUs
- - - - -
316b7987 by Salvatore Bonaccorso at 2023-02-06T22:02:06+01:00
Add three new CVEs for zammad: CVE-2022-4802{1,2,3}
- - - - -
c40a689c by Chris Lamb at 2023-02-06T13:05:52-08:00
Reserve DLA-3309-1 for graphite-web
- - - - -
3dcbc257 by Anton Gladky at 2023-02-06T22:15:14+01:00
LTS: Add meta-information
- - - - -
a7c1252c by Salvatore Bonaccorso at 2023-02-06T22:25:38+01:00
Track fixed version for three fava issues fixed via unstable
- - - - -
a81045a9 by Salvatore Bonaccorso at 2023-02-06T22:28:50+01:00
Track fixed version for CVE-2022-42330/xen via unstable
- - - - -
728807db by Moritz Muehlenhoff at 2023-02-06T22:58:48+01:00
add p0 reference
- - - - -
7dfdeffe by Salvatore Bonaccorso at 2023-02-07T06:24:35+01:00
Take haproxy from dsa-needed list
- - - - -
5957612b by Salvatore Bonaccorso at 2023-02-07T06:29:23+01:00
Tentatively take apr-util and apr from dsa-needed list
- - - - -
280d8a2f by Thorsten Alteholz at 2023-02-07T07:02:19+01:00
claim xorg-server
- - - - -
e51b47c1 by Salvatore Bonaccorso at 2023-02-07T07:17:44+01:00
Add CVE-2023-0494/xorg-server
- - - - -
a21e4ab4 by Salvatore Bonaccorso at 2023-02-07T07:55:08+01:00
Add CVE-2023-20938/linux
- - - - -
5d05f77f by Thorsten Alteholz at 2023-02-07T08:19:59+01:00
Reserve DLA-3310-1 for xorg-server
- - - - -
97153541 by Tobias Frost at 2023-02-07T08:38:00+01:00
CVE-2023-0415 (wireshark) is not affecting buster.
- - - - -
5c9b4374 by Salvatore Bonaccorso at 2023-02-07T08:40:58+01:00
Add CVE-2022-23498/grafana
- - - - -
3a219cd6 by Salvatore Bonaccorso at 2023-02-07T08:47:16+01:00
Add CVE-2023-22603/binutils
- - - - -
e6b916e8 by Salvatore Bonaccorso at 2023-02-07T08:53:53+01:00
Add CVE-2023-2260{4,5,6,7,8,9}/binutils
- - - - -
11d16059 by security tracker role at 2023-02-07T08:10:19+00:00
automatic update
- - - - -
80bdf80b by Mathias Behrle at 2023-02-07T09:23:18+01:00
Add embedded code copies for tryton-sao.
- - - - -
1eef5a30 by Salvatore Bonaccorso at 2023-02-07T09:34:27+01:00
Process several NFUs
- - - - -
3c69b247 by Salvatore Bonaccorso at 2023-02-07T09:43:22+01:00
Move NOTE below associated source package
- - - - -
969df240 by Salvatore Bonaccorso at 2023-02-07T08:44:17+00:00
Merge branch 'tryton-sao' into 'master'
Add embedded code copies for tryton-sao.
See merge request security-tracker-team/security-tracker!125
- - - - -
7e4fc302 by Moritz Muehlenhoff at 2023-02-07T10:19:54+01:00
NFUs
- - - - -
b1682292 by Moritz Muehlenhoff at 2023-02-07T11:42:59+01:00
new issues in rust crates
- - - - -
6e971252 by Salvatore Bonaccorso at 2023-02-07T13:03:09+01:00
Add CVE-2022-4426{7,8}/imagemagick
- - - - -
e4e31753 by Emilio Pozuelo Monfort at 2023-02-07T13:19:38+01:00
lts: CVE-2022-24963/apr n/a on buster
- - - - -
1ebecfee by Emilio Pozuelo Monfort at 2023-02-07T13:19:38+01:00
lts: add apr-util
- - - - -
5790e7d1 by Moritz Muehlenhoff at 2023-02-07T13:54:27+01:00
bullseye triage
- - - - -
04f141e6 by Moritz Muehlenhoff at 2023-02-07T13:57:56+01:00
NFUs
- - - - -
3c19c2cc by Salvatore Bonaccorso at 2023-02-07T14:07:30+01:00
Add Debian bug reference for CVE-2023-0494/xorg-server
- - - - -
6eceeeff by Salvatore Bonaccorso at 2023-02-07T14:10:00+01:00
Add CVE-2023-24813/php-dompdf
- - - - -
524520bf by Moritz Muehlenhoff at 2023-02-07T14:16:34+01:00
linux n/a
- - - - -
eaa8cb67 by Moritz Muehlenhoff at 2023-02-07T14:57:22+01:00
xorg-server fixed in sid
- - - - -
cf0e2236 by Moritz Muehlenhoff at 2023-02-07T15:05:54+01:00
also track CVE-2023-0494 for xwayland
- - - - -
abf18fbb by Adrian Bunk at 2023-02-07T16:17:30+02:00
DLA: take apr-util
- - - - -
87be81a9 by Salvatore Bonaccorso at 2023-02-07T16:41:45+01:00
Reserve DSA number for xorg-server update
- - - - -
18d017e4 by Moritz Muehlenhoff at 2023-02-07T17:37:32+01:00
new openssl issues
- - - - -
d23d989c by Emilio Pozuelo Monfort at 2023-02-07T17:57:46+01:00
lts: add haproxy
- - - - -
04ee836e by Salvatore Bonaccorso at 2023-02-07T18:20:45+01:00
Add some commit references for openssl issues
- - - - -
ccb423ea by Salvatore Bonaccorso at 2023-02-07T20:57:49+01:00
Add CVE-2022-46663/less
- - - - -
4a862425 by Salvatore Bonaccorso at 2023-02-07T21:08:10+01:00
Add Debian bug reference for CVE-2022-46663/less
- - - - -
8e391ba1 by security tracker role at 2023-02-07T20:10:22+00:00
automatic update
- - - - -
c34bb48f by Salvatore Bonaccorso at 2023-02-07T21:46:34+01:00
Process two NFUs
- - - - -
a67896e6 by Salvatore Bonaccorso at 2023-02-07T21:59:11+01:00
Reserve DSA number for openssl update
- - - - -
9c1d153d by Salvatore Bonaccorso at 2023-02-07T22:12:19+01:00
Track fixed version for CVE-2022-45442/ruby-sinatra
- - - - -
ea70c914 by Salvatore Bonaccorso at 2023-02-07T22:16:40+01:00
Track fixed version for openssl issue via unstable
- - - - -
3dc42e6a by Salvatore Bonaccorso at 2023-02-07T22:23:33+01:00
Track fixed version for three mplayer issues
Note for reviewers: Suspect more CVEs are actually adressed by rebasing
to the particular svn revision, needs a check on all open mplayer CVEs.
- - - - -
2fac8605 by Salvatore Bonaccorso at 2023-02-07T22:25:49+01:00
Update fixed version information for CVE-2023-0430/thunderbird
As the maintainer explains:
Note: The previous version 1:102.7.1-1 was build on top of a release
candidate which does not fixed CVE-2023-0430 fully.
Link: https://tracker.debian.org/news/1418852/accepted-thunderbird-1102711-1-source-into-unstable/
- - - - -
c8639746 by Salvatore Bonaccorso at 2023-02-07T22:34:15+01:00
Track fixed version for several ring issues via unstable
- - - - -
01ac376e by Salvatore Bonaccorso at 2023-02-07T22:44:45+01:00
Track fixed version for CVE-2012-6655/accountsservice via unstable
- - - - -
2ead1eea by Anton Gladky at 2023-02-08T06:16:57+01:00
LTS: Add VCS to apr-util
- - - - -
0db0ede3 by Salvatore Bonaccorso at 2023-02-08T06:38:01+01:00
Add new chromium issues
- - - - -
068f02ba by Salvatore Bonaccorso at 2023-02-08T06:39:15+01:00
Add chromium to dsa-needed list
- - - - -
b5c2c414 by Salvatore Bonaccorso at 2023-02-08T07:17:03+01:00
Add CVE-2022-45142 /heimdal
- - - - -
6da3c634 by Salvatore Bonaccorso at 2023-02-08T07:54:57+01:00
Add oss-security reference for heimdal issue
- - - - -
7188547c by Salvatore Bonaccorso at 2023-02-08T08:15:50+01:00
Add CVE-2023-25194/kafka
- - - - -
749eeefb by Salvatore Bonaccorso at 2023-02-08T08:35:46+01:00
Track fixed version for chromium issue with unstable upload
- - - - -
0107bea1 by Salvatore Bonaccorso at 2023-02-08T08:37:32+01:00
Track more fixes for ring via unstable upload
Thanks: Amin Bandali
- - - - -
809b484b by Emilio Pozuelo Monfort at 2023-02-08T08:53:51+01:00
lts: add openssl
- - - - -
4c2d3861 by security tracker role at 2023-02-08T08:10:17+00:00
automatic update
- - - - -
6ba8e750 by Salvatore Bonaccorso at 2023-02-08T09:30:25+01:00
Add additional reference for CVE-2022-45142/heimdal
- - - - -
518865db by Salvatore Bonaccorso at 2023-02-08T09:35:16+01:00
Process some NFUs
- - - - -
41508f7c by Helmut Grohne at 2023-02-08T12:37:05+01:00
issue DLA-3311-1 for heimdal CVE-2022-45142
- - - - -
2a0a1f7b by Helmut Grohne at 2023-02-08T12:52:37+01:00
record bug number for heimdal CVE-2022-45142
- - - - -
c772926a by Emilio Pozuelo Monfort at 2023-02-08T12:59:13+01:00
Reserve DLA-3312-1 for shim
- - - - -
0f882696 by Moritz Muehlenhoff at 2023-02-08T13:13:48+01:00
more mplayer issues fixed in sid
- - - - -
ebf03ffc by Salvatore Bonaccorso at 2023-02-08T13:30:21+01:00
Reserve DSA number for heimdal update
- - - - -
f6c7f0e3 by Moritz Muehlenhoff at 2023-02-08T14:20:06+01:00
openssh fixed in sid
- - - - -
11d9092b by Moritz Muehlenhoff at 2023-02-08T14:21:00+01:00
graphite-web fixed in sid
- - - - -
31898798 by Moritz Muehlenhoff at 2023-02-08T14:55:26+01:00
NFUs
- - - - -
c7b5c577 by Moritz Mühlenhoff at 2023-02-08T15:24:22+01:00
symfony spu
- - - - -
61ac7f22 by Salvatore Bonaccorso at 2023-02-08T15:57:35+01:00
Update notes for sofia-sip
- - - - -
c8fdf727 by Salvatore Bonaccorso at 2023-02-08T16:12:21+01:00
Add CVE-2022-38725/syslog-ng
- - - - -
12263c4b by Moritz Muehlenhoff at 2023-02-08T17:24:12+01:00
one more mplayer issue fixed
- - - - -
13c14bc7 by Moritz Muehlenhoff at 2023-02-08T17:24:50+01:00
sofia-sip fixed in sid
- - - - -
75b97445 by Moritz Muehlenhoff at 2023-02-08T17:28:13+01:00
new python-cryptography issue
- - - - -
47ff11db by Moritz Muehlenhoff at 2023-02-08T17:38:18+01:00
NFUs
- - - - -
c6175987 by Moritz Mühlenhoff at 2023-02-08T20:09:47+01:00
chromium DSA
- - - - -
4f2c39d2 by Salvatore Bonaccorso at 2023-02-08T20:49:11+01:00
Merge temporary RUSTSEC-2023-0004 entry with CVE-2023-22895
- - - - -
381fe374 by Salvatore Bonaccorso at 2023-02-08T20:56:51+01:00
Track proposed update for ncurses via bullseye-pu
- - - - -
5298de27 by Salvatore Bonaccorso at 2023-02-08T21:07:34+01:00
CVE-2023-23931: Directly refer to commit in repository
- - - - -
173f8e51 by security tracker role at 2023-02-08T20:10:19+00:00
automatic update
- - - - -
d28a237d by Salvatore Bonaccorso at 2023-02-08T21:17:58+01:00
Add CVE-2020-22452/phpmyadmin
- - - - -
0e30ea9a by Anton Gladky at 2023-02-08T21:39:39+01:00
LTS: Add meta-ifnrormation
- - - - -
e19dfaa3 by Tobias Frost at 2023-02-08T21:49:15+01:00
Reserve DLA-3313-1 for wireshark
- - - - -
dfb157c8 by Salvatore Bonaccorso at 2023-02-08T22:14:28+01:00
Process some NFUs
- - - - -
20ce6f91 by Salvatore Bonaccorso at 2023-02-08T22:29:04+01:00
Mark golang-1.18 as removed from everwhere supported
- - - - -
6f5caab7 by Salvatore Bonaccorso at 2023-02-08T22:31:30+01:00
Track fixed version for CVE-2023-24813/php-dompdf
- - - - -
85d09bd6 by Markus Koschany at 2023-02-09T00:44:58+01:00
Reserve DLA-3314-1 for libsdl2
- - - - -
96c430b7 by Salvatore Bonaccorso at 2023-02-09T06:29:25+01:00
Update information for CVE-2020-22452/phpmyadmin
The issue was already fixed earlier, 5.0.2 upstream includes the fix and
so the 4:5.0.4+dfsg1-1 upload to unstable as well.
- - - - -
e4d4b353 by Salvatore Bonaccorso at 2023-02-09T06:34:53+01:00
Track fixed version via unstable for CVE-2021-3981/grub2
- - - - -
2a213767 by security tracker role at 2023-02-09T08:10:14+00:00
automatic update
- - - - -
e0744ae0 by Salvatore Bonaccorso at 2023-02-09T10:11:35+01:00
Process some NFUs
- - - - -
4a30be3e by Salvatore Bonaccorso at 2023-02-09T11:26:47+01:00
Process some NFUs
- - - - -
6bb90f0a by Moritz Muehlenhoff at 2023-02-09T12:19:18+01:00
new sofia-sip issues
Reported against drachtio-server, references will be added when fixed in
the sofia-sip repo.
- - - - -
36d2a3ae by Moritz Muehlenhoff at 2023-02-09T12:23:01+01:00
glibc update, will likely be disputed/rejected
- - - - -
8f5fd15e by Moritz Muehlenhoff at 2023-02-09T12:54:01+01:00
NFUs
- - - - -
69860e25 by Moritz Muehlenhoff at 2023-02-09T14:01:58+01:00
new nextcloud-desktop issue
- - - - -
256f4d7d by Moritz Muehlenhoff at 2023-02-09T14:40:20+01:00
new kodi issue
- - - - -
0f588121 by Tobias Frost at 2023-02-09T17:46:59+01:00
LTS: claim trafficserver in dla-needed.txt
- - - - -
c69a2538 by security tracker role at 2023-02-09T20:10:21+00:00
automatic update
- - - - -
6fc5457f by Salvatore Bonaccorso at 2023-02-09T21:17:51+01:00
Remove notes from rejected CVE-2023-0634
- - - - -
6e7e2bcc by Salvatore Bonaccorso at 2023-02-09T21:37:19+01:00
Add CVE-2023-0760/gpac
- - - - -
02c9aa13 by Salvatore Bonaccorso at 2023-02-09T21:49:48+01:00
Process some NFUs
- - - - -
45267c24 by Salvatore Bonaccorso at 2023-02-09T22:26:39+01:00
Add CVE-2022-41862/postgresql
- - - - -
52bcd2ca by Tobias Frost at 2023-02-09T22:37:18+01:00
LTS: release claim on trafficserver in dla-needed.txt
- - - - -
f5a7f731 by Salvatore Bonaccorso at 2023-02-09T22:57:41+01:00
Track fixed version via unstable for CVE-2023-23559/linux
- - - - -
d74bba97 by Salvatore Bonaccorso at 2023-02-09T23:12:10+01:00
Update information for CVE-2023-23942/nextcloud-desktop
- - - - -
729130df by Helmut Grohne at 2023-02-10T07:08:51+01:00
issue DLA-3315-1 for sox
- - - - -
e4ffbbd5 by Moritz Muehlenhoff at 2023-02-10T08:52:31+01:00
sleuthkit non issue
- - - - -
930574e9 by Moritz Muehlenhoff at 2023-02-10T08:59:38+01:00
bullseye triage
- - - - -
bf814cac by Moritz Muehlenhoff at 2023-02-10T09:00:46+01:00
jss fixed in sid
- - - - -
d6899cc1 by security tracker role at 2023-02-10T08:10:19+00:00
automatic update
- - - - -
88c9ff1d by Moritz Muehlenhoff at 2023-02-10T11:28:12+01:00
record older fixes for puppet modules
- - - - -
8035ac09 by Moritz Muehlenhoff at 2023-02-10T12:12:00+01:00
new caddy issue
- - - - -
3f5cab46 by Moritz Muehlenhoff at 2023-02-10T12:23:15+01:00
NFUs
- - - - -
df818f11 by Moritz Muehlenhoff at 2023-02-10T12:33:07+01:00
rust-diesel fixed in sid
- - - - -
e5583053 by Roberto C. Sánchez at 2023-02-10T08:29:02-05:00
Reserve DLA-3316-1 for postgresql-11
- - - - -
bd79d6fd by Moritz Muehlenhoff at 2023-02-10T15:20:26+01:00
new gpac issue
- - - - -
4e5d15c4 by Moritz Muehlenhoff at 2023-02-10T15:20:26+01:00
NFUs
- - - - -
2fac686f by Salvatore Bonaccorso at 2023-02-10T15:54:07+01:00
Add CVE-2023-0361/gnutls28
- - - - -
4275cfb5 by Moritz Mühlenhoff at 2023-02-10T20:31:55+01:00
libde265 DSA
- - - - -
018b6d96 by Salvatore Bonaccorso at 2023-02-10T20:47:32+01:00
Track fixed version via unstable for ruby-rack issues
- - - - -
edf2ad49 by security tracker role at 2023-02-10T20:10:23+00:00
automatic update
- - - - -
e90d25e6 by Salvatore Bonaccorso at 2023-02-10T21:19:37+01:00
Remove notes from REJECTED CVEs
For all those CVEs they got witdrawn by the assigning CNA, as further
analysis showed that it was not a security issue.
- - - - -
70245aa4 by Salvatore Bonaccorso at 2023-02-10T21:23:30+01:00
Process some NFUs
- - - - -
bc385231 by Salvatore Bonaccorso at 2023-02-10T21:55:59+01:00
Add Debian bug reference for CVE-2023-23082/kodi
- - - - -
4c9bd47b by Salvatore Bonaccorso at 2023-02-10T22:29:40+01:00
Add Debian bug reference for CVE-2023-23931/python-cryptography
- - - - -
55a9ec0d by Salvatore Bonaccorso at 2023-02-10T22:34:15+01:00
Add tag reference for CVE-2022-28923 for upstream commit
- - - - -
cd6e2869 by Markus Koschany at 2023-02-11T00:16:34+01:00
Reserve DLA-3317-1 for snort
- - - - -
33bfbda3 by Markus Koschany at 2023-02-11T00:25:50+01:00
Claim haproxy in dla-needed.txt
- - - - -
9cdafcc2 by security tracker role at 2023-02-11T08:10:13+00:00
automatic update
- - - - -
c6328b00 by Salvatore Bonaccorso at 2023-02-11T09:26:20+01:00
Process some NFUs
- - - - -
6367167b by Salvatore Bonaccorso at 2023-02-11T09:26:54+01:00
Add CVE-2023-24816/ipython
- - - - -
650f630a by Salvatore Bonaccorso at 2023-02-11T09:27:25+01:00
Add CVE-2022-41941/glpi
- - - - -
f094dd83 by Salvatore Bonaccorso at 2023-02-11T09:28:02+01:00
Add CVE-2022-41859/freeradius
- - - - -
6d123272 by Salvatore Bonaccorso at 2023-02-11T09:30:59+01:00
Reference upstream commit for CVE-2023-25139
- - - - -
41b6735d by Salvatore Bonaccorso at 2023-02-11T13:19:17+01:00
Track icingaweb2 embedding php-dompdf
- - - - -
fc13e9d7 by Salvatore Bonaccorso at 2023-02-11T20:36:37+01:00
Reference commits for CVE-2023-0361/gnutls28
- - - - -
45759f3f by security tracker role at 2023-02-11T20:10:18+00:00
automatic update
- - - - -
18eca0bf by Salvatore Bonaccorso at 2023-02-11T21:29:56+01:00
Process some NFUs
- - - - -
4014ef3f by security tracker role at 2023-02-12T08:10:12+00:00
automatic update
- - - - -
e171292e by Salvatore Bonaccorso at 2023-02-12T10:22:14+01:00
Process some NFUs
- - - - -
0fe925ee by security tracker role at 2023-02-12T20:10:15+00:00
automatic update
- - - - -
1b049cac by Salvatore Bonaccorso at 2023-02-12T21:14:34+01:00
Process some NFUs
- - - - -
6a5d09b3 by Salvatore Bonaccorso at 2023-02-12T21:18:49+01:00
Add todo item for CVE-2023-24816
- - - - -
1042cd24 by Salvatore Bonaccorso at 2023-02-13T07:30:11+01:00
Process CVE-2022-1970 as NFU
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
1dd180fe by security tracker role at 2023-02-13T08:10:14+00:00
automatic update
- - - - -
7618c15d by Moritz Muehlenhoff at 2023-02-13T09:57:11+01:00
pspp no longer installs vulnerable tool
- - - - -
a3bca77a by Moritz Muehlenhoff at 2023-02-13T10:51:13+01:00
NFUs
- - - - -
892d27d3 by Moritz Muehlenhoff at 2023-02-13T11:14:35+01:00
ipython n/a
- - - - -
8e9e8717 by Sylvain Beucler at 2023-02-13T11:55:19+01:00
dla: update runc status
- - - - -
99582cf0 by Salvatore Bonaccorso at 2023-02-13T12:37:36+01:00
Add CVE-2023-25727/phpmyadmin
- - - - -
b6d742cd by Moritz Muehlenhoff at 2023-02-13T13:36:41+01:00
binwalk fixed in sid
- - - - -
d769a51c by Moritz Muehlenhoff at 2023-02-13T13:42:33+01:00
node-http-server in the archive now
- - - - -
48ae4f64 by Emilio Pozuelo Monfort at 2023-02-13T14:05:38+01:00
lts: take openssl
- - - - -
258f4c10 by Moritz Mühlenhoff at 2023-02-13T19:44:59+01:00
imagemagick DSA
- - - - -
48954cb0 by Moritz Muehlenhoff at 2023-02-13T19:54:53+01:00
add references to latest IM issues
- - - - -
2f7c73c1 by Anton Gladky at 2023-02-13T20:08:18+01:00
LTS: Update VCS and note
- - - - -
2af3d205 by Salvatore Bonaccorso at 2023-02-13T20:28:23+01:00
Add gnutls28 to dsa-needed list
- - - - -
3bc01bfd by Salvatore Bonaccorso at 2023-02-13T20:31:55+01:00
Add additional reference for CVE-2023-25136
- - - - -
fd1ebd18 by Salvatore Bonaccorso at 2023-02-13T20:36:26+01:00
Add upstream tag reference for CVE-2022-4510 fix
- - - - -
6f19093a by Salvatore Bonaccorso at 2023-02-13T20:45:38+01:00
Add discussion references for CVE-2022-44267 and CVE-2022-44268
- - - - -
7a3d76d5 by security tracker role at 2023-02-13T20:10:23+00:00
automatic update
- - - - -
22b7e91c by Salvatore Bonaccorso at 2023-02-13T22:06:51+01:00
Process some NFUs
- - - - -
bca26de5 by Salvatore Bonaccorso at 2023-02-13T23:14:24+01:00
Process some more NFUs
- - - - -
b75b07e8 by Salvatore Bonaccorso at 2023-02-14T07:39:36+01:00
Add new gss-ntlmssp issues: CVE-2023-2556{3,4,5,6,7}
- - - - -
530f5f40 by security tracker role at 2023-02-14T08:10:14+00:00
automatic update
- - - - -
eb57c81e by Salvatore Bonaccorso at 2023-02-14T09:12:48+01:00
Remove notes from rejected CVE
The CVE got rejected as further investigation showed that it is not a
security issue.
- - - - -
bbfdff00 by Salvatore Bonaccorso at 2023-02-14T09:15:38+01:00
Process some NFUs
- - - - -
35d1ce86 by Henri Salo at 2023-02-14T11:03:45+02:00
CVE-2023-24580/python-django
- - - - -
98166a2c by Salvatore Bonaccorso at 2023-02-14T11:40:48+01:00
Update information for CVE-2023-24580/python-django
- - - - -
32ab240c by Salvatore Bonaccorso at 2023-02-14T11:42:33+01:00
Remove trailing whitespaces
- - - - -
6499f903 by Moritz Muehlenhoff at 2023-02-14T11:44:01+01:00
NFUs
- - - - -
450755a7 by Moritz Muehlenhoff at 2023-02-14T11:44:36+01:00
heimdal fixed in sid
- - - - -
c56e343f by Moritz Muehlenhoff at 2023-02-14T12:19:29+01:00
new python-future issue
- - - - -
f1bfcadf by Salvatore Bonaccorso at 2023-02-14T12:55:00+01:00
Track fixed version for CVE-2022-46663/less via unstable
- - - - -
da12f255 by Moritz Muehlenhoff at 2023-02-14T13:38:57+01:00
new gpac issues
- - - - -
5a340995 by Moritz Muehlenhoff at 2023-02-14T13:39:20+01:00
add additional reference to IM information leak issue
- - - - -
5d39ed63 by Sébastien Beyou at 2023-02-14T15:22:55+01:00
CVE-2007-0894 fixed since a long time
- - - - -
8de4aa7a by Moritz Muehlenhoff at 2023-02-14T15:29:51+01:00
new qt issue
- - - - -
eccf92fe by Moritz Mühlenhoff at 2023-02-14T15:48:11+01:00
flask-security, crun spus
- - - - -
a1827c64 by Salvatore Bonaccorso at 2023-02-14T14:53:15+00:00
Merge branch 'CVE-2007-0894' into 'master'
CVE-2007-0894 fixed since a long time
See merge request security-tracker-team/security-tracker!126
- - - - -
eb059131 by Salvatore Bonaccorso at 2023-02-14T17:09:47+01:00
Add CVE-2023-25725/haproxy
- - - - -
427dce55 by Salvatore Bonaccorso at 2023-02-14T17:14:18+01:00
Reserve DSA number for haproxy update
- - - - -
37bdbff1 by Moritz Muehlenhoff at 2023-02-14T17:23:20+01:00
new tiff issues
- - - - -
41c5c160 by Moritz Muehlenhoff at 2023-02-14T17:34:36+01:00
haproxy fixed in sid
- - - - -
ab8d2ddb by Adrian Bunk at 2023-02-14T18:59:33+02:00
gtkpod is not affected by CVE-2021-37232
- - - - -
c935e06b by Moritz Muehlenhoff at 2023-02-14T18:07:44+01:00
NFUs
- - - - -
7de1aa7f by Markus Koschany at 2023-02-14T18:59:01+01:00
Reserve DLA-3318-1 for haproxy
- - - - -
b4bf1212 by Markus Koschany at 2023-02-14T19:12:41+01:00
CVE-2023-0056,haproxy: Mark Buster as not-affected
The interim response flag 1xx was added to the code later.
- - - - -
adda08df by Moritz Muehlenhoff at 2023-02-14T19:39:01+01:00
django, kodi fixed in sid
- - - - -
c7ac7286 by Moritz Mühlenhoff at 2023-02-14T19:46:29+01:00
gnutls28 DSA
- - - - -
107288e3 by Salvatore Bonaccorso at 2023-02-14T20:32:13+01:00
Add Debian bug reference for CVE-2021-23797
- - - - -
67cab7c4 by Salvatore Bonaccorso at 2023-02-14T20:33:48+01:00
Add Debian bug reference for CVE-2023-24580/python-django
- - - - -
a269a5d3 by Salvatore Bonaccorso at 2023-02-14T20:49:08+01:00
Add CVE-2022-27672/xen
- - - - -
d4afc542 by Salvatore Bonaccorso at 2023-02-14T20:50:58+01:00
Add CVE-2023-23946 and CVE-2023-22490 in git
- - - - -
f0c9a01b by Salvatore Bonaccorso at 2023-02-14T20:55:52+01:00
Add commit references for git issues
- - - - -
cc9c549c by security tracker role at 2023-02-14T20:10:24+00:00
automatic update
- - - - -
42e1c02b by Salvatore Bonaccorso at 2023-02-14T21:11:48+01:00
Add CVE-2022-27672/linux
- - - - -
7fbf80f5 by Salvatore Bonaccorso at 2023-02-14T21:14:56+01:00
Process some NFUs
- - - - -
5f896e7e by Salvatore Bonaccorso at 2023-02-14T21:21:09+01:00
Add reason for not-affected in CVE-2021-37232/gtkpod
- - - - -
0f8f1abe by Salvatore Bonaccorso at 2023-02-14T21:47:44+01:00
Process some NFUs
- - - - -
1e3eb5cd by Salvatore Bonaccorso at 2023-02-14T22:52:40+01:00
Add upstream tag information for CVE-2022-40899
- - - - -
4254155e by Salvatore Bonaccorso at 2023-02-14T22:58:33+01:00
Adjust reference for CVE-2023-0795/tiff
- - - - -
fb7a2e01 by Salvatore Bonaccorso at 2023-02-15T07:05:14+01:00
Track fixed version for CVE-2022-27672/linux via unstable
- - - - -
9b2a3c4b by Moritz Muehlenhoff at 2023-02-15T08:26:37+01:00
new firefox issues
- - - - -
8925d876 by Salvatore Bonaccorso at 2023-02-15T08:30:02+01:00
Process some NFUs from Intel advisories
- - - - -
da816a4e by Moritz Muehlenhoff at 2023-02-15T08:36:07+01:00
new firefox-esr issues
- - - - -
5cd0fe9b by Salvatore Bonaccorso at 2023-02-15T08:42:20+01:00
Add new intel-microcode issues
- - - - -
d6de8cd8 by Salvatore Bonaccorso at 2023-02-15T09:02:14+01:00
Add new PHP issues
- - - - -
78a3787e by Salvatore Bonaccorso at 2023-02-15T09:04:18+01:00
Add Debian bug reference for intel-microcode issues
- - - - -
1c151079 by Moritz Muehlenhoff at 2023-02-15T09:06:23+01:00
add additional PHP references
- - - - -
f93d0e5c by security tracker role at 2023-02-15T08:10:28+00:00
automatic update
- - - - -
035a4e38 by Moritz Muehlenhoff at 2023-02-15T09:11:04+01:00
add further reference for CVE-2022-27672
- - - - -
8f30f743 by Moritz Muehlenhoff at 2023-02-15T09:14:09+01:00
new curl issues
- - - - -
26e7d231 by Moritz Muehlenhoff at 2023-02-15T09:15:51+01:00
new golang-golang-x-net issue
- - - - -
b00b726f by Moritz Muehlenhoff at 2023-02-15T09:17:15+01:00
new golang-golang-x-image issue
- - - - -
f324bc77 by Moritz Muehlenhoff at 2023-02-15T09:18:10+01:00
NSS fixed in sid
- - - - -
37597b0a by Moritz Muehlenhoff at 2023-02-15T09:21:54+01:00
nvidia-cuda-toolkit fixed in experimental
- - - - -
9695dcfe by Salvatore Bonaccorso at 2023-02-15T09:31:12+01:00
Add upstream references for CVE-2023-2391{4,5,6}/curl and update status
- - - - -
23809fbb by Salvatore Bonaccorso at 2023-02-15T09:43:55+01:00
Add CVE-2023-25577/python-werkzeug
- - - - -
89501cf8 by Salvatore Bonaccorso at 2023-02-15T09:46:32+01:00
Add CVE-2023-23934/python-werkzeug
- - - - -
9115b486 by Salvatore Bonaccorso at 2023-02-15T09:47:14+01:00
Process some NFUs
- - - - -
03bf49ec by Salvatore Bonaccorso at 2023-02-15T14:03:04+01:00
Track new golang issues CVE-2022-4172{2,3,4,5}
- - - - -
fa9d4779 by Emilio Pozuelo Monfort at 2023-02-15T14:24:44+01:00
lts: take firefox-esr
- - - - -
6390e21d by Alberto Garcia at 2023-02-15T16:36:27+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0002
- - - - -
a7c31718 by Moritz Muehlenhoff at 2023-02-15T17:48:34+01:00
bullseye triage
- - - - -
36b4f3a2 by Moritz Muehlenhoff at 2023-02-15T18:16:07+01:00
add commit reference for nss
- - - - -
3f9eeac6 by Moritz Muehlenhoff at 2023-02-15T18:18:25+01:00
NFUs
- - - - -
90e99270 by Moritz Muehlenhoff at 2023-02-15T19:41:20+01:00
one golang issue is Win-specific
add references
- - - - -
1658823b by security tracker role at 2023-02-15T20:10:30+00:00
automatic update
- - - - -
6c532679 by Salvatore Bonaccorso at 2023-02-15T21:16:11+01:00
Process one NFU
- - - - -
89552016 by Salvatore Bonaccorso at 2023-02-15T21:17:07+01:00
Track fixed version for CVE-2022-3479/nss
- - - - -
a3915b07 by Salvatore Bonaccorso at 2023-02-15T21:34:18+01:00
Update status for CVE-2022-3479/nss in bullseye
- - - - -
876dea76 by Salvatore Bonaccorso at 2023-02-15T21:39:34+01:00
Add references for CVE-2022-4172{3,4,5}/go
- - - - -
f518a02e by Salvatore Bonaccorso at 2023-02-15T21:56:18+01:00
Take nss from dsa-needed list
- - - - -
2e2a853c by Salvatore Bonaccorso at 2023-02-15T22:23:24+01:00
Add Debian bug reference for CVE-2023-22490 and CVE-2023-23946
- - - - -
212b9ab9 by Salvatore Bonaccorso at 2023-02-15T22:33:42+01:00
Add Debian bug reference for php8.2 issues
- - - - -
6291a7eb by Salvatore Bonaccorso at 2023-02-15T22:35:47+01:00
Add Debian bug reference for gss-ntlmssp issues
- - - - -
cd6f47d1 by Salvatore Bonaccorso at 2023-02-15T22:38:11+01:00
Add Debian bug reference for python-werkzeug issues
- - - - -
08e37971 by Moritz Mühlenhoff at 2023-02-15T23:06:26+01:00
firefox-esr DSA
- - - - -
7b2c8f26 by Salvatore Bonaccorso at 2023-02-16T06:37:03+01:00
Add Debian bug references for curl issues
- - - - -
5d67e47f by Salvatore Bonaccorso at 2023-02-16T08:37:17+01:00
Add CVE-2022-4904/c-ares
- - - - -
35fd0efd by Salvatore Bonaccorso at 2023-02-16T08:41:49+01:00
Add CVE-2023-0778/libpod
- - - - -
e74a07d5 by Salvatore Bonaccorso at 2023-02-16T08:47:41+01:00
Mark CVE-2023-0813 as NFU
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
0e752857 by security tracker role at 2023-02-16T08:12:28+00:00
automatic update
- - - - -
e3a80bd2 by Moritz Muehlenhoff at 2023-02-16T09:21:16+01:00
git fixed in sid
- - - - -
1115bc67 by Moritz Muehlenhoff at 2023-02-16T09:23:22+01:00
new containerd issues
- - - - -
524b2239 by Moritz Muehlenhoff at 2023-02-16T10:53:07+01:00
NFUs
- - - - -
d7a7ccb7 by Moritz Muehlenhoff at 2023-02-16T11:11:40+01:00
new gitlab issues
- - - - -
98bda2a0 by Moritz Muehlenhoff at 2023-02-16T11:43:03+01:00
bogus gpac report
uptimed n/a
- - - - -
3af2c022 by Emilio Pozuelo Monfort at 2023-02-16T12:29:40+01:00
Reserve DLA-3319-1 for firefox-esr
- - - - -
99335dba by Salvatore Bonaccorso at 2023-02-16T12:36:30+01:00
Add two new clamav issues
- - - - -
52840127 by Daniel Leidert at 2023-02-16T14:41:23+01:00
Claim ruby-loofah in dla-needed.txt
... and add patch links for CVEs.
- - - - -
eefa0d3d by Moritz Muehlenhoff at 2023-02-16T15:38:30+01:00
new gitlab, check-mk issues
xpdf n/a
- - - - -
f101d10e by Moritz Muehlenhoff at 2023-02-16T16:09:18+01:00
gss-ntlmssp fixed in sid
- - - - -
ddd79095 by Moritz Muehlenhoff at 2023-02-16T16:20:19+01:00
wordpress CVE assignments for issues fixed back in 6.0.3
- - - - -
d637c64e by Moritz Muehlenhoff at 2023-02-16T16:34:09+01:00
NFUs
- - - - -
50a1e7d8 by Moritz Muehlenhoff at 2023-02-16T17:50:06+01:00
new rust-webbrowser issue
- - - - -
339223f7 by Moritz Muehlenhoff at 2023-02-16T18:32:32+01:00
NFUs
- - - - -
bc9c5f97 by Moritz Muehlenhoff at 2023-02-16T19:22:01+01:00
new wheel issue
- - - - -
3fb5a8b1 by Markus Koschany at 2023-02-16T20:23:43+01:00
LTS: add golang-github-opencontainers-selinux to dla-needed.txt
- - - - -
6143935f by Salvatore Bonaccorso at 2023-02-16T21:06:45+01:00
Build cross-references for issues covered in DSA-5279-1
- - - - -
5ec08178 by security tracker role at 2023-02-16T20:12:46+00:00
automatic update
- - - - -
61e15f7d by Salvatore Bonaccorso at 2023-02-16T21:19:25+01:00
Associate CVE-2022-4825{7,8} with eternal-terminal, itp'ed
- - - - -
9479c8ed by Salvatore Bonaccorso at 2023-02-16T21:31:06+01:00
Process some NFUs
- - - - -
9bad544a by Salvatore Bonaccorso at 2023-02-16T21:31:50+01:00
Add two new issues for node-undici
- - - - -
81895c4a by Salvatore Bonaccorso at 2023-02-16T21:33:33+01:00
Add CVE-2023-0475/golang-github-hashicorp-go-getter
- - - - -
6ffb5ec0 by Salvatore Bonaccorso at 2023-02-16T21:34:08+01:00
Add CVE-2023-23558/eternal-terminal, itp'ed
- - - - -
5f6c76af by Sylvain Beucler at 2023-02-16T22:35:48+01:00
dla: golang-github-opencontainers-selinux rationale
- - - - -
a614607f by Salvatore Bonaccorso at 2023-02-16T22:45:09+01:00
Adjust version for containerd in unstable
- - - - -
a03f311d by Salvatore Bonaccorso at 2023-02-16T22:47:42+01:00
Track fixed version for imagemagick issues via unstable
- - - - -
ecdb868a by Salvatore Bonaccorso at 2023-02-16T22:53:14+01:00
Add Debian bug reference for node-undici issues
- - - - -
ba545402 by Alberto Garcia at 2023-02-17T00:06:23+01:00
webkit2gtk DSA-5351-1 and wpewebkit DSA-5352-1
- - - - -
cbc3366e by Tianon Gravi at 2023-02-16T15:35:41-08:00
Update CVE-2004-0971 with the fix version from #278271
- - - - -
228e62f1 by Salvatore Bonaccorso at 2023-02-17T06:18:26+01:00
Put note below source package name
- - - - -
6328552a by Salvatore Bonaccorso at 2023-02-17T06:19:14+01:00
Correct version tracking for CVE-2004-0971
This is as we want to record the fix which enters unstable for the
source package entry. As 1.13.1+dfsg-1 appears to have been uploaded to
experimental, the first version entering unstable was 1.13.2+dfsg-2
- - - - -
19186dad by Salvatore Bonaccorso at 2023-02-17T06:22:16+01:00
Track fix for node-undici issues via unstable
- - - - -
7914391e by security tracker role at 2023-02-17T08:10:13+00:00
automatic update
- - - - -
0a64ac43 by Emilio Pozuelo Monfort at 2023-02-17T10:11:57+01:00
lts: take webkit2gtk
- - - - -
50326c03 by Emilio Pozuelo Monfort at 2023-02-17T10:13:12+01:00
Reserve DLA-3320-1 for webkit2gtk
- - - - -
d65cf65b by Moritz Muehlenhoff at 2023-02-17T11:18:49+01:00
NFUs
- - - - -
0d857434 by Moritz Muehlenhoff at 2023-02-17T11:27:14+01:00
two additional chrome issues fixed last month
- - - - -
67755c51 by Moritz Muehlenhoff at 2023-02-17T12:16:37+01:00
golang-1.19 fixed in sid
- - - - -
d09d5b71 by Moritz Muehlenhoff at 2023-02-17T15:45:44+01:00
new gpac issues
- - - - -
7980b7b5 by Moritz Muehlenhoff at 2023-02-17T16:04:14+01:00
new nomad issue
- - - - -
a1c08f21 by Sylvain Beucler at 2023-02-17T16:58:46+01:00
CVE-2019-19921/runc: reference merged patch
- - - - -
bd9bdb18 by Moritz Muehlenhoff at 2023-02-17T16:59:23+01:00
add details for c-ares issue
- - - - -
cb405f92 by Moritz Muehlenhoff at 2023-02-17T17:03:23+01:00
apache-jena fixed
- - - - -
a7cd35a5 by Moritz Muehlenhoff at 2023-02-17T19:30:25+01:00
NFUs
- - - - -
746b86d5 by Moritz Muehlenhoff at 2023-02-17T19:33:17+01:00
"new" golang-github-revel-revel issue
- - - - -
265b646c by Moritz Muehlenhoff at 2023-02-17T19:35:11+01:00
golang-github-flynn-noise n/a
- - - - -
7d158218 by Moritz Muehlenhoff at 2023-02-17T19:47:54+01:00
NFUs
- - - - -
2e3b59a9 by Salvatore Bonaccorso at 2023-02-17T21:02:42+01:00
Track fixed version for clamav issues
- - - - -
e7559c2c by Salvatore Bonaccorso at 2023-02-17T21:04:24+01:00
Cleanup additional whitespace in NOTE
- - - - -
81ef75ff by security tracker role at 2023-02-17T20:10:30+00:00
automatic update
- - - - -
1b77de0e by Salvatore Bonaccorso at 2023-02-17T21:10:58+01:00
Add Debian bug reference for clamav issues
- - - - -
8965c3d1 by Salvatore Bonaccorso at 2023-02-17T21:18:15+01:00
CVE-2019-19921: Directly reference the commit
- - - - -
fe4f33c9 by Salvatore Bonaccorso at 2023-02-17T21:20:58+01:00
Add upstream tag reference information for CVE-2022-4904/c-ares
- - - - -
92897818 by Salvatore Bonaccorso at 2023-02-17T21:40:47+01:00
Add upstream tag information for CVE-2020-36568
- - - - -
db8c59b5 by Salvatore Bonaccorso at 2023-02-17T21:43:54+01:00
Add Debian bug reference for CVE-2022-4904/c-ares
- - - - -
a6b909ea by Salvatore Bonaccorso at 2023-02-17T22:27:52+01:00
Add CVE-2023-23586/linux
- - - - -
28ed8252 by Salvatore Bonaccorso at 2023-02-17T22:49:46+01:00
Process some NFUs
- - - - -
e25cd873 by Moritz Muehlenhoff at 2023-02-17T23:03:46+01:00
new thunderbird issues
- - - - -
10dfb953 by Salvatore Bonaccorso at 2023-02-17T23:11:18+01:00
Add as well CVE-2023-25746 mfsa2023-07 reference
- - - - -
5e8b2c4d by Salvatore Bonaccorso at 2023-02-17T23:21:29+01:00
Reserve DSA number for nss update
- - - - -
d0016ae3 by Salvatore Bonaccorso at 2023-02-17T23:42:57+01:00
Add references for amanda issues
- - - - -
ae81eb64 by security tracker role at 2023-02-18T08:10:13+00:00
automatic update
- - - - -
0e0c8c75 by Salvatore Bonaccorso at 2023-02-18T09:35:57+01:00
Track fixed version CVE-2022-4904/c-ares
- - - - -
a854975c by Salvatore Bonaccorso at 2023-02-18T09:54:26+01:00
Track proposed update for clamav via bullseye-pu
- - - - -
80a4e056 by Salvatore Bonaccorso at 2023-02-18T10:09:31+01:00
Process some NFUs
- - - - -
25e68c1b by Salvatore Bonaccorso at 2023-02-18T10:15:43+01:00
Add CVE-2023-24809/nethack
- - - - -
b594b52f by Salvatore Bonaccorso at 2023-02-18T11:05:54+01:00
Add CVE-2023-24329/python
- - - - -
bb51ca04 by Salvatore Bonaccorso at 2023-02-18T13:06:11+01:00
Track fixed version for thunderbird via unstable
- - - - -
4e32597c by Salvatore Bonaccorso at 2023-02-18T13:57:09+01:00
Process some NFUs
- - - - -
05f03a39 by Markus Koschany at 2023-02-18T17:15:52+01:00
Reserve DLA-3321-1 for gnutls28
- - - - -
6affaa07 by Markus Koschany at 2023-02-18T17:33:30+01:00
Reserve DSA-5354-1 for snort
- - - - -
d8a8ff27 by Markus Koschany at 2023-02-18T17:42:19+01:00
LTS: add tiff to dla-needed.txt
- - - - -
2ea93210 by Markus Koschany at 2023-02-18T17:42:36+01:00
Claim tiff in dla-needed.txt
- - - - -
8a311e22 by Sylvain Beucler at 2023-02-18T18:01:02+01:00
Reserve DLA-3322-1 for golang-github-opencontainers-selinux
- - - - -
28cdd747 by Moritz Mühlenhoff at 2023-02-18T19:47:57+01:00
thunderbird DSA
- - - - -
9ade986f by Salvatore Bonaccorso at 2023-02-18T20:26:03+01:00
Mark CVE-2022-27672/xen as not-affected as well down to buster
- - - - -
0151a429 by Salvatore Bonaccorso at 2023-02-18T20:40:54+01:00
Add Debian bug reference for CVE-2022-27672/xen
- - - - -
3153beaa by security tracker role at 2023-02-18T20:10:25+00:00
automatic update
- - - - -
1f307190 by Salvatore Bonaccorso at 2023-02-18T21:16:39+01:00
Process some NFUs
- - - - -
65495479 by Salvatore Bonaccorso at 2023-02-18T22:11:41+01:00
Process some NFUs
- - - - -
ed63d00f by Salvatore Bonaccorso at 2023-02-18T22:26:12+01:00
Add CVE-2022-47015/MariaDB
- - - - -
49045c6b by Markus Koschany at 2023-02-18T23:52:59+01:00
LTS: add c-ares to dla-needed.txt
- - - - -
a51d6d54 by Markus Koschany at 2023-02-18T23:53:33+01:00
Reserve DLA-3323-1 for c-ares
- - - - -
b55e8a16 by Salvatore Bonaccorso at 2023-02-19T07:54:36+01:00
Track fixed version for CVE-2023-22745/tpm2-tss via unstable
- - - - -
04ad2c97 by security tracker role at 2023-02-19T08:10:14+00:00
automatic update
- - - - -
f203b784 by Salvatore Bonaccorso at 2023-02-19T09:16:27+01:00
Process some NFUs
- - - - -
10c0b781 by Salvatore Bonaccorso at 2023-02-19T16:21:51+01:00
Track proposed bullseye-pu update for containerd
- - - - -
df19d3db by Salvatore Bonaccorso at 2023-02-19T16:25:07+01:00
Track fixed version for CVE-2023-25744/thunderbird via unstable
It was addressed as well with the 1:102.8.0-1, but we missed to track it
with the initial commit to track the fixed version.
- - - - -
7810985b by Salvatore Bonaccorso at 2023-02-19T16:58:08+01:00
Add Debian bug references for tiff issues
- - - - -
8b5ce926 by Markus Koschany at 2023-02-19T17:30:56+01:00
CVE-2022-1471,snakeyaml: unimportant
Snakeyaml is not designed to process untrusted YAML input. This has been
clarified for users in version 1.33-2 with a README.Debian.security file.
See also Debian bug #1030046
- - - - -
823329f4 by Markus Koschany at 2023-02-19T17:33:20+01:00
CVE-2022-41854,snakeyaml: fixed in 1.33-1
According to the Google fuzzer this issue was fixed between 20220911 and
20220912. Version 1.32 was released back then. The first version in Debian was
1.33-1 and I assume this is fixed now. According to the CVE description the
parser would crash by stack overflow. A limit to the nesting depth of YAML
files has been already introduced with other CVE fixes, so that shouldn't be a
problem anymore.
- - - - -
8cada0ea by Markus Koschany at 2023-02-19T17:38:31+01:00
CVE-2022-41854,snakeyaml: Buster is not affected
because this issue was addressed in version 1.23-1+deb10u1. Bullseye will be
fixed with a point update in the near future.
- - - - -
919f8c7b by Salvatore Bonaccorso at 2023-02-19T20:57:11+01:00
Track fixed version for various tiff issues
- - - - -
8404e0cb by Salvatore Bonaccorso at 2023-02-19T21:04:07+01:00
Update information for CVE-2023-25012/linux
- - - - -
74224966 by security tracker role at 2023-02-19T20:10:29+00:00
automatic update
- - - - -
870beef3 by Salvatore Bonaccorso at 2023-02-19T21:17:04+01:00
Process some NFUs
- - - - -
213baf8d by Salvatore Bonaccorso at 2023-02-19T21:18:20+01:00
Track proposed c-ares update via bullseye-pu
- - - - -
92ad2370 by Markus Koschany at 2023-02-19T21:27:08+01:00
LTS: add freeradius to dla-needed.txt
- - - - -
7a305a92 by Markus Koschany at 2023-02-19T21:27:09+01:00
CVE-2023-25193,harfbuzz: Buster is no-dsa
Minor issue
- - - - -
aa8f8b08 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add intel-microcode to dla-needed.txt
- - - - -
32e325e3 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add nss to dla-needed.txt
- - - - -
6e4df0b7 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add python-cryptography to dla-needed.txt
- - - - -
b7273199 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add python-django to dla-needed.txt
- - - - -
f00ec304 by Markus Koschany at 2023-02-19T21:27:09+01:00
LTS: add python-werkzeug to dla-needed.txt
- - - - -
bdad6aed by Markus Koschany at 2023-02-19T21:27:10+01:00
CVE-2022-4254,sssd: Mark Buster as no-dsa
Minor issue
- - - - -
493b9372 by Markus Koschany at 2023-02-19T21:27:12+01:00
CVE-2022-4254,sssd: Remove superfluous Bullseye entry
The issue was fixed in 2.3.1 and Bullseye has 2.4.1
- - - - -
45bb9012 by Markus Koschany at 2023-02-19T21:27:12+01:00
LTS: add amanda to dla-needed.txt
- - - - -
900565f6 by Markus Koschany at 2023-02-19T21:27:23+01:00
Claim nss in dla-needed.txt
- - - - -
85981430 by Utkarsh Gupta at 2023-02-20T03:07:03+05:30
Drop tmux from dla-needed
even if the upload was already made, we've
decided to ignore it completely; cf: #debian-lts.
- - - - -
b3e1ae1a by Utkarsh Gupta at 2023-02-20T03:10:53+05:30
Add notes for packages
- - - - -
0efe7456 by Markus Koschany at 2023-02-20T00:28:43+01:00
Triage gpac for Buster as EOL.
- - - - -
73e31c31 by Markus Koschany at 2023-02-20T00:28:43+01:00
LTS: add curl to dla-needed.txt
- - - - -
a035b7b9 by Markus Koschany at 2023-02-20T00:28:43+01:00
LTS: add sofia-sip to dla-needed.txt
- - - - -
ec9c34ea by Markus Koschany at 2023-02-20T00:28:43+01:00
LTS: add clamav to dla-needed.txt
- - - - -
e4b1027d by Markus Koschany at 2023-02-20T00:28:43+01:00
CVE-2023-23082,kodi: Buster is no-dsa
Minor issue
- - - - -
3c8575fd by Markus Koschany at 2023-02-20T00:28:44+01:00
CVE-2022-3560,pesign: Buster is no-dsa
Minor issue
- - - - -
503c323b by Markus Koschany at 2023-02-20T00:28:44+01:00
CVE-2023-22332,pgpool2: Buster is no-dsa
Minor issue
- - - - -
c35ede04 by Markus Koschany at 2023-02-20T00:28:44+01:00
CVE-2023-24607,qtbase-opensource-src: Buster is no-dsa
Minor issue
- - - - -
2cb655fd by Markus Koschany at 2023-02-20T00:28:44+01:00
CVE-2023-22799,ruby-globalid: Buster is no-dsa
Minor issue
- - - - -
7824121b by Markus Koschany at 2023-02-20T00:28:44+01:00
CVE-2023-23627,ruby-sanitize: Buster is no-dsa
Minor issue
- - - - -
39aeedb1 by Markus Koschany at 2023-02-20T00:28:44+01:00
Triage symfony CVE as no-dsa for Buster
Minor issues
- - - - -
53f57d61 by Anton Gladky at 2023-02-20T08:26:17+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
d2693455 by Anton Gladky at 2023-02-20T08:33:49+01:00
LTS: assign libgit2 to Tobias
- - - - -
4875a9b2 by Emilio Pozuelo Monfort at 2023-02-20T09:08:25+01:00
lts: reclaim thunderbird
- - - - -
2b6b4b92 by security tracker role at 2023-02-20T08:10:13+00:00
automatic update
- - - - -
0147c2f7 by Emilio Pozuelo Monfort at 2023-02-20T09:12:05+01:00
Reserve DLA-3324-1 for thunderbird
- - - - -
8de71375 by Moritz Muehlenhoff at 2023-02-20T09:14:00+01:00
one emacs issue also affects that one person who still uses xemacs21...
- - - - -
eaa3e34e by Emilio Pozuelo Monfort at 2023-02-20T09:19:28+01:00
lts: take clamav
- - - - -
ab0a8e21 by Adrian Bunk at 2023-02-20T11:01:37+02:00
DLA: take sofia-sip
- - - - -
abdd15e5 by Adrian Bunk at 2023-02-20T11:02:23+02:00
DLA: take curl
- - - - -
bf8e04c7 by Salvatore Bonaccorso at 2023-02-20T10:19:37+01:00
Process two NFUs
- - - - -
1dba7257 by Lee Garrett at 2023-02-20T11:08:45+01:00
Reclaim apache2
- - - - -
98a7b4a2 by Holger Levsen at 2023-02-20T11:16:02+01:00
claim imagemagick
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
9e959340 by Emilio Pozuelo Monfort at 2023-02-20T12:08:44+01:00
Reserve DLA-3325-1 for openssl
- - - - -
ed99e3bc by Guilhem Moulin at 2023-02-20T14:01:15+01:00
LTS: reclaim node-url-parse in dla-needed.txt
- - - - -
1af9fffd by Bastian Blank at 2023-02-20T14:17:56+01:00
Reserve DLA-3326-1 for isc-dhcp
- - - - -
ee3fea33 by Moritz Muehlenhoff at 2023-02-20T14:20:11+01:00
NFU
- - - - -
6fadbaff by Moritz Muehlenhoff at 2023-02-20T15:51:53+01:00
NFUs
- - - - -
fa83d1e2 by Moritz Muehlenhoff at 2023-02-20T16:07:50+01:00
new epiphany issue
- - - - -
121e7aee by Markus Koschany at 2023-02-20T16:11:24+01:00
Reserve DLA-3327-1 for nss
- - - - -
d5a51f92 by Moritz Muehlenhoff at 2023-02-20T16:13:40+01:00
new resteasy issue
- - - - -
c1774b2b by Moritz Muehlenhoff at 2023-02-20T16:47:07+01:00
new py7zr issue
- - - - -
34f9128a by Salvatore Bonaccorso at 2023-02-20T16:57:21+01:00
Add upstream tag information for CVE-2022-44900/py7zr
- - - - -
cdeb82d6 by Moritz Muehlenhoff at 2023-02-20T17:13:15+01:00
golang-github-labstack-echo n/a
- - - - -
7a759aab by Moritz Muehlenhoff at 2023-02-20T17:23:09+01:00
NFUs
- - - - -
db67e466 by Sylvain Beucler at 2023-02-20T17:27:32+01:00
CVE-2019-19921/runc: possibly not fixed
- - - - -
5b371a17 by Aron Xu at 2023-02-21T00:32:42+08:00
dsa-needed.txt: add git and claim it
- - - - -
222d4ff9 by Salvatore Bonaccorso at 2023-02-20T17:36:49+01:00
Update information for CVE-2017-9271
- - - - -
bf62d234 by Salvatore Bonaccorso at 2023-02-20T17:37:49+01:00
Update fixing information for CVE-2017-9271/libzypp
- - - - -
4247c702 by Emilio Pozuelo Monfort at 2023-02-20T18:44:20+01:00
Reserve DLA-3328-1 for clamav
- - - - -
a6145b00 by Moritz Mühlenhoff at 2023-02-20T19:58:57+01:00
sox DSA
- - - - -
45f61428 by Chris Lamb at 2023-02-20T11:07:32-08:00
data/dla-needed.txt: Claim amanda.
- - - - -
3108472d by Chris Lamb at 2023-02-20T11:10:21-08:00
data/dla-needed.txt: Claim python-django.
- - - - -
2b25f15b by Chris Lamb at 2023-02-20T11:14:49-08:00
data/dla-needed.txt: Claim python-cryptography.
- - - - -
29b72345 by Chris Lamb at 2023-02-20T12:00:18-08:00
Reserve DLA-3329-1 for python-django
- - - - -
b1527c76 by security tracker role at 2023-02-20T20:10:19+00:00
automatic update
- - - - -
50dae3c4 by Salvatore Bonaccorso at 2023-02-20T21:18:56+01:00
Process NFUs
- - - - -
98ea3b40 by Salvatore Bonaccorso at 2023-02-20T21:24:26+01:00
Process some new CVEs for check-mk
- - - - -
e9864421 by Salvatore Bonaccorso at 2023-02-20T21:44:47+01:00
Add Debian bug reference for CVE-2022-40899/python-future
- - - - -
5213b591 by Ola Lundqvist at 2023-02-20T22:04:34+01:00
LTS: add git to dla-needed.txt
- - - - -
b6796349 by Ola Lundqvist at 2023-02-20T22:18:52+01:00
CVE-2023-0482 as no-dsa for buster following decision for later release as well.
- - - - -
81eb6f56 by Ola Lundqvist at 2023-02-20T23:20:45+01:00
LTS: add python3.7 to dla-needed.txt
- - - - -
84a28eb6 by Sylvain Beucler at 2023-02-20T23:35:14+01:00
dla: update runc status
- - - - -
d64a2bc7 by Salvatore Bonaccorso at 2023-02-21T08:06:59+01:00
Add CVE-2022-4833{7,8,9}/emacs
- - - - -
c1696d45 by security tracker role at 2023-02-21T08:10:17+00:00
automatic update
- - - - -
9c809783 by Salvatore Bonaccorso at 2023-02-21T09:39:37+01:00
Add CVE-2023-26242/linux
- - - - -
75b1083b by Salvatore Bonaccorso at 2023-02-21T09:43:55+01:00
Add CVE-2023-26265/backdrop
- - - - -
026fb9de by Salvatore Bonaccorso at 2023-02-21T09:44:28+01:00
Add CVE-2023-26253/glusterfs
- - - - -
403405a6 by Salvatore Bonaccorso at 2023-02-21T09:47:13+01:00
Add CVE-2023-26249/knot-resolver
- - - - -
e24005dd by Moritz Muehlenhoff at 2023-02-21T10:30:07+01:00
bookworm triage
- - - - -
70c1b24a by Moritz Muehlenhoff at 2023-02-21T10:31:00+01:00
curl fixed in sid
- - - - -
5bff57ee by Holger Levsen at 2023-02-21T12:50:10+01:00
Revert "claim imagemagick"
This reverts commit 98a7b4a2cced685e5991d061ee4bfe70caef967b.
- - - - -
dbb39797 by Emilio Pozuelo Monfort at 2023-02-21T13:17:28+01:00
lts: take git
- - - - -
3aa7dc31 by Moritz Muehlenhoff at 2023-02-21T13:24:37+01:00
newaflplusplus issue
- - - - -
2634d016 by Holger Levsen at 2023-02-21T13:33:17+01:00
add notes from el_cubano about imagemagick
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
a10ea4a5 by Moritz Muehlenhoff at 2023-02-21T14:04:31+01:00
NFUs
- - - - -
d38aa709 by Moritz Muehlenhoff at 2023-02-21T14:11:23+01:00
new iortcw issue
- - - - -
2e3b3a75 by Moritz Muehlenhoff at 2023-02-21T15:06:01+01:00
new glusterfs issues
- - - - -
3b052d48 by Moritz Muehlenhoff at 2023-02-21T15:15:35+01:00
new libcommons-fileupload-java issue
- - - - -
050c1ae5 by Moritz Muehlenhoff at 2023-02-21T15:50:57+01:00
new hdf5 issues
- - - - -
7ea4b589 by Moritz Muehlenhoff at 2023-02-21T16:18:04+01:00
bugnums
- - - - -
3c9dd687 by Salvatore Bonaccorso at 2023-02-21T17:24:03+01:00
Add upstream tag information for CVE-2023-24998
- - - - -
b6c762ca by Moritz Muehlenhoff at 2023-02-21T17:31:42+01:00
NFUs
- - - - -
c0566b11 by Moritz Muehlenhoff at 2023-02-21T17:34:59+01:00
"new" chromium issue
- - - - -
efb4adfa by Emilio Pozuelo Monfort at 2023-02-21T17:41:34+01:00
Add fixing commits for CVE-2023-0215/openssl
- - - - -
cadb661f by Salvatore Bonaccorso at 2023-02-21T18:10:13+01:00
Add reference for CVE-2023-20032
- - - - -
c102f0c6 by Moritz Muehlenhoff at 2023-02-21T19:04:11+01:00
bookworm triage
- - - - -
3d95c78a by Chris Lamb at 2023-02-21T10:15:32-08:00
Reserve DLA-3330-1 for amanda
- - - - -
a03b3984 by Chris Lamb at 2023-02-21T10:22:41-08:00
DLA-3330-1 for amanda actaully fixes CVE-2022-37704, not CVE-2022-37703.
- - - - -
755f3d05 by Moritz Muehlenhoff at 2023-02-21T19:44:10+01:00
bookworm triage
- - - - -
40d9091d by Moritz Muehlenhoff at 2023-02-21T19:48:31+01:00
rpm fixed in sid
- - - - -
5714bb5c by Sylvain Beucler at 2023-02-21T20:20:27+01:00
dla: claim python-werkzeug
- - - - -
2f59193d by Moritz Muehlenhoff at 2023-02-21T20:37:23+01:00
bookworm triage
- - - - -
de6fad73 by Chris Lamb at 2023-02-21T11:38:09-08:00
Reserve DLA-3331-1 for python-cryptography
- - - - -
57fbbef2 by Adrian Bunk at 2023-02-21T21:54:08+02:00
Reserve DLA-3332-1 for apr-util
- - - - -
ab89abfa by Adrian Bunk at 2023-02-21T22:04:33+02:00
dla: take python3.7
- - - - -
7b8d8132 by security tracker role at 2023-02-21T20:10:39+00:00
automatic update
- - - - -
f7edc4e1 by Salvatore Bonaccorso at 2023-02-21T21:13:31+01:00
Remove two end-of-life markers for versions fixed in the release
- - - - -
90eee801 by Salvatore Bonaccorso at 2023-02-21T21:13:33+01:00
Adjust reference for CVE-2023-20032, dropping unnecessary part
- - - - -
b6c3b350 by Salvatore Bonaccorso at 2023-02-21T21:14:44+01:00
Process some NFUs
- - - - -
b2ff40ba by Salvatore Bonaccorso at 2023-02-21T21:43:27+01:00
Process some NFUs
- - - - -
344671a8 by Salvatore Bonaccorso at 2023-02-21T21:44:07+01:00
Add CVE-2023-23009/libreswan
- - - - -
5688e7a6 by Salvatore Bonaccorso at 2023-02-21T22:33:09+01:00
Add upstream tag information for CVE-2022-0934/dnsmasq
The tag is not really the correct one, there was v2.87test9 before which
is though only a test tag, so track it as fixed in v2.87rc1.
- - - - -
8641862c by Salvatore Bonaccorso at 2023-02-21T22:36:15+01:00
Track fixed version for CVE-2022-0934/dnsmasq
- - - - -
f015e682 by Moritz Muehlenhoff at 2023-02-21T22:50:29+01:00
bookworm triage
- - - - -
708529c3 by Salvatore Bonaccorso at 2023-02-21T23:02:36+01:00
Process some NFUs
- - - - -
5dc185f6 by Salvatore Bonaccorso at 2023-02-21T23:02:38+01:00
Add CVE-2022-31394/rust-hyper
- - - - -
8aececb2 by Salvatore Bonaccorso at 2023-02-21T23:02:40+01:00
Add CVE-2022-0337/chromium
- - - - -
766e033a by Salvatore Bonaccorso at 2023-02-21T23:02:41+01:00
Add CVE-2021-46023/mruby
- - - - -
f7242da2 by Salvatore Bonaccorso at 2023-02-21T23:02:43+01:00
Add CVE-2021-4128/firefox from mfsa2021-52
- - - - -
1dbc9024 by Markus Koschany at 2023-02-21T23:55:06+01:00
Reserve DLA-3333-1 for tiff
- - - - -
fb5bbbd6 by Ola Lundqvist at 2023-02-22T00:03:50+01:00
LTS: add tiff to dla-needed.txt
- - - - -
6add35c4 by Markus Koschany at 2023-02-22T00:14:42+01:00
Claim asterisk in dla-needed.txt
- - - - -
f31bc65e by Markus Koschany at 2023-02-22T00:14:58+01:00
Remove tiff from dla-needed.txt because all CVE have been fixed.
- - - - -
10c7f963 by Markus Koschany at 2023-02-22T00:15:24+01:00
Remove snakeyaml from dla-needed.txt
- - - - -
aaeebf94 by Markus Koschany at 2023-02-22T00:18:08+01:00
Remove nextcloud-desktop from dla-needed.txt and triage
the currently open issues as no-dsa because they are minor.
- - - - -
c54411f0 by Salvatore Bonaccorso at 2023-02-22T07:26:40+01:00
Add CVE-2023-0644/qemu
- - - - -
ab2526e1 by Salvatore Bonaccorso at 2023-02-22T07:31:18+01:00
Add CVE-2021-32142/libraw
- - - - -
d527425a by Salvatore Bonaccorso at 2023-02-22T07:37:22+01:00
Add CVE-2021-32850/jquery-minicolors
- - - - -
b69ba9ce by Salvatore Bonaccorso at 2023-02-22T07:42:11+01:00
Track upstream commit for epiphany-browser in 43.1 release
- - - - -
c7a672d4 by Salvatore Bonaccorso at 2023-02-22T07:47:21+01:00
Reference upstream commit for CVE-2023-0778/libpod
- - - - -
c939245d by Salvatore Bonaccorso at 2023-02-22T07:50:53+01:00
Add CVE-2023-26314/mono
- - - - -
2f452d45 by security tracker role at 2023-02-22T08:10:31+00:00
automatic update
- - - - -
43e74aa2 by Salvatore Bonaccorso at 2023-02-22T09:19:23+01:00
Process one Wordpress plugin as NFU
- - - - -
72a84504 by Salvatore Bonaccorso at 2023-02-22T09:27:32+01:00
Process some NFUs
- - - - -
8f0a26b3 by Emilio Pozuelo Monfort at 2023-02-22T10:18:06+01:00
lts: take mariadb-10.3
I'm coordinating the DLA with Otto.
- - - - -
1fef44a3 by Salvatore Bonaccorso at 2023-02-22T10:21:17+01:00
Reference upstream commit for CVE-2023-0662/php
- - - - -
49fed8a1 by Moritz Muehlenhoff at 2023-02-22T11:51:46+01:00
add PHP commit references
- - - - -
6669cad2 by Lee Garrett at 2023-02-22T15:16:30+01:00
Add comment on CVE-2019-17567 (apache2)
- - - - -
f0e022ba by Moritz Muehlenhoff at 2023-02-22T15:34:28+01:00
epiphany fixed in sid
- - - - -
c31a1ca4 by Lee Garrett at 2023-02-22T16:04:54+01:00
Claim samba in dla-needed.txt
- - - - -
3e016864 by Salvatore Bonaccorso at 2023-02-22T17:12:58+01:00
Reference additional followup for CVE-2022-37704/amanda
- - - - -
08f3f48e by Moritz Muehlenhoff at 2023-02-22T17:38:54+01:00
disassociate CVE-2021-43172 from two source packages.
There's no concrete information whether they are actually affected (and all
other issues were addressed across the whole stack back then)
- - - - -
2638d81f by Ola Lundqvist at 2023-02-22T20:07:14+01:00
CVE-2023-24998 as no-dsa in buster.
- - - - -
06788701 by Moritz Muehlenhoff at 2023-02-22T20:33:10+01:00
bookworm triage
- - - - -
52b01bb1 by Salvatore Bonaccorso at 2023-02-22T20:41:56+01:00
Update status for multipath-tools
- - - - -
db183443 by Ola Lundqvist at 2023-02-22T21:10:16+01:00
CVE-2022-45939 as no-dsa in buster even though emacs package has been fixed. Still consider it as minor but if someone want to fix it it is ok.
- - - - -
d9802189 by Salvatore Bonaccorso at 2023-02-22T21:12:37+01:00
Mark CVE-2022-47517 as NFU
The CVE assignment is specific to the libsofia-sip fork in
drachtio-server. The changes applied correspond to the url_canonize2
part for CVE-2022-31002 in src:sofia-sip.
- - - - -
532f311d by Salvatore Bonaccorso at 2023-02-22T21:14:32+01:00
Remove notes for CVE-2020-36643
CVE got withrawn by the assigning CNA as further investigation showed
that there is no security issue.
- - - - -
887c4e79 by Salvatore Bonaccorso at 2023-02-22T21:15:36+01:00
Add Debian bug reference for CVE-2021-32850/jquery-minicolors
- - - - -
f2284ae4 by Salvatore Bonaccorso at 2023-02-22T21:17:28+01:00
Update information for CVE-2021-32142/libraw
Add Debian bug reference for issue and mark as no-dsa for bullseye.
- - - - -
f8f4c356 by Salvatore Bonaccorso at 2023-02-22T21:23:29+01:00
Update information for CVE-2022-47516
- - - - -
1ccb16a4 by Ola Lundqvist at 2023-02-22T21:24:20+01:00
LTS: add binwalk to dla-needed.txt
- - - - -
c5f10566 by Salvatore Bonaccorso at 2023-02-22T21:32:07+01:00
Add Debian bug reference for CVE-2022-47516/sofia-sip
- - - - -
776be473 by Salvatore Bonaccorso at 2023-02-22T21:45:51+01:00
Track fixed version for CVE-2023-23627/ruby-sanitize via unstable
- - - - -
5a5de58b by Salvatore Bonaccorso at 2023-02-22T22:00:30+01:00
Add Debian bug reference for CVE-2022-48340/glustefs
- - - - -
5bb7a83e by Salvatore Bonaccorso at 2023-02-22T22:02:04+01:00
Track fixed version for CVE-2022-4833{7,8,9}/emacs via unstable
- - - - -
a47f6d77 by Salvatore Bonaccorso at 2023-02-22T22:04:51+01:00
Track fixed version for CVE-2023-23009/libreswan via unstable
- - - - -
2f3e4722 by Adrian Bunk at 2023-02-22T23:35:04+02:00
Reserve DLA-3334-1 for sofia-sip
- - - - -
ab4c0f2c by Adrian Bunk at 2023-02-22T23:46:40+02:00
lts: take binwalk
- - - - -
7c739f6b by Markus Koschany at 2023-02-22T22:53:14+01:00
CVE-2022-39244,CVE-2022-39269, Asterisk: Bullseye is affected
Remove not-affected tag because the vulnerable code is in PJSIP which we ship
in the debian directory (tar.bz2 file)
- - - - -
f4705b58 by Markus Koschany at 2023-02-22T23:20:31+01:00
Reserve DLA-3335-1 for asterisk
- - - - -
0a3a14f1 by Ola Lundqvist at 2023-02-22T23:25:24+01:00
CVE-2021-32142 as no-dsa in buster following bullseye decision.
- - - - -
4c11d1b6 by Ola Lundqvist at 2023-02-22T23:25:24+01:00
LTS: add mono to dla-needed.txt
- - - - -
23e287e6 by Markus Koschany at 2023-02-22T23:38:48+01:00
Claim openimageio in dla-needed.txt
- - - - -
ec09bb29 by Guilhem Moulin at 2023-02-23T01:33:53+01:00
Reserve DLA-3336-1 for node-url-parse
- - - - -
7bc142d1 by Guilhem Moulin at 2023-02-23T02:36:40+01:00
LTS: claim nodejs in dla-needed.txt
- - - - -
0de6743b by Aron Xu at 2023-02-23T14:26:37+08:00
Reserve DSA-5357-1 for git
- - - - -
621f78aa by Salvatore Bonaccorso at 2023-02-23T07:26:56+01:00
Track fixed version for CVE-2023-24998/libcommons-fileupload-java via unstable
- - - - -
689e5571 by Salvatore Bonaccorso at 2023-02-23T07:28:26+01:00
Add new chromium issues
- - - - -
9b779704 by Salvatore Bonaccorso at 2023-02-23T07:30:53+01:00
Mark axtls as removed from stable
- - - - -
01862523 by Salvatore Bonaccorso at 2023-02-23T07:31:20+01:00
axtls is removed from every supported suite
- - - - -
35d95ba2 by Salvatore Bonaccorso at 2023-02-23T07:31:56+01:00
Add chromium to dsa-needed list
- - - - -
3514c62d by Salvatore Bonaccorso at 2023-02-23T07:32:48+01:00
Add php7.4 to dsa-needed list
- - - - -
11d28ee7 by Salvatore Bonaccorso at 2023-02-23T08:12:25+01:00
Correct CVE association for qemu issue
Did typoed yesterday apparently the CVE for qemu. Move entry from
CVE-2023-0644 to CVE-2023-0664.
- - - - -
99eb83cd by Salvatore Bonaccorso at 2023-02-23T08:13:33+01:00
Add CVE-2022-38779/kibana
- - - - -
2dda321b by Emilio Pozuelo Monfort at 2023-02-23T08:58:42+01:00
Reserve DLA-3337-1 for mariadb-10.3
- - - - -
32401dca by security tracker role at 2023-02-23T08:10:23+00:00
automatic update
- - - - -
9546ac8c by Moritz Muehlenhoff at 2023-02-23T09:25:47+01:00
update dsa-needed
- - - - -
379dc697 by Salvatore Bonaccorso at 2023-02-23T09:54:45+01:00
Process some NFUs
- - - - -
615e550d by Salvatore Bonaccorso at 2023-02-23T10:04:00+01:00
Process more NFUs
- - - - -
f4bbc971 by Markus Koschany at 2023-02-23T10:06:40+01:00
Reserve DSA-5358-1 for asterisk
- - - - -
8c5218b5 by Aron Xu at 2023-02-23T17:10:17+08:00
track fixed CVE for tiff
- - - - -
c4de7c83 by Aron Xu at 2023-02-23T17:21:14+08:00
dsa-needed.txt: claim frr
- - - - -
c5de1b01 by Henri Salo at 2023-02-23T11:51:28+02:00
NFU
- - - - -
6a173a3c by Salvatore Bonaccorso at 2023-02-23T11:00:14+01:00
Move listing of CVE-2022-3970, CVE-2022-3626 and CVE-2022-3598 to DSA-5333-1 entry
- - - - -
5de29380 by Moritz Muehlenhoff at 2023-02-23T12:26:31+01:00
bullseye triage
- - - - -
c858649b by Markus Koschany at 2023-02-23T12:41:54+01:00
Claim freeradius in dla-needed.txt
- - - - -
923be14c by Moritz Muehlenhoff at 2023-02-23T13:28:34+01:00
bookworm triage
- - - - -
979df58a by Salvatore Bonaccorso at 2023-02-23T14:53:31+01:00
Add Debian bug reference for CVE-2023-23009/libreswan
- - - - -
19c60915 by Moritz Muehlenhoff at 2023-02-23T17:37:40+01:00
add additional emacs references
- - - - -
d83a0a8d by Emilio Pozuelo Monfort at 2023-02-23T17:46:26+01:00
Reserve DLA-3338-1 for git
- - - - -
ce345456 by Moritz Muehlenhoff at 2023-02-23T17:52:23+01:00
bookworm triage
- - - - -
30ef5328 by Adrian Bunk at 2023-02-23T21:13:11+02:00
Reserve DLA-3339-1 for binwalk
- - - - -
6325f68d by Guilhem Moulin at 2023-02-23T20:30:28+01:00
Add references for CVE-2022-43548
- - - - -
9205cae9 by Salvatore Bonaccorso at 2023-02-23T20:56:14+01:00
Process some NFUs
- - - - -
c733960c by Salvatore Bonaccorso at 2023-02-23T20:56:46+01:00
Add CVE-2023-25579/nextcloud-server
- - - - -
138fe310 by Salvatore Bonaccorso at 2023-02-23T20:59:02+01:00
Reassociate two NFUs with itp'ed source
- - - - -
a070b758 by Salvatore Bonaccorso at 2023-02-23T21:01:47+01:00
Add CVE-2023-23039/linux
- - - - -
046f47aa by security tracker role at 2023-02-23T20:10:30+00:00
automatic update
- - - - -
df3337d8 by Salvatore Bonaccorso at 2023-02-23T21:19:30+01:00
Remove notes from CVE-2014-125064, withdrawn as no security issue
- - - - -
045a0647 by Tobias Frost at 2023-02-23T21:20:46+01:00
Reserve DLA-3340-1 for libgit2
- - - - -
275de37d by Salvatore Bonaccorso at 2023-02-23T21:22:58+01:00
Drop notes for CVE-2021-4243
CVE-2021-4243 got rejected in favour of CVE-2021-32850.
- - - - -
82c0547b by Salvatore Bonaccorso at 2023-02-23T21:28:53+01:00
Process some NFUs
- - - - -
08b5b016 by Salvatore Bonaccorso at 2023-02-23T21:42:50+01:00
Add CVE-2023-23918/nodejs
- - - - -
4a264113 by Salvatore Bonaccorso at 2023-02-23T21:52:25+01:00
Add CVE-2023-23919/nodejs
- - - - -
9f76e60f by Salvatore Bonaccorso at 2023-02-23T21:55:19+01:00
Add CVE-2023-23920/nodejs
- - - - -
e2666396 by Salvatore Bonaccorso at 2023-02-23T22:01:20+01:00
Add references for CVE-2023-239{18,19,20}/nodejs
- - - - -
e1856329 by Salvatore Bonaccorso at 2023-02-23T22:11:58+01:00
Add CVE-2023-22476/mantis
- - - - -
043ef690 by Salvatore Bonaccorso at 2023-02-23T22:12:58+01:00
Add Debian bug references for nodejs issues
- - - - -
c07c9a17 by Salvatore Bonaccorso at 2023-02-23T22:17:18+01:00
Process some NFUs
- - - - -
5e472de5 by Ola Lundqvist at 2023-02-23T22:21:01+01:00
LTS: add emacs to dla-needed.txt
- - - - -
abdbe370 by Adrian Bunk at 2023-02-23T23:22:32+02:00
lts: take mono
- - - - -
0cffc66d by Salvatore Bonaccorso at 2023-02-23T22:25:40+01:00
Add CVE-2022-3219/gnupg2
Mark it as unimprtant, as first the impact is low (slow processing) and
upstream does not consider to merge/apply the proposed change. Debian
should not diverge from upstream at this point.
- - - - -
f3619e25 by Ola Lundqvist at 2023-02-23T22:29:48+01:00
CVE-2023-22742 as no-dsa also in buster.
- - - - -
5ddc44ee by Ola Lundqvist at 2023-02-23T22:34:15+01:00
CVE-2020-12278 and CVE-2020-12279 as not important to fix since it only occurs on NTFS filesystems. This was marked as such already for jessie and do the same for buster now.
- - - - -
cdc2c8d5 by Ola Lundqvist at 2023-02-23T22:36:54+01:00
CVE-2021-46023 as no-dsa following decision for bullseye.
- - - - -
3bf22b7a by Ola Lundqvist at 2023-02-23T22:37:27+01:00
CVE-2021-32850 as no-dsa following decision for bullseye.
- - - - -
a12cd784 by Moritz Mühlenhoff at 2023-02-23T22:56:36+01:00
chromium, emacs DSAs
- - - - -
7c9221df by Ola Lundqvist at 2023-02-23T23:05:55+01:00
CVE-2022-48340 and CVE-2023-26253 for glusterfs as no-dsa following decision for bullseye.
- - - - -
3c1f3327 by Moritz Muehlenhoff at 2023-02-23T23:16:36+01:00
NFUs (unrelated to ITPd airflow)
- - - - -
75286a1c by Salvatore Bonaccorso at 2023-02-24T08:47:14+01:00
Add CVE-2022-4492/undertow
- - - - -
b3ffcdea by Salvatore Bonaccorso at 2023-02-24T08:57:22+01:00
Add CVE-2022-25927/node-ua-parser-js
- - - - -
a78887e3 by security tracker role at 2023-02-24T08:10:16+00:00
automatic update
- - - - -
3938ffe8 by Aron Xu at 2023-02-24T16:11:45+08:00
tiff DSA
- - - - -
a9551e63 by Salvatore Bonaccorso at 2023-02-24T09:37:16+01:00
Process two NFUs
- - - - -
f98f466c by Salvatore Bonaccorso at 2023-02-24T09:50:08+01:00
Add CVE-2023-26325 as NFU
- - - - -
35768c25 by Salvatore Bonaccorso at 2023-02-24T09:53:54+01:00
Add CVE-2023-25824/mod-gnutls
- - - - -
ee3aa8fc by Salvatore Bonaccorso at 2023-02-24T09:58:01+01:00
Remove trailing whitespaces
- - - - -
82b5e606 by Salvatore Bonaccorso at 2023-02-24T10:29:45+01:00
Add CVE-2023-0996/libheif
- - - - -
1e6da07b by Salvatore Bonaccorso at 2023-02-24T10:30:49+01:00
Process some NFUs
- - - - -
285d282b by Aron Xu at 2023-02-24T18:34:21+08:00
dsa-needed: claim rails
- - - - -
7ed1c8ef by Adrian Bunk at 2023-02-24T13:10:27+02:00
Reserve DLA-3341-1 for curl
- - - - -
aba1226e by Adrian Bunk at 2023-02-24T13:19:46+02:00
lts: take emacs
- - - - -
b85a2061 by Aron Xu at 2023-02-24T20:45:46+08:00
Reserve DSA-5362-1 for frr
- - - - -
d4d1ee1f by Moritz Muehlenhoff at 2023-02-24T14:41:20+01:00
bookworm triage
- - - - -
50cef236 by Moritz Mühlenhoff at 2023-02-24T16:27:25+01:00
snakeyaml spu
- - - - -
9b068ca8 by Markus Koschany at 2023-02-24T17:16:33+01:00
Reserve DLA-3342-1 for freeradius
- - - - -
f0dbe34b by Salvatore Bonaccorso at 2023-02-24T17:41:44+01:00
Add Debian bug reference for CVE-2021-42521/vtk9
- - - - -
91057cc6 by Salvatore Bonaccorso at 2023-02-24T17:42:45+01:00
Add Debian bug reference for CVE-2023-23457/upx-ucl
- - - - -
cdc5e7e2 by Salvatore Bonaccorso at 2023-02-24T17:43:36+01:00
Add Debian bug reference for CVE-2023-0054/vim
- - - - -
74488f66 by Salvatore Bonaccorso at 2023-02-24T17:44:53+01:00
Add Debian bug references for CVE-2023-24607/qt
- - - - -
93fb9f6e by Salvatore Bonaccorso at 2023-02-24T17:45:43+01:00
Add Debian bug references for CVE-2023-24809/nethack
- - - - -
3175cae3 by Moritz Mühlenhoff at 2023-02-24T20:12:56+01:00
php7.4 DSA
- - - - -
f85e6f66 by Moritz Mühlenhoff at 2023-02-24T20:21:50+01:00
update CVE list
- - - - -
dc26f5a0 by security tracker role at 2023-02-24T20:10:26+00:00
automatic update
- - - - -
c659d377 by Salvatore Bonaccorso at 2023-02-24T21:18:23+01:00
Process some NFUs
- - - - -
2e32229e by Salvatore Bonaccorso at 2023-02-24T21:20:48+01:00
Track fixed version for CVE-2021-3427/deluge for now via experimental
- - - - -
4b276e1b by Salvatore Bonaccorso at 2023-02-24T21:23:32+01:00
Track fixed version for CVE-2022-27672/xen via unstable
- - - - -
d9173031 by Salvatore Bonaccorso at 2023-02-24T21:26:05+01:00
Process some NFUs
- - - - -
072bbc3a by Salvatore Bonaccorso at 2023-02-24T21:34:24+01:00
Take care of releasing multipath-tools as prepared
- - - - -
7da191f9 by Adrian Bunk at 2023-02-24T22:58:04+02:00
Reserve DLA-3343-1 for mono
- - - - -
ab9e510e by Adrian Bunk at 2023-02-24T23:03:24+02:00
lts: take imagemagick
- - - - -
989d2a00 by Guilhem Moulin at 2023-02-25T01:27:21+01:00
Mark CVE-2023-23918 as not-affected for Buster.
v10.x doesn't support policy manifests (nor ‘--experimental-policy=’ /
‘--policy-*=’ options).
- - - - -
3b5fcac5 by security tracker role at 2023-02-25T08:10:12+00:00
automatic update
- - - - -
a318bda1 by Salvatore Bonaccorso at 2023-02-25T10:58:40+01:00
Process two NFUs
- - - - -
aba22d17 by Adrian Bunk at 2023-02-25T12:28:10+02:00
CVE-2022-48338: Vulnerable code introduced after buster
- - - - -
2c468dbd by Ola Lundqvist at 2023-02-25T11:34:55+01:00
LTS: add php7.3 to dla-needed.txt
- - - - -
26bb340a by Ola Lundqvist at 2023-02-25T11:36:37+01:00
LTS: add mariadb-10.3 to dla-needed.txt
- - - - -
abf43d25 by Adrian Bunk at 2023-02-25T12:39:36+02:00
CVE-2023-24329 seems still unfixed in python3.11
- - - - -
a8fd920d by Guilhem Moulin at 2023-02-25T13:28:42+01:00
LTS: claim php7.3 in dla-needed.txt
- - - - -
9f09c202 by Salvatore Bonaccorso at 2023-02-25T15:04:30+01:00
Track fixed version for CVE-2023-24607/qt6-base via unstable
- - - - -
ec9c4000 by Salvatore Bonaccorso at 2023-02-25T15:06:15+01:00
Remove notes from CVE-2017-1000
It was rejected. It was said to be unused in the CNA pool for an issue
during 2017. I fact we suspected it's a duplicate of CVE-2017-1000112
and possibly was just a typo truncating the last digits.
- - - - -
0d7bcbe5 by Guilhem Moulin at 2023-02-25T19:21:16+01:00
Add links to follow-up commits for CVE-2022-32212/nodejs.
- - - - -
ff9b8586 by Anton Gladky at 2023-02-25T20:43:30+01:00
Merge branch 'master' into fix_987283
- - - - -
f7f15439 by Anton Gladky at 2023-02-25T22:37:42+01:00
Use extra ignored_packages table
- - - - -
21 changed files:
- Makefile
- bin/grab-cve-in-fix
- bin/lts-cve-triage.py
- bin/lts-missing-uploads
- bin/report-vuln
- bin/tracker_service.py
- conf/cvelist.el
- data/CVE/list
- data/DLA/list
- data/DSA/list
- data/dla-needed.txt
- data/dsa-needed.txt
- data/embedded-code-copies
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
- data/packages/removed-packages
- lib/debian-releases.mk
- lib/python/security_db.py
- org/lts-frontdesk.2022.txt
- + org/lts-frontdesk.2023.txt
- − org/lts-frontdesk.py
Changes:
=====================================
Makefile
=====================================
@@ -1,6 +1,6 @@
PYTHON_MODULES = $(wildcard lib/python/*.py)
-MIRROR = http://debian.csail.mit.edu/debian
+MIRROR = http://deb.debian.org/debian
SECURITY_MIRROR = http://security.debian.org/debian-security
# Include the definitions of the releases to be fetched
@@ -48,7 +48,8 @@ update-$(1):
prefix="$$($(1)_RELEASE)_$$($(1)_SUBRELEASE)"; \
dist="$$($(1)_DIST)"; \
mirror="$$($(1)_MIRROR)"; \
- for section in main contrib non-free ; do \
+ sections="$$($(1)_SECTIONS)"; \
+ for section in main $$$$sections ; do \
bin/apt-update-file \
$$$$mirror/dists/$$$$dist/$$$$section/source/Sources \
data/packages/$$$${prefix}_$$$${section}_Sources ; \
=====================================
bin/grab-cve-in-fix
=====================================
@@ -355,6 +355,7 @@ def main():
data/packages/sid__main_Sources
data/packages/sid__contrib_Sources
data/packages/sid__non-free_Sources
+ data/packages/sid__non-free-firmware_Sources
"""
parser = argparse.ArgumentParser(
description="Grab CVE data from a package upload for manual review",
=====================================
bin/lts-cve-triage.py
=====================================
@@ -64,14 +64,14 @@ LIST_NAMES = (
('triage_possible_easy_fixes',
('Issues not yet triaged for {lts}, but already fixed in {next_lts}')
.format(**RELEASES)),
- ('triage_possible_missed_fixes',
- ('Issues postponed for {lts}, but already fixed in {next_lts} via DSA or point releases (to be fixed or <ignored>)')
- .format(**RELEASES)),
('triage_other_not_triaged_in_next_lts',
('Other issues to triage for {lts} (not yet triaged for {next_lts})')
.format(**RELEASES)),
('triage_other',
'Other issues to triage (no special status)'),
+ ('triage_possible_missed_fixes',
+ ('Issues postponed for {lts}, but already fixed in {next_lts} via DSA or point releases (to be fixed or <ignored>)')
+ .format(**RELEASES)),
('unexpected_nodsa',
('Issues tagged no-dsa in {lts} that are open in {next_lts}')
.format(**RELEASES)),
=====================================
bin/lts-missing-uploads
=====================================
@@ -26,9 +26,19 @@ import dateutil.relativedelta
from debian.deb822 import Sources
from debian.debian_support import Version
+import setup_paths # noqa # pylint: disable=unused-import
+import config
+
+lts = config.get_supported_releases()[0]
+
+
+class DLAForAnotherRelease(Exception):
+ pass
+
+
class LTSMissingUploads(object):
MONTHS = 6
- SOURCES = ['http://security.debian.org/dists/buster/updates/{}/source/Sources.gz'.format(component)
+ SOURCES = ['http://security.debian.org/dists/{}/updates/{}/source/Sources.gz'.format(lts, component)
for component in ('main', 'contrib', 'non-free')]
re_line = re.compile(
@@ -46,8 +56,11 @@ class LTSMissingUploads(object):
dlas = {}
def download(x):
self.info("{source}: parsing announcement from {url} ...", **x)
- x.update(self.get_dla(x['url'])[0])
- dlas[x['source']] = x
+ try:
+ x.update(self.get_dla(x['url'])[0])
+ dlas[x['source']] = x
+ except DLAForAnotherRelease:
+ pass
for idx in range(self.MONTHS):
dt = datetime.datetime.utcnow().replace(day=1) - \
@@ -112,7 +125,7 @@ class LTSMissingUploads(object):
return result
def get_dla(self, url):
- return self.parse(url, self.re_version)
+ return self.parse(url, self.re_version, is_dla=True)
def get_sources(self):
pkgver = {}
@@ -129,9 +142,14 @@ class LTSMissingUploads(object):
return pkgver
- def parse(self, url, pattern):
+ def parse(self, url, pattern, is_dla=False):
result = []
+ # if parsing a specific DLA (as opposed to the DLAs list), check
+ # if the DLA is for the current LTS release, and ignore if not
+ if is_dla and lts not in self.session.get(url).content.decode('utf-8'):
+ raise DLAForAnotherRelease
+
for x in self.session.get(url).content.splitlines():
m = pattern.search(x.decode('utf8'))
=====================================
bin/report-vuln
=====================================
@@ -49,7 +49,7 @@ def gen_index(ids):
if temp_id.match(id):
continue
ret += '\n[' + str(cnt) + '] https://security-tracker.debian.org/tracker/' + id + '\n'
- ret += ' https://cve.mitre.org/cgi-bin/cvename.cgi?name=' + id
+ ret += ' https://www.cve.org/CVERecord?id=' + id
return ret
=====================================
bin/tracker_service.py
=====================================
@@ -1521,8 +1521,8 @@ Debian bug number.'''),
action=url.scriptRelative(''))
def url_cve(self, url, name):
- return url.absolute("https://cve.mitre.org/cgi-bin/cvename.cgi",
- name=name)
+ return url.absolute("https://www.cve.org/CVERecord",
+ id=name)
def url_nvd(self, url, name):
return url.absolute("https://nvd.nist.gov/vuln/detail/%s" % name)
def url_cert_bug(self, url, name):
=====================================
conf/cvelist.el
=====================================
@@ -134,7 +134,7 @@
"A major mode for editing data/CVE/list in the Debian
secure-tracker repository."
(setq-local font-lock-defaults '(debian-cvelist-font-lock-keywords t))
- (setq indent-line-function 'debian-cvelist-indent-line))
+ (setq-local indent-line-function 'debian-cvelist-indent-line))
(provide 'debian-cvelist)
;;; cvelist.el ends here
=====================================
data/CVE/list
=====================================
The diff for this file was not included because it is too large.
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,810 @@
+[24 Feb 2023] DLA-3343-1 mono - security update
+ {CVE-2023-26314}
+ [buster] - mono 5.18.0.240+dfsg-3+deb10u1
+[24 Feb 2023] DLA-3342-1 freeradius - security update
+ {CVE-2022-41859 CVE-2022-41860 CVE-2022-41861}
+ [buster] - freeradius 3.0.17+dfsg-1.1+deb10u2
+[24 Feb 2023] DLA-3341-1 curl - security update
+ {CVE-2023-23916}
+ [buster] - curl 7.64.0-4+deb10u5
+[23 Feb 2023] DLA-3340-1 libgit2 - security update
+ {CVE-2020-12278 CVE-2020-12279 CVE-2023-22742}
+ [buster] - libgit2 0.27.7+dfsg.1-0.2+deb10u1
+[23 Feb 2023] DLA-3339-1 binwalk - security update
+ {CVE-2022-4510}
+ [buster] - binwalk 2.1.2~git20180830+dfsg1-1+deb10u1
+[23 Feb 2023] DLA-3338-1 git - security update
+ {CVE-2023-22490 CVE-2023-23946}
+ [buster] - git 1:2.20.1-2+deb10u8
+[23 Feb 2023] DLA-3337-1 mariadb-10.3 - bugfix update
+ [buster] - mariadb-10.3 1:10.3.38-0+deb10u1
+[23 Feb 2023] DLA-3336-1 node-url-parse - security update
+ {CVE-2021-3664 CVE-2021-27515 CVE-2022-0512 CVE-2022-0639 CVE-2022-0686 CVE-2022-0691}
+ [buster] - node-url-parse 1.2.0-2+deb10u2
+[22 Feb 2023] DLA-3335-1 asterisk - security update
+ {CVE-2022-23537 CVE-2022-23547 CVE-2022-31031 CVE-2022-37325 CVE-2022-39244 CVE-2022-39269 CVE-2022-42705 CVE-2022-42706}
+ [buster] - asterisk 1:16.28.0~dfsg-0+deb10u2
+[22 Feb 2023] DLA-3334-1 sofia-sip - security update
+ {CVE-2022-47516}
+ [buster] - sofia-sip 1.12.11+20110422.1-2.1+deb10u3
+[21 Feb 2023] DLA-3333-1 tiff - security update
+ {CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804}
+ [buster] - tiff 4.1.0+git191117-2~deb10u7
+[21 Feb 2023] DLA-3332-1 apr-util - security update
+ {CVE-2022-25147}
+ [buster] - apr-util 1.6.1-4+deb10u1
+[21 Feb 2023] DLA-3331-1 python-cryptography - security update
+ {CVE-2023-23931}
+ [buster] - python-cryptography 2.6.1-3+deb10u3
+[21 Feb 2023] DLA-3330-1 amanda - security update
+ {CVE-2022-37704}
+ [buster] - amanda 1:3.5.1-2+deb10u1
+[20 Feb 2023] DLA-3329-1 python-django - security update
+ {CVE-2023-24580}
+ [buster] - python-django 1:1.11.29-1+deb10u7
+[20 Feb 2023] DLA-3328-1 clamav - security update
+ {CVE-2023-20032 CVE-2023-20052}
+ [buster] - clamav 0.103.8+dfsg-0+deb10u1
+[20 Feb 2023] DLA-3327-1 nss - security update
+ {CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 CVE-2023-0767}
+ [buster] - nss 2:3.42.1-1+deb10u6
+[20 Feb 2023] DLA-3326-1 isc-dhcp - security update
+ [buster] - isc-dhcp 4.4.1-2+deb10u3
+[20 Feb 2023] DLA-3325-1 openssl - security update
+ {CVE-2022-2097 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286}
+ [buster] - openssl 1.1.1n-0+deb10u4
+[20 Feb 2023] DLA-3324-1 thunderbird - security update
+ {CVE-2022-46871 CVE-2022-46877 CVE-2023-0430 CVE-2023-0616 CVE-2023-0767 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25742 CVE-2023-25744 CVE-2023-25746}
+ [buster] - thunderbird 1:102.8.0-1~deb10u1
+[18 Feb 2023] DLA-3323-1 c-ares - security update
+ {CVE-2022-4904}
+ [buster] - c-ares 1.14.0-1+deb10u2
+[18 Feb 2023] DLA-3322-1 golang-github-opencontainers-selinux - security update
+ {CVE-2019-16884}
+ [buster] - golang-github-opencontainers-selinux 1.0.0~rc1+git20170621.5.4a2974b-1+deb10u1
+[18 Feb 2023] DLA-3321-1 gnutls28 - security update
+ {CVE-2023-0361}
+ [buster] - gnutls28 3.6.7-4+deb10u10
+[17 Feb 2023] DLA-3320-1 webkit2gtk - security update
+ {CVE-2023-23529}
+ [buster] - webkit2gtk 2.38.5-1~deb10u1
+[16 Feb 2023] DLA-3319-1 firefox-esr - security update
+ {CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25742 CVE-2023-25744 CVE-2023-25746}
+ [buster] - firefox-esr 102.8.0esr-1~deb10u1
+[14 Feb 2023] DLA-3318-1 haproxy - security update
+ {CVE-2023-25725}
+ [buster] - haproxy 1.8.19-1+deb10u4
+[11 Feb 2023] DLA-3317-1 snort - security update
+ {CVE-2020-3299 CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1236 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749 CVE-2021-40114}
+ [buster] - snort 2.9.20-0+deb10u1
+[10 Feb 2023] DLA-3316-1 postgresql-11 - security update
+ {CVE-2022-41862}
+ [buster] - postgresql-11 11.19-0+deb10u1
+[10 Feb 2023] DLA-3315-1 sox - security update
+ {CVE-2019-13590 CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651}
+ [buster] - sox 14.4.2+git20190427-1+deb10u1
+[09 Feb 2023] DLA-3314-1 libsdl2 - security update
+ {CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7638 CVE-2019-13616 CVE-2019-13626 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 CVE-2022-4743}
+ [buster] - libsdl2 2.0.9+dfsg1-1+deb10u1
+[08 Feb 2023] DLA-3313-1 wireshark - security update
+ {CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0415 CVE-2023-0417}
+ [buster] - wireshark 2.6.20-0+deb10u5
+[08 Feb 2023] DLA-3312-1 shim - security update
+ [buster] - shim 15.7-1~deb10u1
+[08 Feb 2023] DLA-3311-1 heimdal - security update
+ {CVE-2022-45142}
+ [buster] - heimdal 7.5.0+dfsg-3+deb10u2
+[07 Feb 2023] DLA-3310-1 xorg-server - security update
+ {CVE-2023-0494}
+ [buster] - xorg-server 2:1.20.4-1+deb10u8
+[06 Feb 2023] DLA-3309-1 graphite-web - security update
+ {CVE-2022-4728 CVE-2022-4729 CVE-2022-4730}
+ [buster] - graphite-web 1.1.4-3+deb10u2
+[06 Feb 2023] DLA-3308-1 webkit2gtk - security update
+ {CVE-2022-42826 CVE-2023-23517 CVE-2023-23518}
+ [buster] - webkit2gtk 2.38.4-2~deb10u1
+[06 Feb 2023] DLA-3307-1 openjdk-11 - security update
+ {CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843}
+ [buster] - openjdk-11 11.0.18+10-1~deb10u1
+[01 Feb 2023] DLA-3306-1 python-django - security update
+ {CVE-2023-23969}
+ [buster] - python-django 1:1.11.29-1+deb10u6
+[31 Jan 2023] DLA-3305-1 libstb - security update
+ {CVE-2018-16981 CVE-2019-13217 CVE-2019-13218 CVE-2019-13219 CVE-2019-13220 CVE-2019-13221 CVE-2019-13222 CVE-2019-13223 CVE-2021-28021 CVE-2021-37789 CVE-2021-42715 CVE-2022-28041 CVE-2022-28042}
+ [buster] - libstb 0.0~git20180212.15.e6afb9c-1+deb10u1
+[31 Jan 2023] DLA-3304-1 fig2dev - security update
+ {CVE-2020-21529 CVE-2020-21531 CVE-2020-21532 CVE-2020-21676 CVE-2021-32280}
+ [buster] - fig2dev 1:3.2.7a-5+deb10u5
+[31 Jan 2023] DLA-3303-1 ruby-git - security update
+ {CVE-2022-25648 CVE-2022-46648 CVE-2022-47318}
+ [buster] - ruby-git 1.2.8-1+deb10u1
+[31 Jan 2023] DLA-3302-1 nova - security update
+ {CVE-2022-47951}
+ [buster] - nova 2:18.1.0-6+deb10u2
+[31 Jan 2023] DLA-3301-1 cinder - security update
+ {CVE-2022-47951}
+ [buster] - cinder 2:13.0.7-1+deb10u2
+[31 Jan 2023] DLA-3300-1 glance - security update
+ {CVE-2022-47951}
+ [buster] - glance 2:17.0.0-5+deb10u1
+[30 Jan 2023] DLA-3299-1 node-qs - security update
+ {CVE-2022-24999}
+ [buster] - node-qs 6.5.2-1+deb10u1
+[31 Jan 2023] DLA-3298-1 ruby-rack - security update
+ {CVE-2020-8161 CVE-2020-8184 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572}
+ [buster] - ruby-rack 2.0.6-3+deb10u2
+[31 Jan 2023] DLA-3297-1 tiff - security update
+ {CVE-2022-48281}
+ [buster] - tiff 4.1.0+git191117-2~deb10u6
+[31 Jan 2023] DLA-3296-1 libhtml-stripscripts-perl - security update
+ {CVE-2023-24038}
+ [buster] - libhtml-stripscripts-perl 1.06-1+deb10u1
+[31 Jan 2023] DLA-3295-1 node-moment - security update
+ {CVE-2022-24785 CVE-2022-31129}
+ [buster] - node-moment 2.24.0+ds-1+deb10u1
+[30 Jan 2023] DLA-3294-1 libarchive - security update
+ {CVE-2022-36227}
+ [buster] - libarchive 3.3.3-4+deb10u3
+[30 Jan 2023] DLA-3293-1 modsecurity-crs - security update
+ {CVE-2018-16384 CVE-2019-13464 CVE-2020-22669 CVE-2022-39955 CVE-2022-39956 CVE-2022-39957 CVE-2022-39958}
+ [buster] - modsecurity-crs 3.2.3-0+deb10u3
+[29 Jan 2023] DLA-3292-1 sofia-sip - security update
+ {CVE-2023-22741}
+ [buster] - sofia-sip 1.12.11+20110422.1-2.1+deb10u2
+[29 Jan 2023] DLA-3291-1 node-object-path - security update
+ {CVE-2021-3805 CVE-2021-23434}
+ [buster] - node-object-path 0.11.4-2+deb10u2
+[29 Jan 2023] DLA-3290-1 libzen - security update
+ {CVE-2020-36646}
+ [buster] - libzen 0.4.37-1+deb10u1
+[28 Jan 2023] DLA-3289-1 dojo - security update
+ {CVE-2020-4051 CVE-2021-23450}
+ [buster] - dojo 1.14.2+dfsg1-1+deb10u3
+[28 Jan 2023] DLA-3288-1 curl - security update
+ {CVE-2022-27774 CVE-2022-32221 CVE-2022-35252 CVE-2022-43552}
+ [buster] - curl 7.64.0-4+deb10u4
+[28 Jan 2023] DLA-3287-1 lemonldap-ng - security update
+ {CVE-2020-16093 CVE-2022-37186}
+ [buster] - lemonldap-ng 2.0.2+ds-7+deb10u8
+[28 Jan 2023] DLA-3286-1 tor - security update
+ {CVE-2023-23589}
+ [buster] - tor 0.3.5.16-1+deb10u1
+[28 Jan 2023] DLA-3285-1 libapache-session-browseable-perl - security update
+ {CVE-2020-36659}
+ [buster] - libapache-session-browseable-perl 1.3.0-1+deb10u1
+[28 Jan 2023] DLA-3284-1 libapache-session-ldap-perl - security update
+ {CVE-2020-36658}
+ [buster] - libapache-session-ldap-perl 0.4-1+deb10u1
+[26 Jan 2023] DLA-3283-1 modsecurity-apache - security update
+ {CVE-2022-48279 CVE-2023-24021}
+ [buster] - modsecurity-apache 2.9.3-1+deb10u2
+[26 Jan 2023] DLA-3282-1 git - security update
+ {CVE-2022-23521 CVE-2022-41903}
+ [buster] - git 1:2.20.1-2+deb10u7
+[25 Jan 2023] DLA-3281-1 swift - security update
+ {CVE-2022-47950}
+ [buster] - swift 2.19.1-1+deb10u1
+[24 Jan 2023] DLA-3280-1 libde265 - security update
+ {CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655}
+ [buster] - libde265 1.0.3-1+deb10u3
+[23 Jan 2023] DLA-3279-1 trafficserver - security update
+ {CVE-2021-37150 CVE-2022-25763 CVE-2022-28129 CVE-2022-31780}
+ [buster] - trafficserver 8.0.2+ds-1+deb10u7
+[20 Jan 2023] DLA-3278-1 tiff - security update
+ {CVE-2022-1354 CVE-2022-1355 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 CVE-2022-34526}
+ [buster] - tiff 4.1.0+git191117-2~deb10u5
+[20 Jan 2023] DLA-3277-1 powerline-gitstatus - security update
+ {CVE-2022-42906}
+ [buster] - powerline-gitstatus 1.3.2-0+deb10u1
+[19 Jan 2023] DLA-3276-1 lava - security update
+ {CVE-2022-44641}
+ [buster] - lava 2019.01-5+deb10u2
+[19 Jan 2023] DLA-3275-1 firefox-esr - security update
+ {CVE-2022-46871 CVE-2022-46877 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605}
+ [buster] - firefox-esr 102.7.0esr-1~deb10u1
+[19 Jan 2023] DLA-3274-1 webkit2gtk - security update
+ {CVE-2022-42852 CVE-2022-42856 CVE-2022-42867 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700}
+ [buster] - webkit2gtk 2.38.3-1~deb10u1
+[18 Jan 2023] DLA-3273-1 libitext5-java - security update
+ {CVE-2021-43113}
+ [buster] - libitext5-java 5.5.13-1+deb10u1
+[18 Jan 2023] DLA-3272-1 sudo - security update
+ {CVE-2023-22809}
+ [buster] - sudo 1.8.27-1+deb10u5
+[15 Jan 2023] DLA-3271-1 node-minimatch - security update
+ {CVE-2022-3517}
+ [buster] - node-minimatch 3.0.4-3+deb10u1
+[15 Jan 2023] DLA-3270-1 net-snmp - security update
+ {CVE-2022-44792 CVE-2022-44793}
+ [buster] - net-snmp 5.7.3+dfsg-5+deb10u4
+[14 Jan 2023] DLA-3269-1 libapreq2 - security update
+ {CVE-2022-22728}
+ [buster] - libapreq2 2.13-7~deb10u2
+[11 Jan 2023] DLA-3268-1 netty - security update
+ {CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-41881 CVE-2022-41915}
+ [buster] - netty 1:4.1.33-1+deb10u3
+[11 Jan 2023] DLA-3267-1 libxstream-java - security update
+ {CVE-2022-41966}
+ [buster] - libxstream-java 1.4.11.1-1+deb10u4
+[11 Jan 2023] DLA-3266-1 viewvc - security update
+ {CVE-2023-22456 CVE-2023-22464}
+ [buster] - viewvc 1.1.26-1+deb10u1
+[10 Jan 2023] DLA-3265-1 exiv2 - security update
+ {CVE-2017-11591 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2017-18005 CVE-2018-8976 CVE-2018-17581 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-20097 CVE-2019-13110 CVE-2019-13112 CVE-2019-13114 CVE-2019-13504 CVE-2019-14369 CVE-2019-14370 CVE-2019-17402 CVE-2020-18771 CVE-2021-29458 CVE-2021-32815 CVE-2021-34334 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622}
+ [buster] - exiv2 0.25-4+deb10u4
+[10 Jan 2023] DLA-3264-1 ruby-sinatra - security update
+ {CVE-2022-45442}
+ [buster] - ruby-sinatra 2.0.5-4+deb10u2
+[09 Jan 2023] DLA-3263-1 libtasn1-6 - security update
+ {CVE-2021-46848}
+ [buster] - libtasn1-6 4.13-3+deb10u1
+[05 Jan 2023] DLA-3262-1 smarty3 - security update
+ {CVE-2018-25047}
+ [buster] - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u2
+[05 Jan 2023] DLA-3261-1 libetpan - security update
+ {CVE-2022-4121}
+ [buster] - libetpan 1.9.3-2+deb10u2
+[01 Jan 2023] DLA-3260-1 node-xmldom - security update
+ {CVE-2021-21366 CVE-2022-39353}
+ [buster] - node-xmldom 0.1.27+ds-1+deb10u2
+[31 Dec 2022] DLA-3259-1 libjettison-java - security update
+ {CVE-2022-40150 CVE-2022-45685 CVE-2022-45693}
+ [buster] - libjettison-java 1.5.3-1~deb10u1
+[31 Dec 2022] DLA-3258-1 node-loader-utils - security update
+ {CVE-2022-37601}
+ [buster] - node-loader-utils 1.1.0-2+deb10u1
+[31 Dec 2022] DLA-3257-1 emacs - security update
+ {CVE-2022-45939}
+ [buster] - emacs 1:26.1+1-3.2+deb10u3
+[31 Dec 2022] DLA-3256-1 xorg-server - security update
+ {CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344}
+ [buster] - xorg-server 2:1.20.4-1+deb10u7
+[31 Dec 2022] DLA-3255-1 mplayer - security update
+ {CVE-2022-38850 CVE-2022-38851 CVE-2022-38855 CVE-2022-38858 CVE-2022-38860 CVE-2022-38861 CVE-2022-38863 CVE-2022-38864 CVE-2022-38865 CVE-2022-38866}
+ [buster] - mplayer 2:1.3.0-8+deb10u1
+[31 Dec 2022] DLA-3254-1 exuberant-ctags - security update
+ {CVE-2022-4515}
+ [buster] - exuberant-ctags 1:5.9~svn20110310-12+deb10u1
+[31 Dec 2022] DLA-3253-1 openvswitch - security update
+ {CVE-2022-4337 CVE-2022-4338}
+ [buster] - openvswitch 2.10.7+ds1-0+deb10u3
+[31 Dec 2022] DLA-3252-1 cacti - security update
+ {CVE-2020-8813 CVE-2020-23226 CVE-2020-25706 CVE-2022-0730 CVE-2022-46169}
+ [buster] - cacti 1.2.2+ds1-2+deb10u5
+[29 Dec 2022] DLA-3251-1 libcommons-net-java - security update
+ {CVE-2021-37533}
+ [buster] - libcommons-net-java 3.6-1+deb10u1
+[29 Dec 2022] DLA-3250-1 multipath-tools - security update
+ {CVE-2022-41973 CVE-2022-41974}
+ [buster] - multipath-tools 0.7.9-3+deb10u2
+[26 Dec 2022] DLA-3249-1 mbedtls - security update
+ {CVE-2019-16910 CVE-2019-18222 CVE-2020-10932 CVE-2020-10941 CVE-2020-16150 CVE-2020-36421 CVE-2020-36422 CVE-2020-36423 CVE-2020-36424 CVE-2020-36425 CVE-2020-36426 CVE-2020-36475 CVE-2020-36476 CVE-2020-36478 CVE-2021-24119 CVE-2021-43666 CVE-2021-44732 CVE-2022-35409}
+ [buster] - mbedtls 2.16.9-0~deb10u1
+[24 Dec 2022] DLA-3248-1 libksba - security update
+ {CVE-2022-47629}
+ [buster] - libksba 1.3.5-2+deb10u2
+[23 Dec 2022] DLA-3247-1 node-trim-newlines - security update
+ {CVE-2021-33623}
+ [buster] - node-trim-newlines 1.0.0-1+deb10u1
+[23 Dec 2022] DLA-3246-1 node-hawk - security update
+ {CVE-2022-29167}
+ [buster] - node-hawk 6.0.1+dfsg-1+deb10u1
+[21 Dec 2022] DLA-3245-1 linux - security update
+ {CVE-2022-2978 CVE-2022-3521 CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3640 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-4378 CVE-2022-20369 CVE-2022-29901 CVE-2022-40768 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750}
+ [buster] - linux 4.19.269-1
+[20 Dec 2022] DLA-3244-1 linux-5.10 - security update
+ {CVE-2021-3759 CVE-2022-3169 CVE-2022-3435 CVE-2022-3521 CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3594 CVE-2022-3628 CVE-2022-3640 CVE-2022-3643 CVE-2022-4139 CVE-2022-4378 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-47518 CVE-2022-47519 CVE-2022-47520 CVE-2022-47521}
+ [buster] - linux-5.10 5.10.158-2~deb10u1
+[15 Dec 2022] DLA-3243-1 php7.3 - security update
+ {CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-37454}
+ [buster] - php7.3 7.3.31-1~deb10u2
+[15 Dec 2022] DLA-3242-1 thunderbird - security update
+ {CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882}
+ [buster] - thunderbird 1:102.6.0-1~deb10u1
+[15 Dec 2022] DLA-3241-1 firefox-esr - security update
+ {CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882}
+ [buster] - firefox-esr 102.6.0esr-1~deb10u1
+[15 Dec 2022] DLA-3240-1 libde265 - security update
+ {CVE-2020-21595 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411}
+ [buster] - libde265 1.0.3-1+deb10u1
+[14 Dec 2022] DLA-3239-2 git - regression update
+ [buster] - git 1:2.20.1-2+deb10u6
+[13 Dec 2022] DLA-3239-1 git - security update
+ {CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260}
+ [buster] - git 1:2.20.1-2+deb10u5
+[13 Dec 2022] DLA-3238-1 pngcheck - security update
+ {CVE-2020-35511}
+ [buster] - pngcheck 3.0.3-1~deb10u2
+[12 Dec 2022] DLA-3237-1 node-tar - security update
+ {CVE-2021-37701 CVE-2021-37712}
+ [buster] - node-tar 4.4.6+ds1-3+deb10u2
+[12 Dec 2022] DLA-3236-1 openexr - security update
+ {CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479 CVE-2021-3598 CVE-2021-3605 CVE-2021-3933 CVE-2021-3941 CVE-2021-20296 CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-23215 CVE-2021-26260 CVE-2021-45942}
+ [buster] - openexr 2.2.1-4.1+deb10u2
+[11 Dec 2022] DLA-3235-1 node-eventsource - security update
+ {CVE-2022-1650}
+ [buster] - node-eventsource 0.2.1-1+deb10u1
+[10 Dec 2022] DLA-3234-1 hsqldb - security update
+ {CVE-2022-41853}
+ [buster] - hsqldb 2.4.1-2+deb10u1
+[10 Dec 2022] DLA-3190-2 grub2 - security update
+ {CVE-2022-2601 CVE-2022-3775}
+ [buster] - grub2 2.06-3~deb10u3
+[08 Dec 2022] DLA-3233-1 leptonlib - security update
+ {CVE-2022-38266}
+ [buster] - leptonlib 1.76.0-1+deb10u2
+[07 Dec 2022] DLA-3232-1 virglrenderer - security update
+ {CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 CVE-2020-8002 CVE-2020-8003 CVE-2022-0135}
+ [buster] - virglrenderer 0.7.0-2+deb10u1
+[07 Dec 2022] DLA-3231-1 dlt-daemon - security update
+ {CVE-2020-29394 CVE-2020-36244 CVE-2022-31291}
+ [buster] - dlt-daemon 2.18.0-1+deb10u1
+[07 Dec 2022] DLA-3230-1 jqueryui - security update
+ {CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-31160}
+ [buster] - jqueryui 1.12.1+dfsg-5+deb10u1
+[07 Dec 2022] DLA-3229-1 node-log4js - security update
+ {CVE-2022-21704}
+ [buster] - node-log4js 4.0.2-2+deb10u1
+[07 Dec 2022] DLA-3228-1 node-json-schema - security update
+ {CVE-2021-3918}
+ [buster] - node-json-schema 0.2.3-1+deb10u1
+[07 Dec 2022] DLA-3227-1 ruby-rails-html-sanitizer - security update
+ {CVE-2022-32209}
+ [buster] - ruby-rails-html-sanitizer 1.0.4-1+deb10u1
+[06 Dec 2022] DLA-3226-1 cgal - security update
+ {CVE-2020-28601 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604 CVE-2020-28605 CVE-2020-28606 CVE-2020-28607 CVE-2020-28608 CVE-2020-28609 CVE-2020-28610 CVE-2020-28611 CVE-2020-28612 CVE-2020-28613 CVE-2020-28614 CVE-2020-28615 CVE-2020-28616 CVE-2020-28617 CVE-2020-28618 CVE-2020-28619 CVE-2020-28620 CVE-2020-28621 CVE-2020-28622 CVE-2020-28623 CVE-2020-28624 CVE-2020-28625 CVE-2020-28626 CVE-2020-28627 CVE-2020-28628 CVE-2020-28629 CVE-2020-28630 CVE-2020-28631 CVE-2020-28632 CVE-2020-28633 CVE-2020-28634 CVE-2020-28635 CVE-2020-28636 CVE-2020-35628 CVE-2020-35629 CVE-2020-35630 CVE-2020-35631 CVE-2020-35632 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635 CVE-2020-35636}
+ [buster] - cgal 4.13-1+deb10u1
+[05 Dec 2022] DLA-3225-1 awstats - security update
+ {CVE-2022-46391}
+ [buster] - awstats 7.6+dfsg-2+deb10u2
+[05 Dec 2022] DLA-3224-1 http-parser - security update
+ {CVE-2020-8287}
+ [buster] - http-parser 2.8.1-1+deb10u3
+[05 Dec 2022] DLA-3223-1 giflib - security update
+ {CVE-2018-11490 CVE-2019-15133}
+ [buster] - giflib 5.1.4-3+deb10u1
+[05 Dec 2022] DLA-3222-1 node-fetch - security update
+ {CVE-2022-0235}
+ [buster] - node-fetch 1.7.3-1+deb10u1
+[05 Dec 2022] DLA-3221-1 node-cached-path-relative - security update
+ {CVE-2018-16472 CVE-2021-23518}
+ [buster] - node-cached-path-relative 1.0.1-2+deb10u1
+[04 Dec 2022] DLA-3220-1 clamav - new upstream version
+ [buster] - clamav 0.103.7+dfsg-0+deb10u1
+[04 Dec 2022] DLA-3219-1 jhead - security update
+ {CVE-2021-34055 CVE-2022-41751}
+ [buster] - jhead 1:3.00-8+deb10u1
+[03 Dec 2022] DLA-3218-1 libpgjava - security update
+ {CVE-2022-41946}
+ [buster] - libpgjava 42.2.5-2+deb10u3
+[03 Dec 2022] DLA-3217-1 g810-led - security update
+ {CVE-2022-46338}
+ [buster] - g810-led 0.3.3-2+deb10u1
+[03 Dec 2022] DLA-3216-1 vlc - security update
+ {CVE-2022-41325}
+ [buster] - vlc 3.0.17.4-0+deb10u2
+[02 Dec 2022] DLA-3215-1 snapd - security update
+ {CVE-2022-3328}
+ [buster] - snapd 2.37.4-1+deb10u2
+[30 Nov 2022] DLA-3214-1 libraw - security update
+ {CVE-2020-15503}
+ [buster] - libraw 0.19.2-2+deb10u2
+[29 Nov 2022] DLA-3213-1 krb5 - security update
+ {CVE-2022-42898}
+ [buster] - krb5 1.17-3+deb10u5
+[28 Nov 2022] DLA-3212-1 twisted - security update
+ {CVE-2022-39348}
+ [buster] - twisted 18.9.0-3+deb10u2
+[28 Nov 2022] DLA-3211-1 frr - security update
+ {CVE-2022-37032}
+ [buster] - frr 6.0.2-2+deb10u2
+[28 Nov 2022] DLA-3210-1 gerbv - security update
+ {CVE-2021-40401 CVE-2021-40403}
+ [buster] - gerbv 2.7.0-1+deb10u2
+[28 Nov 2022] DLA-3209-1 ini4j - security update
+ {CVE-2022-41404}
+ [buster] - ini4j 0.5.4-1~deb10u1
+[27 Nov 2022] DLA-3208-1 varnish - security update
+ {CVE-2020-11653 CVE-2022-45060}
+ [buster] - varnish 6.1.1-1+deb10u4
+[27 Nov 2022] DLA-3207-1 jackson-databind - security update
+ {CVE-2020-36518 CVE-2022-42003 CVE-2022-42004}
+ [buster] - jackson-databind 2.9.8-3+deb10u4
+[26 Nov 2022] DLA-3206-1 heimdal - security update
+ {CVE-2019-14870 CVE-2021-3671 CVE-2021-44758 CVE-2022-3437 CVE-2022-41916 CVE-2022-42898 CVE-2022-44640}
+ [buster] - heimdal 7.5.0+dfsg-3+deb10u1
+[25 Nov 2022] DLA-3205-1 inetutils - security update
+ {CVE-2019-0053 CVE-2021-40491 CVE-2022-39028}
+ [buster] - inetutils 2:1.9.4-7+deb10u2
+[24 Nov 2022] DLA-3204-1 vim - security update
+ {CVE-2022-0318 CVE-2022-0392 CVE-2022-0629 CVE-2022-0696 CVE-2022-1619 CVE-2022-1621 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-3235 CVE-2022-3256 CVE-2022-3352}
+ [buster] - vim 2:8.1.0875-5+deb10u4
+[23 Nov 2022] DLA-3203-1 nginx - security update
+ {CVE-2021-3618 CVE-2022-41741 CVE-2022-41742}
+ [buster] - nginx 1.14.2-2+deb10u5
+[22 Nov 2022] DLA-3202-1 libarchive - security update
+ {CVE-2019-19221 CVE-2021-23177 CVE-2021-31566}
+ [buster] - libarchive 3.3.3-4+deb10u2
+[22 Nov 2022] DLA-3201-1 ntfs-3g - security update
+ {CVE-2022-40284}
+ [buster] - ntfs-3g 1:2017.3.23AR.3-3+deb10u3
+[21 Nov 2022] DLA-3200-1 graphicsmagick - security update
+ {CVE-2022-1270}
+ [buster] - graphicsmagick 1.4+really1.3.35-1~deb10u3
+[17 Nov 2022] DLA-3199-1 firefox-esr - security update
+ {CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421}
+ [buster] - firefox-esr 102.5.0esr-1~deb10u1
+[17 Nov 2022] DLA-3198-1 php-phpseclib - security update
+ {CVE-2021-30130}
+ [buster] - php-phpseclib 2.0.30-2~deb10u1
+[17 Nov 2022] DLA-3197-1 phpseclib - security update
+ {CVE-2021-30130}
+ [buster] - phpseclib 1.0.19-3~deb10u1
+[17 Nov 2022] DLA-3196-1 thunderbird - security update
+ {CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421}
+ [buster] - thunderbird 1:102.5.0-1~deb10u1
+[17 Nov 2022] DLA-3195-1 jupyter-core - security update
+ {CVE-2022-39286}
+ [buster] - jupyter-core 4.4.0-2+deb10u1
+[17 Nov 2022] DLA-3194-1 asterisk - security update
+ {CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651}
+ [buster] - asterisk 1:16.28.0~dfsg-0+deb10u1
+[17 Nov 2022] DLA-3193-1 joblib - security update
+ [buster] - joblib 0.13.0-2+deb10u1
+[17 Nov 2022] DLA-3192-1 lava - security update
+ {CVE-2022-42902}
+ [buster] - lava 2019.01-5+deb10u1
+[17 Nov 2022] DLA-3191-1 python-django - security update
+ {CVE-2021-45452 CVE-2022-22818 CVE-2022-23833}
+ [buster] - python-django 1:1.11.29-1+deb10u4
+[16 Nov 2022] DLA-3190-1 grub2 - security update
+ {CVE-2022-2601 CVE-2022-3775}
+ [buster] - grub2 2.06-3~deb10u2
+[15 Nov 2022] DLA-3189-1 postgresql-11 - bugfix update
+ [buster] - postgresql-11 11.18-0+deb10u1
+[14 Nov 2022] DLA-3188-1 sysstat - security update
+ {CVE-2019-16167 CVE-2019-19725 CVE-2022-39377}
+ [buster] - sysstat 12.0.3-2+deb10u1
+[14 Nov 2022] DLA-3187-1 dropbear - security update
+ {CVE-2021-36369}
+ [buster] - dropbear 2018.76-5+deb10u2
+[10 Nov 2022] DLA-3186-1 exiv2 - security update
+ {CVE-2017-11683 CVE-2020-19716}
+ [buster] - exiv2 0.25-4+deb10u3
+[10 Nov 2022] DLA-3185-1 xorg-server - security update
+ {CVE-2022-3550 CVE-2022-3551}
+ [buster] - xorg-server 2:1.20.4-1+deb10u6
+[10 Nov 2022] DLA-3184-1 libjettison-java - security update
+ {CVE-2022-40149}
+ [buster] - libjettison-java 1.4.0-1+deb10u1
+[09 Nov 2022] DLA-3183-1 webkit2gtk - security update
+ {CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-46691}
+ [buster] - webkit2gtk 2.38.2-1~deb10u1
+[08 Nov 2022] DLA-3182-1 vim - security update
+ {CVE-2021-3927 CVE-2021-3928 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4192 CVE-2021-4193 CVE-2022-0213 CVE-2022-0261 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0408 CVE-2022-0413 CVE-2022-0417 CVE-2022-0443 CVE-2022-0554 CVE-2022-0572 CVE-2022-0685 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1154 CVE-2022-1616 CVE-2022-1720 CVE-2022-1851 CVE-2022-1898 CVE-2022-1968 CVE-2022-2285 CVE-2022-2304 CVE-2022-2598 CVE-2022-2946 CVE-2022-3099 CVE-2022-3134 CVE-2022-3234 CVE-2022-3324 CVE-2022-3705 CVE-2021-3872}
+ [buster] - vim 2:8.1.0875-5+deb10u3
+[07 Nov 2022] DLA-3181-1 sudo - security update
+ {CVE-2021-23239}
+ [buster] - sudo 1.8.27-1+deb10u4
+[07 Nov 2022] DLA-3180-1 python-scciclient - security update
+ {CVE-2022-2996}
+ [buster] - python-scciclient 0.7.2-2+deb10u1
+[07 Nov 2022] DLA-3179-1 pixman - security update
+ {CVE-2022-44638}
+ [buster] - pixman 0.36.0-1+deb10u1
+[04 Nov 2022] DLA-3178-1 ffmpeg - security update
+ [buster] - ffmpeg 7:4.1.10-0+deb10u1
+[04 Nov 2022] DLA-3177-1 python-django - security update
+ {CVE-2021-45115 CVE-2021-45116 CVE-2022-28346}
+ [buster] - python-django 1:1.11.29-1+deb10u3
+[03 Nov 2022] DLA-3176-1 clickhouse - security update
+ {CVE-2021-42387 CVE-2021-42388 CVE-2021-43304 CVE-2021-43305}
+ [buster] - clickhouse 18.16.1+ds-4+deb10u1
+[01 Nov 2022] DLA-3175-1 python3.7 - security update
+ {CVE-2022-37454}
+ [buster] - python3.7 3.7.3-2+deb10u4
+[31 Oct 2022] DLA-3174-1 pysha3 - security update
+ {CVE-2022-37454}
+ [buster] - pysha3 1.0.2-2+deb10u1
+[31 Oct 2022] DLA-3173-1 linux-5.10 - security update
+ {CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-1679 CVE-2022-2153 CVE-2022-2602 CVE-2022-2663 CVE-2022-2905 CVE-2022-3028 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303 CVE-2022-3586 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629 CVE-2022-3633 CVE-2022-3635 CVE-2022-3646 CVE-2022-3649 CVE-2022-20421 CVE-2022-20422 CVE-2022-39188 CVE-2022-39190 CVE-2022-39842 CVE-2022-40307 CVE-2022-41222 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750}
+ [buster] - linux-5.10 5.10.149-2~deb10u1
+[30 Oct 2022] DLA-3172-1 libxml2 - security update
+ {CVE-2022-40303 CVE-2022-40304}
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u5
+[30 Oct 2022] DLA-3171-1 distro-info-data - database update
+ [buster] - distro-info-data 0.41+deb10u6
+[30 Oct 2022] DLA-3170-1 thunderbird - security update
+ {CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932}
+ [buster] - thunderbird 1:102.4.0-1~deb10u1
+[29 Oct 2022] DLA-3169-1 batik - security update
+ {CVE-2022-41704 CVE-2022-42890}
+ [buster] - batik 1.10-2+deb10u2
+[29 Oct 2022] DLA-3168-1 openvswitch - security update
+ {CVE-2022-32166}
+ [buster] - openvswitch 2.10.7+ds1-0+deb10u2
+[29 Oct 2022] DLA-3167-1 ncurses - security update
+ {CVE-2022-29458}
+ [buster] - ncurses 6.1+20181013-2+deb10u3
+[28 Oct 2022] DLA-3166-1 ruby-sinatra - security update
+ {CVE-2022-29970}
+ [buster] - ruby-sinatra 2.0.5-4+deb10u1
+[28 Oct 2022] DLA-3165-1 expat - security update
+ {CVE-2022-43680}
+ [buster] - expat 2.2.6-2+deb10u6
+[27 Oct 2022] DLA-3164-1 python-django - security update
+ {CVE-2020-24583 CVE-2020-24584 CVE-2021-3281 CVE-2021-23336 CVE-2022-34265}
+ [buster] - python-django 1:1.11.29-1+deb10u2
+[26 Oct 2022] DLA-3163-1 wordpress - security update
+ [buster] - wordpress 5.0.18+dfsg1-0+deb10u1
+[26 Oct 2022] DLA-3162-1 libdatetime-timezone-perl - new timezone database
+ [buster] - libdatetime-timezone-perl 1:2.23-1+2022e
+[26 Oct 2022] DLA-3161-1 tzdata - new timezone database
+ [buster] - tzdata 2021a-0+deb10u8
+[26 Oct 2022] DLA-3160-1 tomcat9 - security update
+ {CVE-2021-43980 CVE-2022-23181 CVE-2022-29885}
+ [buster] - tomcat9 9.0.31-1~deb10u7
+[25 Oct 2022] DLA-3159-1 libbluray - bugfix update
+ [buster] - libbluray 1:1.1.0-1+deb10u1
+[24 Oct 2022] DLA-3158-1 wkhtmltopdf - security update
+ {CVE-2020-21365}
+ [buster] - wkhtmltopdf 0.12.5-1+deb10u1
+[24 Oct 2022] DLA-3157-1 bluez - security update
+ {CVE-2019-8921 CVE-2019-8922 CVE-2021-41229 CVE-2021-43400 CVE-2022-0204 CVE-2022-39176 CVE-2022-39177}
+ [buster] - bluez 5.50-1.2~deb10u3
+[20 Oct 2022] DLA-3156-1 firefox-esr - security update
+ {CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932}
+ [buster] - firefox-esr 102.4.0esr-1~deb10u1
+[18 Oct 2022] DLA-3155-1 bcel - security update
+ {CVE-2022-34169}
+ [buster] - bcel 6.2-1+deb10u1
+[18 Oct 2022] DLA-3154-1 node-xmldom - security update
+ {CVE-2022-37616}
+ [buster] - node-xmldom 0.1.27+ds-1+deb10u1
+[17 Oct 2022] DLA-3153-1 libksba - security update
+ {CVE-2022-3515}
+ [buster] - libksba 1.3.5-2+deb10u1
+[17 Oct 2022] DLA-3152-1 glibc - security update
+ {CVE-2016-10228 CVE-2019-19126 CVE-2019-25013 CVE-2020-1752 CVE-2020-6096 CVE-2020-10029 CVE-2020-27618 CVE-2021-3326 CVE-2021-3999 CVE-2021-27645 CVE-2021-33574 CVE-2021-35942 CVE-2022-23218 CVE-2022-23219}
+ [buster] - glibc 2.28-10+deb10u2
+[13 Oct 2022] DLA-3151-1 squid - security update
+ {CVE-2022-41317 CVE-2022-41318}
+ [buster] - squid 4.6-1+deb10u8
+[12 Oct 2022] DLA-3150-1 rexical - security update
+ {CVE-2019-5477}
+ [buster] - rexical 1.0.5-2+deb10u1
+[12 Oct 2022] DLA-3149-1 ruby-nokogiri - security update
+ {CVE-2019-5477 CVE-2020-26247 CVE-2022-24836}
+ [buster] - ruby-nokogiri 1.10.0+dfsg1-2+deb10u1
+[12 Oct 2022] DLA-3148-1 mediawiki - security update
+ {CVE-2022-41765 CVE-2022-41767}
+ [buster] - mediawiki 1:1.31.16-1+deb10u4
+[11 Oct 2022] DLA-3147-1 twig - security update
+ {CVE-2022-39261}
+ [buster] - twig 2.6.2-2+deb10u1
+[11 Oct 2022] DLA-3146-1 isc-dhcp - security update
+ {CVE-2022-2928 CVE-2022-2929}
+ [buster] - isc-dhcp 4.4.1-2+deb10u2
+[11 Oct 2022] DLA-3145-1 git - security update
+ {CVE-2021-21300 CVE-2021-40330}
+ [buster] - git 1:2.20.1-2+deb10u4
+[10 Oct 2022] DLA-3144-1 connman - security update
+ {CVE-2022-23096 CVE-2022-23097 CVE-2022-23098 CVE-2022-32293}
+ [buster] - connman 1.36-2.1~deb10u4
+[10 Oct 2022] DLA-3143-1 strongswan - security update
+ {CVE-2022-40617}
+ [buster] - strongswan 5.7.2-1+deb10u3
+[10 Oct 2022] DLA-3142-1 dbus - security update
+ {CVE-2022-42010 CVE-2022-42011 CVE-2022-42012}
+ [buster] - dbus 1.12.24-0+deb10u1
+[10 Oct 2022] DLA-3141-1 wordpress - security update
+ {CVE-2019-17670}
+ [buster] - wordpress 5.0.17+dfsg1-0+deb10u1
+[07 Oct 2022] DLA-3140-1 libpgjava - security update
+ {CVE-2022-31197}
+ [buster] - libpgjava 42.2.5-2+deb10u2
+[07 Oct 2022] DLA-3139-1 knot-resolver - security update
+ {CVE-2022-40188}
+ [buster] - knot-resolver 3.2.1-3+deb10u1
+[05 Oct 2022] DLA-3138-1 bind9 - security update
+ {CVE-2022-2795 CVE-2022-38177 CVE-2022-38178}
+ [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u8
+[05 Oct 2022] DLA-3137-1 nodejs - security update
+ {CVE-2021-22930 CVE-2021-22939 CVE-2021-22940 CVE-2022-21824 CVE-2022-32212}
+ [buster] - nodejs 10.24.0~dfsg-1~deb10u2
+[04 Oct 2022] DLA-3136-1 barbican - security update
+ {CVE-2022-3100}
+ [buster] - barbican 1:7.0.0-1+deb10u1
+[03 Oct 2022] DLA-3135-1 libdatetime-timezone-perl - new timezone database
+ [buster] - libdatetime-timezone-perl 1:2.23-1+2022d
+[03 Oct 2022] DLA-3134-1 tzdata - new timezone database
+ [buster] - tzdata 2021a-0+deb10u7
+[03 Oct 2022] DLA-3133-1 lighttpd - security update
+ {CVE-2022-37797}
+ [buster] - lighttpd 1.4.53-4+deb10u3
+[02 Oct 2022] DLA-3132-1 snakeyaml - security update
+ {CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751}
+ [buster] - snakeyaml 1.23-1+deb10u1
+[01 Oct 2022] DLA-3131-1 linux - security update
+ {CVE-2021-4159 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-1679 CVE-2022-2153 CVE-2022-2318 CVE-2022-2586 CVE-2022-2588 CVE-2022-2663 CVE-2022-3028 CVE-2022-26365 CVE-2022-26373 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 CVE-2022-36879 CVE-2022-36946 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307}
+ [buster] - linux 4.19.260-1
+[01 Oct 2022] DLA-3130-1 tinyxml - security update
+ {CVE-2021-42260}
+ [buster] - tinyxml 2.6.2-4+deb10u1
+[01 Oct 2022] DLA-3129-1 gdal - security update
+ {CVE-2019-17545 CVE-2021-45943}
+ [buster] - gdal 2.4.0+dfsg-1+deb10u1
+[01 Oct 2022] DLA-3128-1 node-thenify - security update
+ {CVE-2020-7677}
+ [buster] - node-thenify 3.3.0-1+deb10u1
+[30 Sep 2022] DLA-3114-2 mariadb-10.3 - regression update
+ [buster] - mariadb-10.3 1:10.3.36-0+deb10u2
+[30 Sep 2022] DLA-3127-1 libhttp-daemon-perl - security update
+ {CVE-2022-31081}
+ [buster] - libhttp-daemon-perl 6.01-3+deb10u1
+[30 Sep 2022] DLA-3126-1 libsndfile - security update
+ {CVE-2021-4156}
+ [buster] - libsndfile 1.0.28-6+deb10u2
+[30 Sep 2022] DLA-3125-1 libvncserver - security update
+ {CVE-2020-25708 CVE-2020-29260}
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u5
+[29 Sep 2022] DLA-3124-1 webkit2gtk - security update
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+ [buster] - webkit2gtk 2.38.0-1~deb10u1
+[27 Sep 2022] DLA-3123-1 thunderbird - security update
+ {CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
+ [buster] - thunderbird 1:102.3.0-1~deb10u1
+[27 Sep 2022] DLA-3122-1 dovecot - security update
+ {CVE-2021-33515 CVE-2022-30550}
+ [buster] - dovecot 1:2.3.4.1-5+deb10u7
+[26 Sep 2022] DLA-3121-1 firefox-esr - security update
+ {CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
+ [buster] - firefox-esr 102.3.0esr-1~deb10u2
+[26 Sep 2022] DLA-3120-1 poppler - security update
+ {CVE-2018-18897 CVE-2018-19058 CVE-2018-20650 CVE-2019-9903 CVE-2019-9959 CVE-2019-14494 CVE-2020-27778 CVE-2022-27337 CVE-2022-38784}
+ [buster] - poppler 0.71.0-5+deb10u1
+[25 Sep 2022] DLA-3119-1 expat - security update
+ {CVE-2022-40674}
+ [buster] - expat 2.2.6-2+deb10u5
+[22 Sep 2022] DLA-3118-1 unzip - security update
+ {CVE-2022-0529 CVE-2022-0530}
+ [buster] - unzip 6.0-23+deb10u3
+[22 Sep 2022] DLA-3117-1 mediawiki - security update
+ {CVE-2021-44856 CVE-2022-28201 CVE-2022-28202 CVE-2022-28203 CVE-2022-34911 CVE-2022-34912}
+ [buster] - mediawiki 1:1.31.16-1+deb10u3
+[21 Sep 2022] DLA-3116-1 mako - security update
+ {CVE-2022-40023}
+ [buster] - mako 1.0.7+ds1-1+deb10u1
+[19 Sep 2022] DLA-3115-1 e17 - security update
+ {CVE-2022-37706}
+ [buster] - e17 0.22.4-2+deb10u1
+[16 Sep 2022] DLA-3114-1 mariadb-10.3 - security update
+ {CVE-2021-46669 CVE-2022-21427 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27452 CVE-2022-27456 CVE-2022-27458 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32087 CVE-2022-32088 CVE-2022-32091 CVE-2022-38791}
+ [buster] - mariadb-10.3 1:10.3.36-0+deb10u1
+[16 Sep 2022] DLA-3113-1 libraw - security update
+ {CVE-2020-35530 CVE-2020-35531 CVE-2020-35532 CVE-2020-35533}
+ [buster] - libraw 0.19.2-2+deb10u1
+[16 Sep 2022] DLA-3112-1 bzip2 - bugfix update
+ [buster] - bzip2 1.0.6-9.2~deb10u2
+[15 Sep 2022] DLA-3111-1 mod-wsgi - security update
+ {CVE-2022-2255}
+ [buster] - mod-wsgi 4.6.5-1+deb10u1
+[15 Sep 2022] DLA-3110-1 glib2.0 - security update
+ {CVE-2021-3800}
+ [buster] - glib2.0 2.58.3-2+deb10u4
+[15 Sep 2022] DLA-3093-2 rails - regression update
+ [buster] - rails 2:5.2.2.1+dfsg-1+deb10u5
+[15 Sep 2022] DLA-3109-1 nova - security update
+ {CVE-2019-14433}
+ [buster] - nova 2:18.1.0-6+deb10u1
+[14 Sep 2022] DLA-3108-1 pcs - security update
+ {CVE-2022-1049}
+ [buster] - pcs 0.10.1-2+deb10u1
+[13 Sep 2022] DLA-3107-1 sqlite3 - security update
+ {CVE-2020-35525 CVE-2020-35527}
+ [buster] - sqlite3 3.27.2-3+deb10u2
+[13 Sep 2022] DLA-3106-1 python-oslo.utils - security update
+ {CVE-2022-0718}
+ [buster] - python-oslo.utils 3.36.5-0+deb10u2
+[13 Sep 2022] DLA-3105-1 connman - security update
+ {CVE-2022-32292 CVE-2022-32293}
+ [buster] - connman 1.36-2.1~deb10u3
+[12 Sep 2022] DLA-3104-1 paramiko - security update
+ {CVE-2022-24302}
+ [buster] - paramiko 2.4.2-0.1+deb10u1
+[12 Sep 2022] DLA-3103-1 zlib - security update
+ {CVE-2022-37434}
+ [buster] - zlib 1:1.2.11.dfsg-1+deb10u2
+[11 Sep 2022] DLA-3102-1 linux-5.10 - new package
+ {CVE-2022-2585 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373 CVE-2022-29900 CVE-2022-29901 CVE-2022-36879 CVE-2022-36946}
+ [buster] - linux-5.10 5.10.136-1~deb10u1
+[09 Sep 2022] DLA-3101-1 libxslt - security update
+ {CVE-2019-5815 CVE-2021-30560}
+ [buster] - libxslt 1.1.32-2.2~deb10u2
+[07 Sep 2022] DLA-3100-1 libgoogle-gson-java - security update
+ {CVE-2022-25647}
+ [buster] - libgoogle-gson-java 2.8.5-3+deb10u1
+[05 Sep 2022] DLA-3099-1 qemu - security update
+ {CVE-2020-13253 CVE-2020-15469 CVE-2020-15859 CVE-2020-25084 CVE-2020-25085 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29443 CVE-2020-35504 CVE-2020-35505 CVE-2021-3392 CVE-2021-3416 CVE-2021-3507 CVE-2021-3527 CVE-2021-3582 CVE-2021-3607 CVE-2021-3608 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748 CVE-2021-3930 CVE-2021-4206 CVE-2021-4207 CVE-2021-20181 CVE-2021-20196 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2022-26354 CVE-2022-35414}
+ [buster] - qemu 1:3.1+dfsg-8+deb10u9
+[04 Sep 2022] DLA-3098-1 libmodbus - security update
+ {CVE-2022-0367}
+ [buster] - libmodbus 3.1.4-2+deb10u2
+[04 Sep 2022] DLA-3097-1 thunderbird - security update
+ {CVE-2022-38472 CVE-2022-38473 CVE-2022-38478}
+ [buster] - thunderbird 1:91.13.0-1~deb10u1
+[03 Sep 2022] DLA-3096-1 ghostscript - security update
+ {CVE-2020-27792}
+ [buster] - ghostscript 9.27~dfsg-2+deb10u6
+[04 Sep 2022] DLA-3095-1 ruby-rack - security update
+ {CVE-2022-30122 CVE-2022-30123}
+ [buster] - ruby-rack 2.0.6-3+deb10u1
+[04 Sep 2022] DLA-3094-1 flac - security update
+ {CVE-2021-0561}
+ [buster] - flac 1.3.2-3+deb10u2
+[03 Sep 2022] DLA-3093-1 rails - security update
+ {CVE-2022-21831 CVE-2022-22577 CVE-2022-23633 CVE-2022-27777}
+ [buster] - rails 2:5.2.2.1+dfsg-1+deb10u4
+[02 Sep 2022] DLA-3092-1 dpdk - security update
+ {CVE-2022-2132}
+ [buster] - dpdk 18.11.11-1~deb10u2
+[02 Sep 2022] DLA-3091-1 sofia-sip - security update
+ {CVE-2022-31001 CVE-2022-31002 CVE-2022-31003}
+ [buster] - sofia-sip 1.12.11+20110422.1-2.1+deb10u1
+[31 Aug 2022] DLA-3090-1 php-horde-turba - security update
+ {CVE-2022-30287}
+ [buster] - php-horde-turba 4.2.23-1+deb10u1
+[31 Aug 2022] DLA-3089-1 php-horde-mime-viewer - security update
+ {CVE-2022-26874}
+ [buster] - php-horde-mime-viewer 2.2.2-3+deb10u1
+[30 Aug 2022] DLA-3088-1 net-snmp - security update
+ {CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810}
+ [buster] - net-snmp 5.7.3+dfsg-5+deb10u3
+[30 Aug 2022] DLA-3087-1 webkit2gtk - security update
+ {CVE-2022-32893}
+ [buster] - webkit2gtk 2.36.7-1~deb10u1
+[29 Aug 2022] DLA-3086-1 maven-shared-utils - security update
+ {CVE-2022-29599}
+ [buster] - maven-shared-utils 3.3.0-1+deb10u1
+[29 Aug 2022] DLA-3085-1 curl - security update
+ {CVE-2021-22898 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 CVE-2022-22576 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208}
+ [buster] - curl 7.64.0-4+deb10u3
+[27 Aug 2022] DLA-3084-1 ndpi - security update
+ {CVE-2020-15472 CVE-2020-15476}
+ [buster] - ndpi 2.6-3+deb10u1
+[28 Aug 2022] DLA-3083-1 puma - security update
+ {CVE-2021-29509 CVE-2021-41136 CVE-2022-23634 CVE-2022-24790}
+ [buster] - puma 3.12.0-2+deb10u3
+[27 Aug 2022] DLA-3082-1 exim4 - security update
+ {CVE-2022-37452}
+ [buster] - exim4 4.92-8+deb10u7
+[25 Aug 2022] DLA-3081-1 open-vm-tools - security update
+ {CVE-2022-31676}
+ [buster] - open-vm-tools 2:10.3.10-1+deb10u3
+[24 Aug 2022] DLA-3080-1 firefox-esr - security update
+ {CVE-2022-38472 CVE-2022-38473 CVE-2022-38478}
+ [buster] - firefox-esr 91.13.0esr-1~deb10u1
+[22 Aug 2022] DLA-3079-1 jetty9 - security update
+ {CVE-2022-2047 CVE-2022-2048}
+ [buster] - jetty9 9.4.16-0+deb10u2
+[20 Aug 2022] DLA-3078-1 kicad - security update
+ {CVE-2022-23803 CVE-2022-23804 CVE-2022-23946 CVE-2022-23947}
+ [buster] - kicad 5.0.2+dfsg1-1+deb10u1
+[18 Aug 2022] DLA-3077-1 ruby-tzinfo - security update
+ {CVE-2022-31163}
+ [buster] - ruby-tzinfo 1.2.5-1+deb10u1
+[18 Aug 2022] DLA-3076-1 freecad - security update
+ {CVE-2021-45844}
+ [buster] - freecad 0.18~pre1+dfsg1-5+deb10u1
+[18 Aug 2022] DLA-3075-1 schroot - security update
+ {CVE-2022-2787}
+ [buster] - schroot 1.6.10-6+deb10u1
+[18 Aug 2022] DLA-3074-1 epiphany-browser - security update
+ {CVE-2021-45085 CVE-2021-45087 CVE-2021-45088 CVE-2022-29536}
+ [buster] - epiphany-browser 3.32.1.2-3~deb10u2
+[17 Aug 2022] DLA-3073-1 webkit2gtk - security update
+ {CVE-2022-32792 CVE-2022-32816 CVE-2022-32891}
+ [buster] - webkit2gtk 2.36.6-1~deb10u1
[11 Aug 2022] DLA-3072-1 postgresql-11 - security update
{CVE-2022-2625}
[buster] - postgresql-11 11.17-0+deb10u1
@@ -182,7 +989,7 @@
{CVE-2022-0261 CVE-2022-0351 CVE-2022-0413 CVE-2022-0443 CVE-2022-0572 CVE-2022-1154 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621}
[stretch] - vim 2:8.0.0197-4+deb9u6
[16 May 2022] DLA-3010-1 ffmpeg - security update
- {CVE-2020-20902}
+ {CVE-2020-20902 CVE-2020-20891 CVE-2020-20892 CVE-2020-21688}
[stretch] - ffmpeg 7:3.2.18-0+deb9u1
[16 May 2022] DLA-3009-1 cifs-utils - security update
{CVE-2022-27239 CVE-2022-29869}
@@ -389,7 +1196,7 @@
{CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387}
[stretch] - firefox-esr 91.7.0esr-1~deb9u1
[09 Mar 2022] DLA-2941-1 linux-4.19 - security update
- {CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744 CVE-2021-3752 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155 CVE-2021-4203 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322 CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-38300 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39713 CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0001 CVE-2022-0002 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-22942 CVE-2022-24448 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375}
+ {CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744 CVE-2021-3752 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155 CVE-2021-4203 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322 CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-38300 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39713 CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0001 CVE-2022-0002 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-22942 CVE-2022-24448 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375}
[stretch] - linux-4.19 4.19.232-1~deb9u1
[09 Mar 2022] DLA-2940-1 linux - security update
{CVE-2021-3640 CVE-2021-3752 CVE-2021-4002 CVE-2021-4083 CVE-2021-4155 CVE-2021-4202 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-29264 CVE-2021-33033 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39714 CVE-2021-43976 CVE-2021-45095 CVE-2022-0001 CVE-2022-0002 CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-24448 CVE-2022-25258 CVE-2022-25375}
@@ -503,7 +1310,7 @@
{CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990}
[stretch] - expat 2.2.0-2+deb9u4
[29 Jan 2022] DLA-2903-1 libraw - security update
- {CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5804 CVE-2018-5805 CVE-2018-5806 CVE-2018-5807 CVE-2018-5808 CVE-2018-5810 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 CVE-2018-5815 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365}
+ {CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16910 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5804 CVE-2018-5805 CVE-2018-5806 CVE-2018-5807 CVE-2018-5808 CVE-2018-5810 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 CVE-2018-5815 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365}
[stretch] - libraw 0.17.2-6+deb9u2
[27 Jan 2022] DLA-2902-1 graphicsmagick - security update
{CVE-2020-12672}
@@ -912,7 +1719,7 @@
{CVE-2017-12678 CVE-2018-11439}
[stretch] - taglib 1.11.1+dfsg.1-0.3+deb9u1
[30 Sep 2021] DLA-2771-1 krb5 - security update
- {CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750}
+ {CVE-2018-5710 CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750}
[stretch] - krb5 1.15-1+deb9u3
[30 Sep 2021] DLA-2770-1 weechat - security update
{CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516}
@@ -1284,7 +2091,7 @@
{CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28017 CVE-2020-28019 CVE-2020-28020 CVE-2020-28021 CVE-2020-28022 CVE-2020-28023 CVE-2020-28024 CVE-2020-28025 CVE-2020-28026}
[stretch] - exim4 4.89-2+deb9u8
[04 May 2021] DLA-2649-1 cgal - security update
- {CVE-2020-28601 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635 CVE-2020-28636 CVE-2020-35628 CVE-2020-35636}
+ {CVE-2020-28601 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604 CVE-2020-28605 CVE-2020-28606 CVE-2020-28607 CVE-2020-28608 CVE-2020-28609 CVE-2020-28610 CVE-2020-28611 CVE-2020-28612 CVE-2020-28613 CVE-2020-28614 CVE-2020-28615 CVE-2020-28616 CVE-2020-28617 CVE-2020-28618 CVE-2020-28619 CVE-2020-28620 CVE-2020-28621 CVE-2020-28622 CVE-2020-28623 CVE-2020-28624 CVE-2020-28625 CVE-2020-28626 CVE-2020-28627 CVE-2020-28628 CVE-2020-28629 CVE-2020-28630 CVE-2020-28631 CVE-2020-28632 CVE-2020-28633 CVE-2020-28634 CVE-2020-28635 CVE-2020-28636 CVE-2020-35628 CVE-2020-35629 CVE-2020-35630 CVE-2020-35631 CVE-2020-35632 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635 CVE-2020-35636}
[stretch] - cgal 4.9-1+deb9u1
[05 May 2021] DLA-2648-1 mediawiki - security update
{CVE-2021-20270 CVE-2021-27291 CVE-2021-30152 CVE-2021-30155 CVE-2021-30158 CVE-2021-30159}
@@ -3258,7 +4065,6 @@
{CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255}
[jessie] - ruby2.1 2.1.5-2+deb8u8
[25 Nov 2019] DLA-2006-1 libxdmcp - security update
- {CVE-2017-2625}
[jessie] - libxdmcp 1:1.1.1-1+deb8u1
[25 Nov 2019] DLA-2005-1 tnef - security update
{CVE-2019-18849}
@@ -4114,7 +4920,7 @@
{CVE-2019-8320 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325}
[jessie] - ruby2.1 2.1.5-2+deb8u7
[28 Mar 2019] DLA-1734-1 libraw - security update
- {CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5808 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819}
+ {CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5807 CVE-2018-5808 CVE-2018-5810 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819}
[jessie] - libraw 0.16.0-9+deb8u4
[28 Mar 2019] DLA-1733-1 wpa - security update
{CVE-2016-10743}
@@ -4386,7 +5192,7 @@
{CVE-2018-19788 CVE-2019-6133}
[jessie] - policykit-1 0.105-15~deb8u4
[25 Jan 2019] DLA-1643-1 krb5 - security update
- {CVE-2018-5729 CVE-2018-5730 CVE-2018-20217}
+ {CVE-2018-5710 CVE-2018-5729 CVE-2018-5730 CVE-2018-20217}
[jessie] - krb5 1.12.1+dfsg-19+deb8u5
[25 Jan 2019] DLA-1642-1 postgresql-9.4 - new upstream version
[jessie] - postgresql-9.4 9.4.20-0+deb8u1
@@ -5253,7 +6059,7 @@
[23 Apr 2018] DLA-1358-1 ruby1.9.1 - security update
{CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078}
[wheezy] - ruby1.9.1 1.9.3.194-8.1+deb7u8
-[22 Apr 2018] DLA-1357-1 gunicorn -- security-update
+[22 Apr 2018] DLA-1357-1 gunicorn - security-update
{CVE-2018-1000164}
[wheezy] - gunicorn 0.14.5-3+deb7u2
[19 Apr 2018] DLA-1356-1 libreoffice - security update
@@ -8282,7 +9088,7 @@
[06 Dec 2015] DLA-360-1 linux-2.6 - security update
{CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-7990 CVE-2015-8324}
[squeeze] - linux-2.6 2.6.32-48squeeze17
-[04 Dec 2015] DLA-359-1 mysql-5.5 packages as an option announcement
+[04 Dec 2015] DLA-359-1 mysql-5.5 - packages as an option announcement
{CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-4752 CVE-2015-4737 CVE-2015-2648 CVE-2015-2643 CVE-2015-2620 CVE-2015-2582 CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913}
[squeeze] - mysql-5.5 5.5.46-0+deb6u1
[03 Dec 2015] DLA-358-1 openssl - security update
@@ -9151,7 +9957,7 @@
[21 Oct 2014] DLA-74-1 ppp - security update
{CVE-2014-3158}
[squeeze] - ppp 2.4.5-4+deb6u1
-[21 Oct 2014] DLA-73-1 tzdata update
+[21 Oct 2014] DLA-73-1 tzdata - update
[squeeze] - tzdata 2014h-0squeeze1
[20 Oct 2014] DLA-72-2 rsyslog - regression update
[squeeze] - rsyslog 4.6.4-2+deb6u2
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,473 @@
+[24 Feb 2023] DSA-5363-1 php7.4 - security update
+ {CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2022-31631}
+ [bullseye] - php7.4 7.4.33-1+deb11u3
+[24 Feb 2023] DSA-5362-1 frr - security update
+ {CVE-2022-37032}
+ [bullseye] - frr 7.5.1-1.1+deb11u1
+[24 Feb 2023] DSA-5361-1 tiff - security update
+ {CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804}
+ [bullseye] - tiff 4.2.0-1+deb11u4
+[23 Feb 2023] DSA-5360-1 emacs - security update
+ {CVE-2022-48337 CVE-2022-48338 CVE-2022-48339}
+ [bullseye] - emacs 1:27.1+1-3.1+deb11u2
+[23 Feb 2023] DSA-5359-1 chromium - security update
+ {CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941}
+ [bullseye] - chromium 110.0.5481.177-1~deb11u1
+[23 Feb 2023] DSA-5358-1 asterisk - security update
+ {CVE-2022-23537 CVE-2022-23547 CVE-2022-31031 CVE-2022-37325 CVE-2022-39244 CVE-2022-39269 CVE-2022-42705 CVE-2022-42706}
+ [bullseye] - asterisk 1:16.28.0~dfsg-0+deb11u2
+[23 Feb 2023] DSA-5357-1 git - security update
+ {CVE-2023-22490 CVE-2023-23946}
+ [bullseye] - git 1:2.30.2-1+deb11u2
+[20 Feb 2023] DSA-5356-1 sox - security update
+ {CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651}
+ [bullseye] - sox 14.4.2+git20190427-2+deb11u1
+[18 Feb 2023] DSA-5355-1 thunderbird - security update
+ {CVE-2022-46871 CVE-2022-46877 CVE-2023-0430 CVE-2023-0616 CVE-2023-0767 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25742 CVE-2023-25744 CVE-2023-25746}
+ [bullseye] - thunderbird 1:102.8.0-1~deb11u1
+[18 Feb 2023] DSA-5354-1 snort - security update
+ {CVE-2020-3299 CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1236 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749 CVE-2021-40114}
+ [bullseye] - snort 2.9.20-0+deb11u1
+[17 Feb 2023] DSA-5353-1 nss - security update
+ {CVE-2023-0767}
+ [bullseye] - nss 2:3.61-1+deb11u3
+[17 Feb 2023] DSA-5352-1 wpewebkit - security update
+ {CVE-2023-23529}
+ [bullseye] - wpewebkit 2.38.5-1~deb11u1
+[17 Feb 2023] DSA-5351-1 webkit2gtk - security update
+ {CVE-2023-23529}
+ [bullseye] - webkit2gtk 2.38.5-1~deb11u1
+[15 Feb 2023] DSA-5350-1 firefox-esr - security update
+ {CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25742 CVE-2023-25744 CVE-2023-25746}
+ [bullseye] - firefox-esr 102.8.0esr-1~deb11u1
+[14 Feb 2023] DSA-5349-1 gnutls28 - security update
+ {CVE-2023-0361}
+ [bullseye] - gnutls28 3.7.1-5+deb11u3
+[14 Feb 2023] DSA-5348-1 haproxy - security update
+ {CVE-2023-0056 CVE-2023-25725}
+ [bullseye] - haproxy 2.2.9-2+deb11u4
+[13 Feb 2023] DSA-5347-1 imagemagick - security update
+ {CVE-2022-44267 CVE-2022-44268}
+ [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u1
+[10 Feb 2023] DSA-5346-1 libde265 - security update
+ {CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655}
+ [bullseye] - libde265 1.0.11-0+deb11u1
+[08 Feb 2023] DSA-5345-1 chromium - security update
+ {CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705}
+ [bullseye] - chromium 110.0.5481.77-1~deb11u1
+[08 Feb 2023] DSA-5344-1 heimdal - security update
+ {CVE-2022-45142}
+ [bullseye] - heimdal 7.7.0+dfsg-2+deb11u3
+[07 Feb 2023] DSA-5343-1 openssl - security update
+ {CVE-2022-2097 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286}
+ [bullseye] - openssl 1.1.1n-0+deb11u4
+[07 Feb 2023] DSA-5342-1 xorg-server - security update
+ {CVE-2023-0494}
+ [bullseye] - xorg-server 2:1.20.11-1+deb11u5
+[06 Feb 2023] DSA-5341-1 wpewebkit - security update
+ {CVE-2022-42826 CVE-2023-23517 CVE-2023-23518}
+ [bullseye] - wpewebkit 2.38.4-1~deb11u1
+[06 Feb 2023] DSA-5340-1 webkit2gtk - security update
+ {CVE-2022-42826 CVE-2023-23517 CVE-2023-23518}
+ [bullseye] - webkit2gtk 2.38.4-2~deb11u1
+[05 Feb 2023] DSA-5339-1 libhtml-stripscripts-perl - security update
+ {CVE-2023-24038}
+ [bullseye] - libhtml-stripscripts-perl 1.06-1+deb11u1
+[01 Feb 2023] DSA-5338-1 cinder - security update
+ {CVE-2022-47951}
+ [bullseye] - cinder 2:17.0.1-1+deb11u1
+[01 Feb 2023] DSA-5337-1 nova - security update
+ {CVE-2022-47951}
+ [bullseye] - nova 2:22.0.1-2+deb11u1
+[01 Feb 2023] DSA-5336-1 glance - security update
+ {CVE-2022-47951}
+ [bullseye] - glance 2:21.0.0-2+deb11u1
+[01 Feb 2023] DSA-5335-1 openjdk-17 - security update
+ {CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843}
+ [bullseye] - openjdk-17 17.0.6+10-1~deb11u1
+[29 Jan 2023] DSA-5334-1 varnish - security update
+ {CVE-2022-45060}
+ [bullseye] - varnish 6.5.1-1+deb11u3
+[29 Jan 2023] DSA-5333-1 tiff - security update
+ {CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3636 CVE-2022-3970 CVE-2022-34526 CVE-2022-48281}
+ [bullseye] - tiff 4.2.0-1+deb11u3
+[29 Jan 2023] DSA-5332-1 git - security update
+ {CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 CVE-2022-41903}
+ [bullseye] - git 1:2.30.2-1+deb11u1
+[28 Jan 2023] DSA-5331-1 openjdk-11 - security update
+ {CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843}
+ [bullseye] - openjdk-11 11.0.18+10-1~deb11u1
+[27 Jan 2023] DSA-5330-1 curl - security update
+ {CVE-2022-32221 CVE-2022-43552}
+ [bullseye] - curl 7.74.0-1.3+deb11u5
+[26 Jan 2023] DSA-5329-1 bind9 - security update
+ {CVE-2022-3094 CVE-2022-3736 CVE-2022-3924}
+ [bullseye] - bind9 1:9.16.37-1~deb11u1
+[26 Jan 2023] DSA-5328-1 chromium - security update
+ {CVE-2023-0471 CVE-2023-0472 CVE-2023-0473 CVE-2023-0474}
+ [bullseye] - chromium 109.0.5414.119-1~deb11u1
+[24 Jan 2023] DSA-5327-1 swift - security update
+ {CVE-2022-47950}
+ [bullseye] - swift 2.26.0-10+deb11u1
+[24 Jan 2023] DSA-5326-1 nodejs - security update
+ {CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548}
+ [bullseye] - nodejs 12.22.12~dfsg-1~deb11u3
+[24 Jan 2023] DSA-5325-1 spip - security update
+ [bullseye] - spip 3.2.11-3+deb11u6
+[23 Jan 2023] DSA-5324-1 linux - security update
+ {CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696 CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929 CVE-2023-0179 CVE-2023-0266 CVE-2023-0394 CVE-2023-23454 CVE-2023-23455}
+ [bullseye] - linux 5.10.162-1
+[19 Jan 2023] DSA-5323-1 libitext5-java - security update
+ {CVE-2021-43113}
+ [bullseye] - libitext5-java 5.5.13.2-1+deb11u1
+[18 Jan 2023] DSA-5322-1 firefox-esr - security update
+ {CVE-2022-46871 CVE-2022-46877 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605}
+ [bullseye] - firefox-esr 102.7.0esr-1~deb11u1
+[18 Jan 2023] DSA-5321-1 sudo - security update
+ {CVE-2023-22809}
+ [bullseye] - sudo 1.9.5p2-3+deb11u1
+[16 Jan 2023] DSA-5320-1 tor - security update
+ {CVE-2023-23589}
+ [bullseye] - tor 0.4.5.16-1
+[13 Jan 2023] DSA-5319-1 openvswitch - security update
+ {CVE-2022-4337 CVE-2022-4338}
+ [bullseye] - openvswitch 2.15.0+ds1-2+deb11u2
+[13 Jan 2023] DSA-5318-1 lava - security update
+ {CVE-2022-44641}
+ [bullseye] - lava 2020.12-5+deb11u2
+[13 Jan 2023] DSA-5317-1 chromium - security update
+ {CVE-2023-0141 CVE-2023-0140 CVE-2023-0139 CVE-2023-0138 CVE-2023-0137 CVE-2023-0136 CVE-2023-0135 CVE-2023-0134 CVE-2023-0133 CVE-2023-0132 CVE-2023-0131 CVE-2023-0130 CVE-2023-0129 CVE-2023-0128}
+ [bullseye] - chromium 109.0.5414.74-2~deb11u1
+[11 Jan 2023] DSA-5316-1 netty - security update
+ {CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-41881 CVE-2022-41915}
+ [bullseye] - netty 1:4.1.48-4+deb11u1
+[11 Jan 2023] DSA-5315-1 libxstream-java - security update
+ {CVE-2022-41966}
+ [bullseye] - libxstream-java 1.4.15-3+deb11u2
+[11 Jan 2023] DSA-5314-1 emacs - security update
+ {CVE-2022-45939}
+ [bullseye] - emacs 1:27.1+1-3.1+deb11u1
+[10 Jan 2023] DSA-5313-1 hsqldb - security update
+ {CVE-2022-41853}
+ [bullseye] - hsqldb 2.5.1-1+deb11u1
+[10 Jan 2023] DSA-5312-1 libjettison-java - security update
+ {CVE-2022-40149 CVE-2022-40150 CVE-2022-45685 CVE-2022-45693}
+ [bullseye] - libjettison-java 1.5.3-1~deb11u1
+[08 Jan 2023] DSA-5311-1 trafficserver - security update
+ {CVE-2022-32749 CVE-2022-37392}
+ [bullseye] - trafficserver 8.1.6+ds-1~deb11u1
+[31 Dec 2022] DSA-5310-1 ruby-image-processing - security update
+ {CVE-2022-24720}
+ [bullseye] - ruby-image-processing 1.10.3-1+deb11u1
+[31 Dec 2022] DSA-5309-1 wpewebkit - security update
+ {CVE-2022-42852 CVE-2022-42856 CVE-2022-42867 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700}
+ [bullseye] - wpewebkit 2.38.3-1~deb11u1
+[31 Dec 2022] DSA-5308-1 webkit2gtk - security update
+ {CVE-2022-42852 CVE-2022-42856 CVE-2022-42867 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700}
+ [bullseye] - webkit2gtk 2.38.3-1~deb11u1
+[29 Dec 2022] DSA-5307-1 libcommons-net-java - security update
+ {CVE-2021-37533}
+ [bullseye] - libcommons-net-java 3.6-1+deb11u1
+[27 Dec 2022] DSA-5306-1 gerbv - security update
+ {CVE-2021-40393 CVE-2021-40394 CVE-2021-40401 CVE-2021-40403}
+ [bullseye] - gerbv 2.7.0-2+deb11u2
+[21 Dec 2022] DSA-5305-1 libksba - security update
+ {CVE-2022-47629}
+ [bullseye] - libksba 1.5.0-3+deb11u2
+[20 Dec 2022] DSA-5304-1 xorg-server - security update
+ {CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344}
+ [bullseye] - xorg-server 2:1.20.11-1+deb11u4
+[16 Dec 2022] DSA-5303-1 thunderbird - security update
+ {CVE-2022-46882 CVE-2022-46881 CVE-2022-46880 CVE-2022-46878 CVE-2022-46874 CVE-2022-46872 CVE-2022-45414}
+ [bullseye] - thunderbird 1:102.6.0-1~deb11u1
+[16 Dec 2022] DSA-5302-1 chromium - security update
+ {CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440}
+ [bullseye] - chromium 108.0.5359.124-1~deb11u1
+[14 Dec 2022] DSA-5301-1 firefox-esr - security update
+ {CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882}
+ [bullseye] - firefox-esr 102.6.0esr-1~deb11u1
+[12 Dec 2022] DSA-5300-1 pngcheck - security update
+ {CVE-2020-35511}
+ [bullseye] - pngcheck 3.0.3-1~deb11u1
+[10 Dec 2022] DSA-5299-1 openexr - security update
+ {CVE-2021-3598 CVE-2021-3605 CVE-2021-3933 CVE-2021-3941 CVE-2021-23215 CVE-2021-26260 CVE-2021-45942}
+ [bullseye] - openexr 2.5.4-2+deb11u1
+[09 Dec 2022] DSA-5298-1 cacti - security update
+ {CVE-2022-0730 CVE-2022-46169}
+ [bullseye] - cacti 1.2.16+ds1-2+deb11u1
+[06 Dec 2022] DSA-5297-1 vlc - security update
+ {CVE-2022-41325}
+ [bullseye] - vlc 3.0.18-0+deb11u1
+[06 Dec 2022] DSA-5296-1 xfce4-settings - security update
+ {CVE-2022-45062}
+ [bullseye] - xfce4-settings 4.16.0-1+deb11u1
+[04 Dec 2022] DSA-5295-1 chromium - security update
+ {CVE-2022-4262}
+ [bullseye] - chromium 108.0.5359.94-1~deb11u1
+[04 Dec 2022] DSA-5294-1 jhead - security update
+ {CVE-2021-34055 CVE-2022-41751}
+ [bullseye] - jhead 1:3.04-6+deb11u1
+[03 Dec 2022] DSA-5293-1 chromium - security update
+ {CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195}
+ [bullseye] - chromium 108.0.5359.71-2~deb11u1
+[01 Dec 2022] DSA-5292-1 snapd - security update
+ {CVE-2022-3328}
+ [bullseye] - snapd 2.49-1+deb11u2
+[28 Nov 2022] DSA-5291-1 mujs - security update
+ {CVE-2022-30974 CVE-2022-30975 CVE-2022-44789}
+ [bullseye] - mujs 1.1.0-1+deb11u2
+[28 Nov 2022] DSA-5290-1 commons-configuration2 - security update
+ {CVE-2022-33980}
+ [bullseye] - commons-configuration2 2.8.0-1~deb11u1
+[27 Nov 2022] DSA-5289-1 chromium - security update
+ {CVE-2022-4135}
+ [bullseye] - chromium 107.0.5304.121-1~deb11u1
+[25 Nov 2022] DSA-5288-1 graphicsmagick - security update
+ {CVE-2022-1270}
+ [bullseye] - graphicsmagick 1.4+really1.3.36+hg16481-2+deb11u1
+[22 Nov 2022] DSA-5287-1 heimdal - security update
+ {CVE-2021-3671 CVE-2021-44758 CVE-2022-3437 CVE-2022-41916 CVE-2022-42898 CVE-2022-44640}
+ [bullseye] - heimdal 7.7.0+dfsg-2+deb11u2
+[19 Nov 2022] DSA-5286-1 krb5 - security update
+ {CVE-2022-42898}
+ [bullseye] - krb5 1.18.3-6+deb11u3
+[17 Nov 2022] DSA-5285-1 asterisk - security update
+ {CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651}
+ [bullseye] - asterisk 1:16.28.0~dfsg-0+deb11u1
+[17 Nov 2022] DSA-5284-1 thunderbird - security update
+ {CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421}
+ [bullseye] - thunderbird 1:102.5.0-1~deb11u1
+[17 Nov 2022] DSA-5283-1 jackson-databind - security update
+ {CVE-2020-36518 CVE-2022-42003 CVE-2022-42004}
+ [bullseye] - jackson-databind 2.12.1-1+deb11u1
+[17 Nov 2022] DSA-5279-2 wordpress - security update
+ [bullseye] - wordpress 5.7.8+dfsg1-0+deb11u2
+[16 Nov 2022] DSA-5282-1 firefox-esr - security update
+ {CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421}
+ [bullseye] - firefox-esr 102.5.0esr-1~deb11u1
+[15 Nov 2022] DSA-5281-1 nginx - security update
+ {CVE-2022-41741 CVE-2022-41742}
+ [bullseye] - nginx 1.18.0-6.1+deb11u3
+[15 Nov 2022] DSA-5280-1 grub2 - security update
+ {CVE-2022-2601 CVE-2022-3775}
+ [bullseye] - grub2 2.06-3~deb11u4
+[15 Nov 2022] DSA-5279-1 wordpress - security update
+ {CVE-2022-43497 CVE-2022-43500 CVE-2022-43504}
+ [bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1
+[13 Nov 2022] DSA-5278-1 xorg-server - security update
+ {CVE-2022-3550 CVE-2022-3551}
+ [bullseye] - xorg-server 2:1.20.11-1+deb11u3
+[13 Nov 2022] DSA-5277-1 php7.4 - security update
+ {CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454}
+ [bullseye] - php7.4 7.4.33-1+deb11u1
+[12 Nov 2022] DSA-5276-1 pixman - security update
+ {CVE-2022-44638}
+ [bullseye] - pixman 0.40.0-1.1~deb11u1
+[10 Nov 2022] DSA-5275-1 chromium - security update
+ {CVE-2022-3885 CVE-2022-3886 CVE-2022-3887 CVE-2022-3888 CVE-2022-3889 CVE-2022-3890}
+ [bullseye] - chromium 107.0.5304.110-1~deb11u1
+[08 Nov 2022] DSA-5274-1 wpewebkit - security update
+ {CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-46691}
+ [bullseye] - wpewebkit 2.38.2-1~deb11u1
+[08 Nov 2022] DSA-5273-1 webkit2gtk - security update
+ {CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-46691}
+ [bullseye] - webkit2gtk 2.38.2-1~deb11u1
+[06 Nov 2022] DSA-5272-1 xen - security update
+ {CVE-2022-33745 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42324 CVE-2022-42325 CVE-2022-42326}
+ [bullseye] - xen 4.14.5+86-g1c354767d5-1
+[05 Nov 2022] DSA-5271-1 libxml2 - security update
+ {CVE-2022-40303 CVE-2022-40304}
+ [bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u3
+[04 Nov 2022] DSA-5270-1 ntfs-3g - security update
+ {CVE-2022-40284}
+ [bullseye] - ntfs-3g 1:2017.3.23AR.3-4+deb11u3
+[02 Nov 2022] DSA-5269-1 pypy3 - security update
+ {CVE-2022-37454}
+ [bullseye] - pypy3 7.3.5+dfsg-2+deb11u2
+[01 Nov 2022] DSA-5268-1 ffmpeg - security update
+ [bullseye] - ffmpeg 7:4.3.5-0+deb11u1
+[30 Oct 2022] DSA-5267-1 pysha3 - security update
+ {CVE-2022-37454}
+ [bullseye] - pysha3 1.0.2-4.1+deb11u1
+[30 Oct 2022] DSA-5266-1 expat - security update
+ {CVE-2022-43680}
+ [bullseye] - expat 2.2.10-2+deb11u5
+[29 Oct 2022] DSA-5265-1 tomcat9 - security update
+ {CVE-2021-43980 CVE-2022-23181 CVE-2022-29885}
+ [bullseye] - tomcat9 9.0.43-2~deb11u4
+[29 Oct 2022] DSA-5264-1 batik - security update
+ {CVE-2022-41704 CVE-2022-42890}
+ [bullseye] - batik 1.12-4+deb11u1
+[29 Oct 2022] DSA-5263-1 chromium - security update
+ {CVE-2022-3723}
+ [bullseye] - chromium 107.0.5304.87-1~deb11u1
+[27 Oct 2022] DSA-5262-1 thunderbird - security update
+ {CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932}
+ [bullseye] - thunderbird 1:102.4.0-1~deb11u1
+[26 Oct 2022] DSA-5261-1 chromium - security update
+ {CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660 CVE-2022-3661}
+ [bullseye] - chromium 107.0.5304.68-1~deb11u1
+[23 Oct 2022] DSA-5260-1 lava - security update
+ {CVE-2022-42902}
+ [bullseye] - lava 2020.12-5+deb11u1
+[23 Oct 2022] DSA-5257-2 linux - regression update
+ [bullseye] - linux 5.10.149-2
+[19 Oct 2022] DSA-5259-1 firefox-esr - security update
+ {CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932}
+ [bullseye] - firefox-esr 102.4.0esr-1~deb11u1
+[19 Oct 2022] DSA-5258-1 squid - security update
+ {CVE-2022-41317 CVE-2022-41318}
+ [bullseye] - squid 4.13-10+deb11u2
+[18 Oct 2022] DSA-5257-1 linux - security update
+ {CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602 CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303 CVE-2022-20421 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722}
+ [bullseye] - linux 5.10.149-1
+[18 Oct 2022] DSA-5256-1 bcel - security update
+ {CVE-2022-34169}
+ [bullseye] - bcel 6.5.0-1+deb11u1
+[17 Oct 2022] DSA-5255-1 libksba - security update
+ {CVE-2022-3515}
+ [bullseye] - libksba 1.5.0-3+deb11u1
+[15 Oct 2022] DSA-5254-1 python-django - security update
+ {CVE-2022-41323 CVE-2022-36359 CVE-2022-34265 CVE-2022-28347 CVE-2022-28346 CVE-2022-23833 CVE-2022-22818}
+ [bullseye] - python-django 2:2.2.28-1~deb11u1
+[13 Oct 2022] DSA-5253-1 chromium - security update
+ {CVE-2022-3445 CVE-2022-3446 CVE-2022-3447 CVE-2022-3448 CVE-2022-3449 CVE-2022-3450}
+ [bullseye] - chromium 106.0.5249.119-1~deb11u1
+[12 Oct 2022] DSA-5252-1 libreoffice - security update
+ {CVE-2022-3140}
+ [bullseye] - libreoffice 1:7.0.4-4+deb11u4
+[06 Oct 2022] DSA-5251-1 isc-dhcp - security update
+ {CVE-2022-2928 CVE-2022-2929}
+ [bullseye] - isc-dhcp 4.4.1-2.3+deb11u1
+[06 Oct 2022] DSA-5250-1 dbus - security update
+ {CVE-2022-42010 CVE-2022-42011 CVE-2022-42012}
+ [bullseye] - dbus 1.12.24-0+deb11u1
+[06 Oct 2022] DSA-5249-1 strongswan - security update
+ {CVE-2022-40617}
+ [bullseye] - strongswan 5.9.1-1+deb11u3
+[05 Oct 2022] DSA-5248-1 php-twig - security update
+ {CVE-2022-39261}
+ [bullseye] - php-twig 2.14.3-1+deb11u2
+[04 Oct 2022] DSA-5247-1 barbican - security update
+ {CVE-2022-3100}
+ [bullseye] - barbican 1:11.0.0-3+deb11u1
+[04 Oct 2022] DSA-5246-1 mediawiki - security update
+ {CVE-2021-44854 CVE-2021-44855 CVE-2021-44856 CVE-2022-28201 CVE-2022-28202 CVE-2022-28203 CVE-2022-29248 CVE-2022-31042 CVE-2022-31043 CVE-2022-31090 CVE-2022-31091 CVE-2022-34911 CVE-2022-34912 CVE-2022-41765 CVE-2022-41767}
+ [bullseye] - mediawiki 1:1.35.8-1~deb11u1
+[02 Oct 2022] DSA-5245-1 chromium - security update
+ {CVE-2022-3370 CVE-2022-3373}
+ [bullseye] - chromium 106.0.5249.91-1~deb11u1
+[28 Sep 2022] DSA-5244-1 chromium - security update
+ {CVE-2022-3201 CVE-2022-3304 CVE-2022-3305 CVE-2022-3306 CVE-2022-3307 CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 CVE-2022-3311 CVE-2022-3312 CVE-2022-3313 CVE-2022-3314 CVE-2022-3315 CVE-2022-3316 CVE-2022-3317 CVE-2022-3318 CVE-2022-3443 CVE-2022-3444}
+ [bullseye] - chromium 106.0.5249.61-1~deb11u1
+[28 Sep 2022] DSA-5243-1 lighttpd - security update
+ {CVE-2022-37797 CVE-2022-41556}
+ [bullseye] - lighttpd 1.4.59-1+deb11u2
+[28 Sep 2022] DSA-5242-1 maven-shared-utils - security update
+ {CVE-2022-29599}
+ [bullseye] - maven-shared-utils 3.3.0-1+deb11u1
+[28 Sep 2022] DSA-5241-1 wpewebkit - security update
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+ [bullseye] - wpewebkit 2.38.0-1~deb11u1
+[28 Sep 2022] DSA-5240-1 webkit2gtk - security update
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+ [bullseye] - webkit2gtk 2.38.0-1~deb11u1
+[27 Sep 2022] DSA-5239-1 gdal - security update
+ {CVE-2021-45943}
+ [bullseye] - gdal 3.2.2+dfsg-2+deb11u2
+[27 Sep 2022] DSA-5238-1 thunderbird - security update
+ {CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
+ [bullseye] - thunderbird 1:102.3.0-1~deb11u1
+[23 Sep 2022] DSA-5237-1 firefox-esr - security update
+ {CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
+ [bullseye] - firefox-esr 102.3.0esr-1~deb11u1
+[22 Sep 2022] DSA-5236-1 expat - security update
+ {CVE-2022-40674}
+ [bullseye] - expat 2.2.10-2+deb11u4
+[22 Sep 2022] DSA-5235-1 bind9 - security update
+ {CVE-2022-2795 CVE-2022-3080 CVE-2022-38177 CVE-2022-38178}
+ [bullseye] - bind9 1:9.16.33-1~deb11u1
+[21 Sep 2022] DSA-5234-1 fish - security update
+ {CVE-2022-20001}
+ [bullseye] - fish 3.1.2-3+deb11u1
+[21 Sep 2022] DSA-5233-1 e17 - security update
+ {CVE-2022-37706}
+ [bullseye] - e17 0.24.2-8+deb11u1
+[21 Sep 2022] DSA-5232-1 tinygltf - security update
+ {CVE-2022-3008}
+ [bullseye] - tinygltf 2.5.0+dfsg-3+deb11u1
+[17 Sep 2022] DSA-5231-1 connman - security update
+ {CVE-2022-23096 CVE-2022-23097 CVE-2022-23098 CVE-2022-32292 CVE-2022-32293}
+ [bullseye] - connman 1.36-2.2+deb11u1
+[15 Sep 2022] DSA-5230-1 chromium - security update
+ {CVE-2022-3195 CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 CVE-2022-3842}
+ [bullseye] - chromium 105.0.5195.125-1~deb11u1
+[13 Sep 2022] DSA-5229-1 freecad - security update
+ {CVE-2021-45844 CVE-2021-45845}
+ [bullseye] - freecad 0.19.1+dfsg1-2+deb11u1
+[11 Sep 2022] DSA-5228-1 gdk-pixbuf - security update
+ {CVE-2021-44648 CVE-2021-46829}
+ [bullseye] - gdk-pixbuf 2.42.2+dfsg-1+deb11u1
+[07 Sep 2022] DSA-5227-1 libgoogle-gson-java - security update
+ {CVE-2022-25647}
+ [bullseye] - libgoogle-gson-java 2.8.6-1+deb11u1
+[06 Sep 2022] DSA-5226-1 pcs - security update
+ {CVE-2022-1049 CVE-2022-2735}
+ [bullseye] - pcs 0.10.8-1+deb11u1
+[06 Sep 2022] DSA-5225-1 chromium - security update
+ {CVE-2022-3075}
+ [bullseye] - chromium 105.0.5195.102-1~deb11u1
+[06 Sep 2022] DSA-5224-1 poppler - security update
+ {CVE-2022-27337 CVE-2022-38784}
+ [bullseye] - poppler 20.09.0-3.1+deb11u1
+[01 Sep 2022] DSA-5223-1 chromium - security update
+ {CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3042 CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3047 CVE-2022-3048 CVE-2022-3049 CVE-2022-3050 CVE-2022-3051 CVE-2022-3052 CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 CVE-2022-3058 CVE-2022-3071}
+ [bullseye] - chromium 105.0.5195.52-1~deb11u1
+[30 Aug 2022] DSA-5222-1 dpdk - security update
+ {CVE-2022-2132 CVE-2022-28199}
+ [bullseye] - dpdk 20.11.6-1~deb11u1
+[29 Aug 2022] DSA-5221-1 thunderbird - security update
+ {CVE-2022-38472 CVE-2022-38473 CVE-2022-38478}
+ [bullseye] - thunderbird 1:91.13.0-1~deb11u1
+[27 Aug 2022] DSA-5220-1 wpewebkit - security update
+ {CVE-2022-32893}
+ [bullseye] - wpewebkit 2.36.7-1~deb11u1
+[27 Aug 2022] DSA-5219-1 webkit2gtk - security update
+ {CVE-2022-32893}
+ [bullseye] - webkit2gtk 2.36.7-1~deb11u1
+[25 Aug 2022] DSA-5218-1 zlib - security update
+ {CVE-2022-37434}
+ [bullseye] - zlib 1:1.2.11.dfsg-2+deb11u2
+[24 Aug 2022] DSA-5217-1 firefox-esr - security update
+ {CVE-2022-38472 CVE-2022-38473 CVE-2022-38478}
+ [bullseye] - firefox-esr 91.13.0esr-1~deb11u1
+[24 Aug 2022] DSA-5216-1 libxslt - security update
+ {CVE-2021-30560}
+ [bullseye] - libxslt 1.1.34-4+deb11u1
+[24 Aug 2022] DSA-5215-1 open-vm-tools - security update
+ {CVE-2022-31676}
+ [bullseye] - open-vm-tools 2:11.2.5-2+deb11u1
+[21 Aug 2022] DSA-5214-1 kicad - security update
+ {CVE-2022-23803 CVE-2022-23804 CVE-2022-23946 CVE-2022-23947}
+ [bullseye] - kicad 5.1.9+dfsg1-1+deb11u1
+[18 Aug 2022] DSA-5213-1 schroot - security update
+ {CVE-2022-2787}
+ [bullseye] - schroot 1.6.10-12+deb11u1
+[18 Aug 2022] DSA-5212-1 chromium - security update
+ {CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 CVE-2022-2998}
+ [bullseye] - chromium 104.0.5112.101-1~deb11u1
+[16 Aug 2022] DSA-5211-1 wpewebkit - security update
+ {CVE-2022-32792 CVE-2022-32816 CVE-2022-32891}
+ [bullseye] - wpewebkit 2.36.6-1~deb11u1
+[16 Aug 2022] DSA-5210-1 webkit2gtk - security update
+ {CVE-2022-32792 CVE-2022-32816 CVE-2022-32891}
+ [bullseye] - webkit2gtk 2.36.6-1~deb11u1
+[16 Aug 2022] DSA-5209-1 net-snmp - security update
+ {CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810}
+ [bullseye] - net-snmp 5.9+dfsg-4+deb11u1
+[16 Aug 2022] DSA-5208-1 epiphany-browser - security update
+ {CVE-2022-29536}
+ [bullseye] - epiphany-browser 3.38.2-1+deb11u3
[15 Aug 2022] DSA-5207-1 linux - security update
{CVE-2022-2585 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373 CVE-2022-29900 CVE-2022-29901 CVE-2022-36879 CVE-2022-36946}
[bullseye] - linux 5.10.136-1
@@ -17,7 +487,7 @@
{CVE-2022-0529 CVE-2022-0530}
[bullseye] - unzip 6.0-26+deb11u1
[07 Aug 2022] DSA-5201-1 chromium - security update
- {CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624}
+ {CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624 CVE-2022-2742 CVE-2022-2743}
[bullseye] - chromium 104.0.5112.79-1~deb11u1
[07 Aug 2022] DSA-5200-1 libtirpc - security update
{CVE-2021-46828}
@@ -54,6 +524,7 @@
{CVE-2021-33655 CVE-2022-2318 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33744 CVE-2022-34918}
[bullseye] - linux 5.10.127-2
[26 Jul 2022] DSA-5190-1 spip - security update
+ {CVE-2022-37155}
[buster] - spip 3.2.4-1+deb10u9
[bullseye] - spip 3.2.11-3+deb11u5
[24 Jul 2022] DSA-5189-1 gsasl - security update
@@ -75,7 +546,7 @@
[buster] - mat2 0.8.0-3+deb10u1
[bullseye] - mat2 0.12.1-2+deb11u1
[15 Jul 2022] DSA-5184-1 xen - security update
- {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900}
+ {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900}
[bullseye] - xen 4.14.5+24-g87d90d511c-1
[15 Jul 2022] DSA-5183-1 wpewebkit - security update
{CVE-2022-22677 CVE-2022-26710}
@@ -155,7 +626,7 @@
{CVE-2022-24769 CVE-2022-31030}
[bullseye] - containerd 1.4.13~ds1-1~deb11u2
[11 Jun 2022] DSA-5161-1 linux - security update
- {CVE-2022-0494 CVE-2022-0854 CVE-2022-1012 CVE-2022-1729 CVE-2022-1786 CVE-2022-1789 CVE-2022-1852 CVE-2022-32250 CVE-2022-1972 CVE-2022-1974 CVE-2022-1975 CVE-2022-21499 CVE-2022-28893}
+ {CVE-2022-0494 CVE-2022-0854 CVE-2022-1012 CVE-2022-1729 CVE-2022-1786 CVE-2022-1789 CVE-2022-1852 CVE-2022-32250 CVE-2022-1974 CVE-2022-1975 CVE-2022-2078 CVE-2022-21499 CVE-2022-28893}
[bullseye] - linux 5.10.120-1
[10 Jun 2022] DSA-5160-1 ntfs-3g - security update
{CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789}
@@ -285,7 +756,7 @@
{CVE-2020-20891 CVE-2020-20892 CVE-2020-20896 CVE-2020-21688 CVE-2020-21697 CVE-2021-3566}
[buster] - ffmpeg 7:4.1.9-0+deb10u1
[27 Apr 2022] DSA-5125-1 chromium - security update
- {CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486 CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491 CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496 CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501}
+ {CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486 CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491 CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496 CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501}
[bullseye] - chromium 101.0.4951.41-1~deb11u1
[25 Apr 2022] DSA-5124-1 ffmpeg - security update
{CVE-2022-1475}
@@ -323,7 +794,7 @@
[buster] - webkit2gtk 2.36.0-3~deb10u1
[bullseye] - webkit2gtk 2.36.0-3~deb11u1
[07 Apr 2022] DSA-5114-1 chromium - security update
- {CVE-2022-1232}
+ {CVE-2022-1232 CVE-2022-3863}
[bullseye] - chromium 100.0.4896.75-1~deb11u1
[06 Apr 2022] DSA-5113-1 firefox-esr - security update
{CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289}
@@ -391,7 +862,7 @@
[buster] - firefox-esr 91.7.0esr-1~deb10u1
[bullseye] - firefox-esr 91.7.0esr-1~deb11u1
[09 Mar 2022] DSA-5096-1 linux - security update
- {CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744 CVE-2021-3752 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155 CVE-2021-4202 CVE-2021-4203 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322 CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-38300 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39713 CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0001 CVE-2022-0002 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-22942 CVE-2022-24448 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375}
+ {CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744 CVE-2021-3752 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155 CVE-2021-4202 CVE-2021-4203 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322 CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-38300 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39713 CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0001 CVE-2022-0002 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-22942 CVE-2022-24448 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375}
[buster] - linux 4.19.232-1
[09 Mar 2022] DSA-5095-1 linux - security update
{CVE-2020-36310 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-25636}
@@ -494,7 +965,7 @@
[buster] - firefox-esr 91.6.0esr-1~deb10u1
[bullseye] - firefox-esr 91.6.0esr-1~deb11u1
[07 Feb 2022] DSA-5068-1 chromium - security update
- {CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0458 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470}
+ {CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0458 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470 CVE-2022-4025}
[bullseye] - chromium 98.0.4758.80-1~deb11u1
[03 Feb 2022] DSA-5067-1 ruby2.7 - security update
{CVE-2021-41816 CVE-2021-41817 CVE-2021-41819}
@@ -618,7 +1089,7 @@
[buster] - apache2 2.4.38-3+deb10u7
[bullseye] - apache2 2.4.52-1~deb11u2
[02 Jan 2022] DSA-5034-1 thunderbird - security update
- {CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538}
+ {CVE-2021-4126 CVE-2021-4129 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538}
[buster] - thunderbird 1:91.4.1-1~deb10u1
[bullseye] - thunderbird 1:91.4.1-1~deb11u1
[30 Dec 2021] DSA-5033-1 fort-validator - security update
@@ -650,7 +1121,7 @@
[buster] - xorg-server 2:1.20.4-1+deb10u4
[bullseye] - xorg-server 2:1.20.11-1+deb11u1
[19 Dec 2021] DSA-5026-1 firefox-esr - security update
- {CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503}
+ {CVE-2021-4129 CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503}
[bullseye] - firefox-esr 91.4.1esr-1~deb11u1
[19 Dec 2021] DSA-5025-1 tang - security update
{CVE-2021-4076}
@@ -1135,13 +1606,13 @@
{CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870 CVE-2021-21806}
[buster] - webkit2gtk 2.30.6-1~deb10u1
[25 Mar 2021] DSA-4876-1 thunderbird - security update
- {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29950}
+ {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29950 CVE-2021-4127}
[buster] - thunderbird 1:78.9.0-1~deb10u1
[25 Mar 2021] DSA-4875-1 openssl - security update
{CVE-2021-3449}
[buster] - openssl 1.1.1d-0+deb10u6
[24 Mar 2021] DSA-4874-1 firefox-esr - security update
- {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29955}
+ {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29955 CVE-2021-4127}
[buster] - firefox-esr 78.9.0esr-1~deb10u1
[23 Mar 2021] DSA-4873-1 squid - security update
{CVE-2020-25097}
@@ -2756,7 +3227,7 @@
{CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876 CVE-2019-3828}
[stretch] - ansible 2.2.1.0-2+deb9u1
[18 Feb 2019] DSA-4395-1 chromium - security update
- {CVE-2018-17481 CVE-2018-20073 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5783 CVE-2019-5784 CVE-2019-13684}
+ {CVE-2018-17481 CVE-2018-20073 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5783 CVE-2019-5784 CVE-2019-13684 CVE-2019-13768}
[stretch] - chromium 72.0.3626.96-1~deb9u1
[18 Feb 2019] DSA-4394-1 rdesktop - security update
{CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182}
=====================================
data/dla-needed.txt
=====================================
@@ -12,98 +12,330 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.
-NOTE: IMPORTANT: during 2022-08, make sure you do NOT conflict with a
-NOTE: IMPORTANT: prepared upload for buster's last point release, see:
-NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian.org@packages.debian.org;tag=pu
-
--
-apache2
- NOTE: 20220811: Programming language: C.
- NOTE: 20220723: Prepared update 2.4.38-3+deb10u8 and filed #1014346 requesting SRM approval for upload to final buster point release (roberto)
- NOTE: 20220723: Received upload approval from SRM and uploaded to buster (roberto)
- NOTE: 20220809: Package is in oldstable-proposed-updates and will be in final buster point release (roberto)
+389-ds-base
+ NOTE: 20221231: Programming language: C.
+ NOTE: 20221231: Few users. Low prio. (opal).
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git
+--
+apache2 (Lee Garrett)
+ NOTE: 20221227: Programming language: C.
+ NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
+ NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!.
+ NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee)
+--
+ceph
+ NOTE: 20221031: Programming language: C++.
+ NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system.
+ NOTE: 20221031: What should be checked is whether any user with ceph permission can do the actions described in the exploit. (ola/front-desk)
+ NOTE: 20221130: CVE-2022-3650: The patch is kind of trivial Python stuff backporting work.
+ NOTE: 20221130: Can someone take care of it in Buster? I'm currently building the Bullseye backport of the fix...
+ NOTE: 20221130: https://lists.debian.org/debian-lts/2022/11/msg00025.html (zigo/maintainer)
+ NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ceph.git
+--
+consul
+ NOTE: 20221031: Programming language: Go.
+ NOTE: 20221031: Concluded that the package should be fixed by the CVE description. Source code not analyzed in detail.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/consul.git
+--
+emacs (Adrian Bunk)
+ NOTE: 20230223: Programming language: Lisp.
+ NOTE: 20230223: VCS: https://salsa.debian.org/lts-team/packages/emacs.git
--
-asterisk (Markus Koschany)
- NOTE: 20220810: Programming language: C.
+erlang
+ NOTE: 20221119: Programming language: Erlang.
+ NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch)
+ NOTE: 20230111: VCS: https://salsa.debian.org/erlang-team/packages/erlang
+ NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used.
--
-curl (Markus Koschany)
- NOTE: 20220802: Programming language: C.
+firmware-nonfree
+ NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it.
+ NOTE: 20221204: Coming soon in the first week of December. (apo)
+ NOTE: 20221211: Programming language: Binary blob
+ NOTE: 20221211: VCS: https://salsa.debian.org/lts-team/packages/firmware-nonfree.git
--
-epiphany-browser (Emilio)
- NOTE: 20220811: Programming language: C.
+fusiondirectory
+ NOTE: 20221203: Programming language: PHP.
+ NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk).
+ NOTE: 20221203: Two CVEs have only mitigation, fix in a new version (gladk).
+ NOTE: 20221203: Also the package was removed from sid recently (gladk)..
+ NOTE: 20221203: Feel free to marke both CVEs as <ignored>, if they are not too serious (gladk).
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/fusiondirectory.git
--
-freecad
- NOTE: 20220815: Programming language: Python.
- NOTE: 20220815: Not all of the vulnerable os.system calls exist in the buster version. (lamby)
+golang-1.11
+ NOTE: 20220916: Programming language: Go.
+ NOTE: 20220916: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't)
+ NOTE: 20220916: Harmonize with bullseye and stretch: 9 CVEs fixed in Debian 11.2 & 11.3 + 2 CVEs fixed in stretch-lts (Beuc/front-desk)
+ NOTE: 20220916: CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24921
+ NOTE: 20230111: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/golang.html
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/golang-1.11.git
--
-jetty9 (Markus Koschany)
- NOTE: 20220802: Programming language: Java.
+golang-github-nats-io-jwt
+ NOTE: 20221109: Programming language: Go.
+ NOTE: 20221109: Special attention: limited support, cf. buster release notes; not in bullseye
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/golang-github-nats-io-jwt.git
+--
+golang-go.crypto
+ NOTE: 20220915: Programming language: Go.
+ NOTE: 20220915: 3 CVEs fixed in stretch and bullseye (Beuc/front-desk)
+ NOTE: 20220915: Special attention: limited support, cf. buster release notes
+ NOTE: 20220915: Special attention: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1
+ NOTE: 20220915: Special attention: also check bullseye status
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/golang-go.crypto.git
+--
+golang-websocket
+ NOTE: 20220915: Programming language: Go.
+ NOTE: 20220915: 1 CVE fixed in stretch and bullseye (golang-github-gorilla-websocket) (Beuc/front-desk)
+ NOTE: 20220915: Special attention: limited support; requires rebuilding reverse dependencies
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/golang-websocket.git
+--
+golang-yaml.v2
+ NOTE: 20230125: Programming language: Go.
+ NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git
+ NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't).
+--
+imagemagick (Adrian Bunk)
+ NOTE: 20220904: Programming language: C.
+ NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git
+ NOTE: 20220904: Should be synced with Stretch. (apo)
+ NOTE: 20221212: Integrated patches for 31 CVEs so far and continuing to work. (roberto)
+ NOTE: 20230220: roberto put his work in lts-team/packages/imagemagick.git on Salsa so far on the debian/buster branch. He also pushed the related commits on the upstream and pristine-tar branches.
+
--
-kicad
- NOTE: 20220811: Programming language: C++.
+intel-microcode
+ NOTE: 20230219: Programming language: Binary blob.
+ NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/intel-microcode.git
--
-kopanocore (Andreas Rönnquist)
+kopanocore
NOTE: 20220801: Programming language: C++.
- NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
+ NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) (gusnan/retired)
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/kopanocore.git
--
-linux (Ben Hutchings)
+libapache2-mod-auth-mellon (Utkarsh)
+ NOTE: 20230105: Programming language: C.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/libapache2-mod-auth-mellon.git
+ NOTE: 20230220: upload prepped, testing remains. (utkarsh)
--
-maven-shared-utils
- NOTE: 20220813: Programming language: Java
- NOTE: 20220813: VCS: https://salsa.debian.org/java-team/maven-shared-utils
- NOTE: 20220813: Maintainer notes: Markus is active in the Java team
- NOTE: 20220813: Special attention: Relatively high popcon
- NOTE: 20220813: Patch is relatively high. Please check, whether it can safely be applied (Anton)
+libreoffice
+ NOTE: 20221012: Programming language: C++.
+ NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libreoffice.git
--
-mediawiki (Markus Koschany)
- NOTE: 20220810: Programming language: PHP.
+linux (Ben Hutchings)
+ NOTE: 20230111: Programming language: C
--
-ndpi (Anton)
- NOTE: 20220801: Programming language: C.
+man2html (gladk)
+ NOTE: 20221004: Programming language: C.
+ NOTE: 20221004: It looks like not patch is available.
+ NOTE: 20221004: Please evalulate, whether the issue can be marked as <ignored>.
+ NOTE: 20230213: VCS: https://salsa.debian.org/debian/man2html.git
--
-net-snmp
- NOTE: 20220816: Programming language: C.
+mariadb-10.3
+ NOTE: 20230225: Programming language: C.
+ NOTE: 20230225: VCS: https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster
+ NOTE: 20230225: Testsuite: https://lists.debian.org/debian-lts/2019/07/msg00049.html
+ NOTE: 20230225: Maintainer notes: Contact original maintainer, Otto.
--
netatalk
NOTE: 20220816: Programming language: C.
+ NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor)
+ NOTE: 20221212: VCS: https://salsa.debian.org/lts-team/packages/netatalk
+ NOTE: 20221212: Work is ongoing. CVE-2022-0194 is probably too intrusive. (gladk)
+--
+nheko
+ NOTE: 20230101: Programming language: C++.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/nheko.git
+--
+node-css-what
+ NOTE: 20221031: Programming language: Javascript.
+ NOTE: 20230130: Module has been rewritten in Typescript since Buster released (guilhem).
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/node-css-what.git
+--
+node-got
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
+ NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/node-got.git
+--
+node-nth-check
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
+ NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/node-nth-check.git
+--
+nodejs (guilhem)
+ NOTE: 20221105: Programming language: Javascript, C/C++, Python
+ NOTE: 20221105: VCS: https://salsa.debian.org/lts-team/packages/nodejs.git
+ NOTE: 20221105: Source code not checked. It may be so that the vulnerability is not present in buster.
+ NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html
+--
+nvidia-graphics-drivers
+ NOTE: 20221225: Programming language: binary blob.
+ NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)
+ NOTE: 20230103: https://lists.debian.org/debian-lts/2023/01/msg00005.html
--
-nodejs
- NOTE: 20220801: Programming language: JavaScript.
- NOTE: 20220801: one of the upstream fixes doesn't address the security issue
+nvidia-graphics-drivers-legacy-390xx
+ NOTE: 20221225: Programming language: binary blob.
+ NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)
+ NOTE: 20230103: https://lists.debian.org/debian-lts/2023/01/msg00005.html
+ NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/nvidia-graphics-drivers-legacy-390xx.git
--
-php-horde-mime-viewer
- NOTE: 20220816: Programming language: PHP.
+openimageio (Markus Koschany)
+ NOTE: 20221225: Programming language: C.
+ NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git
--
-php-horde-turba
- NOTE: 20220816: Programming language: PHP.
+php-cas
+ NOTE: 20221105: Programming language: PHP.
+ NOTE: 20221105: The fix is not backwards compatible. Should be investigated further whether this issue should be solved or ignored.. (ola)
+ NOTE: 20221107: php-cas only has 2 reverse-deps in buster (fusiondirectory, ocsinventory-reports),
+ NOTE: 20221107: consider fixing all 3 packages; also check situation in ELTS for reference (Beuc/front-desk)
+ NOTE: 20221110: upcoming DSA (Beuc/front-desk)
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/php-cas.git
--
-puma (Abhijith PA)
- NOTE: 20220801: Programming language: Ruby.
+php7.3 (guilhem)
+ NOTE: 20230225: Programming language: C.
+ NOTE: 20230225: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/php.html
--
-qemu (Abhijith PA)
- NOTE: 20220802: Programming language: C.
- NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and
- NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm)
- NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith)
+pluxml
+ NOTE: 20220913: Programming language: PHP.
+ NOTE: 20220913: Special attention: orphaned package.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/pluxml.git
--
-rsync (Stefano Rivera)
- NOTE: 20220811: Programming language: C.
- NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton)
+protobuf
+ NOTE: 20221031: Programming language: Several.
+ NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated code and must therefore get special attention from the application developer using protobuf.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/protobuf.git
+--
+puppet-module-puppetlabs-mysql
+ NOTE: 20221107: Programming language: Puppet, Ruby.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/puppet-module-puppetlabs-mysql.git
+--
+python-oslo.privsep
+ NOTE: 20221231: Programming language: Python.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git
+--
+python-werkzeug (Sylvain Beucler)
+ NOTE: 20230219: Programming language: Python.
+ NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/python-werkzeug.git
+--
+python3.7 (Adrian Bunk)
+ NOTE: 20230220: Programming language: Python.
+ NOTE: 20230220: VCS: https://salsa.debian.org/lts-team/packages/python3.7.git
+ NOTE: 20230220: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/python.html
+--
+qemu
+ NOTE: 20221108: Programming language: C.
+ NOTE: 20221108: I updated the status of all opened (minor) CVEs to more clearly state whether we can fix or are waiting for a patch,
+ NOTE: 20221108: there's about half of them that can be fixed now (or definitely ignored if backporting is too risky/complex) (Beuc/front-desk)
+ NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/qemu.html
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/qemu.git
+--
+r-cran-commonmark
+ NOTE: 20221009: Programming language: R.
+ NOTE: 20221009: Please synchronize with ghostwriter.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/r-cran-commonmark.git
+--
+rails
+ NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith)
+ NOTE: 20220909: Two issues https://lists.debian.org/debian-lts/2022/09/msg00014.html (abhijith)
+ NOTE: 20220909: https://lists.debian.org/debian-lts/2022/09/msg00004.html (abhijith)
+ NOTE: 20220909: upstream report https://github.com/rails/rails/issues/45590 (abhijith)
+ NOTE: 20220915: 2:5.2.2.1+dfsg-1+deb10u5 uploaded without the regression causing patch (abhijith)
+ NOTE: 20220915: Utkarsh prepared a patch and is on testing (abhijith)
+ NOTE: 20221003: https://github.com/rails/rails/issues/45590#issuecomment-1249123907 (abhijith)
+ NOTE: 20221024: Delay upload, see above comment, users have done workaround. Not a good idea
+ NOTE: 20221024: to break thrice in less than 2 month.
+ NOTE: 20221209: Programming language: Ruby.
+ NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/rails.html
+ NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the possible path forward. (utkarsh)
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rails.git
+--
+rainloop
+ NOTE: 20220913: Programming language: PHP, JavaScript.
+ NOTE: 20220913: Special attention: orphaned as of 2022-09.
+ NOTE: 20220913: Upstream appeared dead but there was activity 2 weeks ago,
+ NOTE: 20220913: a "SnappyMail" fork exists and may have patches we can use,
+ NOTE: 20220913: also there's an unofficial one for CVE-2022-29360;
+ NOTE: 20220913: Evaluate the situation and decide whether we should support or EOL this package (Beuc/front-desk)
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rainloop.git
+--
+ring
+ NOTE: 20221120: Programming language: C.
+ NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git
+--
+ruby-loofah (Daniel Leidert)
+ NOTE: 20221231: Programming language: Ruby.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/ruby-loofah.git
+--
+ruby-rails-html-sanitizer
+ NOTE: 20221231: Programming language: Ruby.
+ NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git
+--
+ruby-sidekiq (Utkarsh)
+ NOTE: 20221231: Programming language: Ruby.
+ NOTE: 20221231: CVE-2022-23837 was fixed in stretch so should be fixed in buster for consistency even though it is not that severe. (opal).
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/ruby-sidekiq.git
+ NOTE: 20230220: almost done-ish. Will roll out the DLA this week. (utkarsh)
+--
+runc (Sylvain Beucler)
+ NOTE: 20220905: Programming language: Go.
+ NOTE: 20220905: Special attention: Sync with Bullseye.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/runc.git
+ NOTE: 20230213: Starting checking security issues, packaging strategy and testing procedures (Beuc)
+ NOTE: 20230218: golang-github-opencontainers-selinux fix uploaded via DLA-3322-1 (Beuc)
+ NOTE: 20230220: Checking possible re-introduction of CVE-2019-19921 with upstream (Beuc)
--
salt
- NOTE: 20220814: Programming language: Python
+ NOTE: 20220814: Programming language: Python.
NOTE: 20220814: Packages is not in the supported packages by us.
NOTE: 20220814: Also, I am not sure, whether it is possible to fix issues
NOTE: 20220814: without backporting a newer verion. (Anton)
+ NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/salt.html
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/salt.git
+--
+samba (Lee Garrett)
+ NOTE: 20220904: Programming language: C.
+ NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/samba.git
+ NOTE: 20220904: Special attention: High popcon! Used in many servers.
+ NOTE: 20220904: Many postponed or open CVE in general. (apo)
+--
+spip
+ NOTE: 20230206: Programming language: PHP.
+ NOTE: 20230206: Special attention: Please contact maintainer regarding VCS usage
+ NOTE: 20230206: VCS: https://salsa.debian.org/debian/spip.git
+--
+sssd
+ NOTE: 20230131: Programming language: C.
+ NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
+--
+tinymce
+ NOTE: 20221227: Programming language: PHP.
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git
+--
+trafficserver
+ NOTE: 20230202: Programming language: C.
+ NOTE: 20230202: Note recent DLA-3279-1 update. Removed notes (2d9f50586010) suggest CVE-2022-31779 may have already been investigated. (lamby)
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/trafficserver.git
+ NOTE: 20230209: <tobi> very difficult to identify exact patches and on top significant refactoring, especially CVE-2022-31778
+ NOTE: 20230209; CVE-2022-32749 is possibly https://github.com/apache/trafficserver/pull/9243, (see security tracker)
+ NOTE: 20230209: CVE-2022-37392 mihgt be https://github.com/apache/trafficserver/commit/3b9cbf873a77bb7f9297f2b16496a290e0cf7de1
+ NOTE: 20230209: could find informatin for CVE-2022-31779, might be the same fix as CVE-2022-31778 (marked as to be ignored), but no proof on that…
+ NOTE: 20230209: not sure, maybe the safest way would be to update to 8.1.6. </tobi>
+--
+xfig (gladk)
+ NOTE: 20230105: Programming language: C.
+ NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/xfig.git
+ NOTE: 20230213: Communication with the maintainer.
--
-schroot (carnil)
- NOTE: 20220813: Programming language: C++
- NOTE: 20220813: VCS: https://salsa.debian.org/debian/schroot/
- NOTE: 20220813: Maintainer notes: Maintainer prepares o-o-stable updates
- NOTE: 20220813: Debian security team will release DSA and DLA
+xrdp
+ NOTE: 20221225: Programming language: C.
+ NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git
+ NOTE: 20230117: Fixed 6 out 10 CVEs. Testing (abhijith)
--
-zlib (Emilio)
- NOTE: 20220813: Programming language: C
- NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/
- NOTE: 20220813: Special attention: Very high popcon. Please test carefully!
+zabbix
+ NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too.
+ NOTE: 20221209: Programming language: C.
+ NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/zabbix.html
+ NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/zabbix.git
--
=====================================
data/dsa-needed.txt
=====================================
@@ -12,38 +12,35 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
--
-asterisk (apo)
+apr-util (carnil)
--
-epiphany-browser
- Emilio prepared a debdiff for review
+apr (carnil)
--
-freecad (aron)
+curl (jmm)
+ pending work on remaining test case
--
-gdk-pixbuf
---
-kicad (jmm)
+jupyter-core
+ Maintainer asked for availability to prepare updates
--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y versions
--
-maven-shared-utils
---
-net-snmp
---
netatalk
open regression with MacOS, tentative patch not yet merged upstream
--
-nodejs
+multipath-tools (carnil)
+ Tobias Frost proposed a potential update to be reviewed, maintainer reviewed changes, pending ack
+--
+php-cas
--
php-horde-mime-viewer
--
php-horde-turba
--
-rails
+rails (aron)
--
-rpki-client
- new 7.6 release required libretls, which isn't in Bullseye
+ruby-nokogiri
--
ruby-rack
--
@@ -51,16 +48,12 @@ ruby-tzinfo
--
salt
--
-schroot (carnil)
+samba
--
sofia-sip
+ Maintainer proposed debdiff for review with additional question and sent a followup
--
-sox
- patch needed for CVE-2021-40426, check with upstream
---
-webkit2gtk (berto)
---
-wpewebkit (berto)
---
-zlib (carnil)
+xrdp
+ needs some additional clarification, tentatively DSA worthy
+ maybe upgrade to 0.9.21 within bullseye?
--
=====================================
data/embedded-code-copies
=====================================
@@ -251,6 +251,7 @@ lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2
libxpm
- lesstif2 <unfixed> (embed; bug #575750)
- ia32-libs <removed> (embed)
+ - motif <unfixed>
kerberized apps with BSD origin
- krb4 <removed> (embed)
@@ -775,6 +776,8 @@ tolua
- freeciv <unfixed> (embed)
NOTE: actually tolua++
- enigma <unfixed> (embed)
+ - conky <unfixed> (embed)
+ NOTE: actually tolua++
asio-dev
- luxrender <removed> (embed)
@@ -1040,6 +1043,8 @@ jquery
- ikiwiki <unfixed> (embed; bug #643338)
- photofloat <removed> (embed; bug #721567)
- taglib 1.11+dfsg.1-0.1 (embed)
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds jquery ^3
jquery-goodies
- horizon <unfixed> (embed)
@@ -2909,6 +2914,7 @@ xmoto
irrlicht
- supertuxkart <unfixed> (modified-embed)
+ - minetest <unfixed> (fork)
snappy
- chromium-browser 35.0.1916.86-1
@@ -3446,6 +3452,44 @@ csrf-magic
twitter-bootstrap3
- ruby-rails-assets-bootstrap <unfixed> (embed; bug #838728)
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds bootstrap ^3.3.7
+
+bootstrap-rtl-ondemand (not packaged in Debian; no ITP)
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds bootstrap-rtl-ondemand ^3.3.4-ondemand
+
+node-moment
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds moment ^2.10
+
+gettext.js
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds gettext.js ^0.7
+
+c3
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds c3 ^0.7
+
+papaparse (not packaged in Debian; no ITP)
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds papaparse ^5.0
+
+fullcalendar (RFP: #606901)
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds fullcalendar ^3.10.2
+
+libjs-mousetrap
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds mousetrap ^1.6
+
+sortablejs
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds sortablejs #^1.8.4
+
+libjs-qunit
+ - tryton-sao <unfixed> (embed)
+ NOTE: Embeds qunit ^1.18
ruby-bootstrap-sass
- ruby-rails-assets-bootstrap <unfixed> (embed; bug #838729)
@@ -3505,7 +3549,7 @@ libstb
- renderdoc 1.7+dfsg-1 (embed; bug #949633)
- love 11.3-1 (embed; bug #949634)
- libsixel <unfixed> (embed; bug #949707)
- - retroarch <unfixed> (embed; bug #949708)
+ - retroarch 1.13.0+dfsg-1 (embed; bug #949708)
- libsfml <unfixed> (embed; bug #949709)
- sumo <unfixed> (embed; bug #950251)
- yquake2 <unfixed> (embed; bug #950252)
@@ -3746,3 +3790,6 @@ asterisk
ring
- pjproject <unfixed> (embed)
+
+php-dompdf
+ - icingaweb2 <unfixed> (embed)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -1,240 +1,4 @@
-CVE-2021-44906
- [buster] - node-minimist 1.2.0-1+deb10u2
-CVE-2022-24773
- [buster] - node-node-forge 0.8.1~dfsg-1+deb10u1
-CVE-2022-24772
- [buster] - node-node-forge 0.8.1~dfsg-1+deb10u1
-CVE-2022-24771
- [buster] - node-node-forge 0.8.1~dfsg-1+deb10u1
-CVE-2019-20446
- [buster] - librsvg 2.44.10-2.1+deb10u1
-CVE-2019-17134
- [buster] - octavia 3.0.0-3+deb10u1
CVE-2019-14433
[buster] - nova 2:18.1.0-6+deb10u1
-CVE-2019-14857
- [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u1
-CVE-2020-8492
- [buster] - python2.7 2.7.16-2+deb10u2
-CVE-2019-20907
- [buster] - python2.7 2.7.16-2+deb10u2
-CVE-2021-3177
- [buster] - python2.7 2.7.16-2+deb10u2
-CVE-2020-24583
- [buster] - python-django 1:1.11.29-1~deb10u2
-CVE-2020-24584
- [buster] - python-django 1:1.11.29-1~deb10u2
-CVE-2021-3281
- [buster] - python-django 1:1.11.29-1~deb10u2
-CVE-2021-23336
- [buster] - python-django 1:1.11.29-1~deb10u2
-CVE-2020-4051
- [buster] - dojo 1.14.2+dfsg1-1+deb10u3
-CVE-2021-32062
- [buster] - mapserver 7.2.2-1+deb10u1
-CVE-2020-35572
- [buster] - adminer 4.7.1-1+deb10u1
-CVE-2021-21311
- [buster] - adminer 4.7.1-1+deb10u1
-CVE-2021-29625
- [buster] - adminer 4.7.1-1+deb10u1
-CVE-2021-35525
- [buster] - postsrsd 1.5-2+deb10u2
-CVE-2021-3801
- [buster] - node-prismjs 1.11.0+dfsg-3+deb10u1
-CVE-2021-3930
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-3748
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-3713
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-3682
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-3608
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-3607
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-3582
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-3527
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-3392
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-20257
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-20221
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-20203
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-20196
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2021-20181
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-35505
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-35504
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-27617
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-25723
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-25624
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-25625
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-25085
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-25084
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-15859
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2020-13253
- [buster] - qemu 1:3.1+dfsg-8+deb10u9
-CVE-2015-9541
- [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u5
-CVE-2020-7711
- [buster] - golang-github-russellhaering-goxmldsig 0.0~git20170911.b7efc62-1+deb10u1
-CVE-2022-25308
- [buster] - fribidi 1.0.5-3.1+deb10u2
-CVE-2022-25309
- [buster] - fribidi 1.0.5-3.1+deb10u2
-CVE-2022-25310
- [buster] - fribidi 1.0.5-3.1+deb10u2
-CVE-2022-26505
- [buster] - minidlna 1.2.1+dfsg-2+deb10u3
-CVE-2019-12953
- [buster] - dropbear 2018.76-5+deb10u1
-CVE-2022-1328
- [buster] - mutt 1.10.1-2.1+deb10u6
-CVE-2022-27406
- [buster] - freetype 2.9.1-3+deb10u3
-CVE-2022-27405
- [buster] - freetype 2.9.1-3+deb10u3
-CVE-2022-27404
- [buster] - freetype 2.9.1-3+deb10u3
-CVE-2021-0561
- [buster] - flac 1.3.2-3+deb10u2
-CVE-2022-29078
- [buster] - node-ejs 2.5.7-1+deb10u1
-CVE-2019-12387
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2019-12855
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2019-9511
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2019-9514
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2019-9515
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2020-10108
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2020-10109
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2022-21712
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2022-21716
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2022-24801
- [buster] - twisted 18.9.0-3+deb10u1
-CVE-2022-3033
- [buster] - unrar-nonfree 1:5.6.6-1+deb10u1
-CVE-2021-41125
- [buster] - python-scrapy 1.5.1-1+deb10u1
-CVE-2022-0577
- [buster] - python-scrapy 1.5.1-1+deb10u1
-CVE-2022-24191
- [buster] - htmldoc 1.9.3-1+deb10u4
-CVE-2022-27114
- [buster] - htmldoc 1.9.3-1+deb10u4
-CVE-2022-28085
- [buster] - htmldoc 1.9.3-1+deb10u4
-CVE-2022-20770
- [buster] - clamav 0.103.6+dfsg-0+deb10u1
-CVE-2022-20796
- [buster] - clamav 0.103.6+dfsg-0+deb10u1
-CVE-2022-20771
- [buster] - clamav 0.103.6+dfsg-0+deb10u1
-CVE-2022-20785
- [buster] - clamav 0.103.6+dfsg-0+deb10u1
-CVE-2022-20792
- [buster] - clamav 0.103.6+dfsg-0+deb10u1
-CVE-2022-24828
- [buster] - composer 1.8.4-1+deb10u2
-CVE-2022-24775
- [buster] - php-guzzlehttp-psr7 1.4.2-0.1+deb10u1
-CVE-2021-4181
- [buster] - wireshark 2.6.20-0+deb10u4
-CVE-2021-4184
- [buster] - wireshark 2.6.20-0+deb10u4
-CVE-2021-4185
- [buster] - wireshark 2.6.20-0+deb10u4
-CVE-2021-22191
- [buster] - wireshark 2.6.20-0+deb10u4
-CVE-2022-0581
- [buster] - wireshark 2.6.20-0+deb10u4
-CVE-2022-0582
- [buster] - wireshark 2.6.20-0+deb10u4
-CVE-2022-0583
- [buster] - wireshark 2.6.20-0+deb10u4
-CVE-2022-0585
- [buster] - wireshark 2.6.20-0+deb10u4
-CVE-2022-0586
- [buster] - wireshark 2.6.20-0+deb10u4
-CVE-2022-28181
- [buster] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb10u1
-CVE-2022-28185
- [buster] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb10u1
-CVE-2022-22719
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-22720
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-22721
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-23943
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-26377
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-28615
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-28614
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-29404
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-30522
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-30556
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2022-31813
- [buster] - apache2 2.4.38-3+deb10u8
-CVE-2021-3657
- [buster] - isync 1.3.0-2.2~deb10u2
-CVE-2022-32308
- [buster] - ublock-origin 1.42.0+dfsg-1~deb10u1
CVE-2022-28737
[buster] - shim 15.6-1~deb10u1
-CVE-2021-45911
- [buster] - gif2apng 1.9+srconly-2+deb10u1
-CVE-2021-45910
- [buster] - gif2apng 1.9+srconly-2+deb10u1
-CVE-2021-45909
- [buster] - gif2apng 1.9+srconly-2+deb10u1
-CVE-2022-28736
- [buster] - grub2 2.06-3~deb10u1
-CVE-2022-28735
- [buster] - grub2 2.06-3~deb10u1
-CVE-2022-28734
- [buster] - grub2 2.06-3~deb10u1
-CVE-2022-28733
- [buster] - grub2 2.06-3~deb10u1
-CVE-2021-3697
- [buster] - grub2 2.06-3~deb10u1
-CVE-2021-3696
- [buster] - grub2 2.06-3~deb10u1
-CVE-2021-3695
- [buster] - grub2 2.06-3~deb10u1
-CVE-2022-31607
- [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1
-CVE-2022-31608
- [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1
-CVE-2022-31615
- [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1
=====================================
data/next-point-update.txt
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-3650
+ [bullseye] - ceph 14.2.21-1+deb11u1
+CVE-2022-37026
+ [bullseye] - erlang 1:23.2.6+dfsg-1+deb11u1
CVE-2021-32718
[bullseye] - rabbitmq-server 3.8.9-3+deb11u1
CVE-2021-32719
@@ -12,55 +16,125 @@ CVE-2022-27240
[bullseye] - glewlwyd 2.5.2-2+deb11u3
CVE-2022-29967
[bullseye] - glewlwyd 2.5.2-2+deb11u3
-CVE-2020-22284
- [bullseye] - lwip 2.1.2+dfsg1-8+deb11u1
-CVE-2020-22283
- [bullseye] - lwip 2.1.2+dfsg1-8+deb11u1
-CVE-2022-21704
- [bullseye] - node-log4js 6.3.0+~cs8.3.10-1+deb11u1
-CVE-2022-31129
- [bullseye] - node-moment 2.29.1+ds-2+deb11u2
CVE-2022-32096
[bullseye] - rhonabwy 0.9.13-3+deb11u2
-CVE-2022-26307
- [bullseye] - libreoffice 1:7.0.4-4+deb11u2
-CVE-2022-26306
- [bullseye] - libreoffice 1:7.0.4-4+deb11u2
-CVE-2022-26305
- [bullseye] - libreoffice 1:7.0.4-4+deb11u2
-CVE-2021-25636
- [bullseye] - libreoffice 1:7.0.4-4+deb11u2
CVE-2022-28737
[bullseye] - shim 15.6-1~deb11u1
-CVE-2021-45911
- [bullseye] - gif2apng 1.9+srconly-3+deb11u1
-CVE-2021-45910
- [bullseye] - gif2apng 1.9+srconly-3+deb11u1
-CVE-2021-45909
- [bullseye] - gif2apng 1.9+srconly-3+deb11u1
-CVE-2022-31081
- [bullseye] - libhttp-daemon-perl 6.12-1+deb11u1
-CVE-2022-31213
- [bullseye] - dbus-broker 26-1+deb11u2
-CVE-2022-28736
- [bullseye] - grub2 2.06-3~deb11u1
-CVE-2022-28735
- [bullseye] - grub2 2.06-3~deb11u1
-CVE-2022-28734
- [bullseye] - grub2 2.06-3~deb11u1
-CVE-2022-28733
- [bullseye] - grub2 2.06-3~deb11u1
-CVE-2021-3697
- [bullseye] - grub2 2.06-3~deb11u1
-CVE-2021-3696
- [bullseye] - grub2 2.06-3~deb11u1
-CVE-2021-3695
- [bullseye] - grub2 2.06-3~deb11u1
-CVE-2022-31607
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1
-CVE-2022-31608
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1
-CVE-2022-31615
- [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1
-CVE-2021-3502
- [bullseye] - avahi 0.8-5+deb11u1
+CVE-2021-24119
+ [bullseye] - mbedtls 2.16.12-0+deb11u1
+CVE-2021-44732
+ [bullseye] - mbedtls 2.16.12-0+deb11u1
+CVE-2022-2996
+ [bullseye] - python-scciclient 0.8.0-2+deb11u1
+CVE-2022-42961
+ [bullseye] - wolfssl 4.6.0+p1-0+deb11u2
+CVE-2022-39173
+ [bullseye] - wolfssl 4.6.0+p1-0+deb11u2
+CVE-2022-42905
+ [bullseye] - wolfssl 4.6.0+p1-0+deb11u2
+CVE-2022-46146
+ [bullseye] - golang-github-prometheus-exporter-toolkit 0.5.1-2+deb11u2
+CVE-2022-23527
+ [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2
+CVE-2022-4415
+ [bullseye] - systemd 247.3-7+deb11u2
+CVE-2022-3821
+ [bullseye] - systemd 247.3-7+deb11u2
+CVE-2022-1227
+ [bullseye] - golang-github-containers-psgo 1.5.2-2~deb11u1
+CVE-2021-3468
+ [bullseye] - avahi 0.8-5+deb11u2
+CVE-2021-3482
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-29458
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-29463
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-29464
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-29470
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-29473
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-29623
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-32815
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-34334
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-34335
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-37615
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-37616
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-37618
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-37619
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-37620
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-37621
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-37622
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2021-37623
+ [bullseye] - exiv2 0.27.3-3+deb11u2
+CVE-2022-46175
+ [bullseye] - node-json5 2.1.3-2+deb11u1
+CVE-2022-24859
+ [bullseye] - pypdf2 1.26.0-4+deb11u1
+CVE-2022-47952
+ [bullseye] - lxc 1:4.0.6-2+deb11u2
+CVE-2022-22728
+ [bullseye] - libapreq2 2.13-7+deb11u1
+CVE-2006-20001
+ [bullseye] - apache2 2.4.55-1~deb11u1
+CVE-2022-36760
+ [bullseye] - apache2 2.4.55-1~deb11u1
+CVE-2022-37436
+ [bullseye] - apache2 2.4.55-1~deb11u1
+CVE-2022-38223
+ [bullseye] - w3m 0.5.3+git20210102-6+deb11u1
+CVE-2022-4883
+ [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
+CVE-2022-44617
+ [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
+CVE-2022-46285
+ [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
+CVE-2020-36646
+ [bullseye] - libzen 0.4.38-1+deb11u1
+CVE-2022-48279
+ [bullseye] - modsecurity-apache 2.9.3-3+deb11u2
+CVE-2023-24021
+ [bullseye] - modsecurity-apache 2.9.3-3+deb11u2
+CVE-2022-24895
+ [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
+CVE-2022-24894
+ [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
+CVE-2022-29458
+ [bullseye] - ncurses 6.2+20201114-2+deb11u1
+CVE-2021-23385
+ [bullseye] - flask-security 4.0.0-1+deb11u1
+CVE-2022-27650
+ [bullseye] - crun 0.17+dfsg-1+deb11u1
+CVE-2023-20032
+ [bullseye] - clamav 0.103.8+dfsg-0+deb11u1
+CVE-2023-20052
+ [bullseye] - clamav 0.103.8+dfsg-0+deb11u1
+CVE-2023-25153
+ [bullseye] - containerd 1.4.13~ds1-1~deb11u4
+CVE-2023-25173
+ [bullseye] - containerd 1.4.13~ds1-1~deb11u4
+CVE-2022-4904
+ [bullseye] - c-ares 1.17.1-1+deb11u2
+CVE-2023-26314
+ [bullseye] - mono 6.8.0.105+dfsg-3.3~deb11u1
+CVE-2022-25857
+ [bullseye] - snakeyaml 1.28-1+deb11u1
+CVE-2022-38749
+ [bullseye] - snakeyaml 1.28-1+deb11u1
+CVE-2022-38750
+ [bullseye] - snakeyaml 1.28-1+deb11u1
+CVE-2022-38751
+ [bullseye] - snakeyaml 1.28-1+deb11u1
=====================================
data/packages/removed-packages
=====================================
@@ -925,3 +925,15 @@ webkitkde
xvt
yarssr
zonecheck
+postgresql-14
+ember
+zorp
+kvmtool
+phamm
+libapache2-mod-ruid2
+ruby3.0
+guacamole-client
+printfilters-ppd
+php8.1
+golang-1.18
+axtls
=====================================
lib/debian-releases.mk
=====================================
@@ -15,6 +15,11 @@ $(1)_MIRROR = $$(MIRROR)
$(1)_DIST = $(1)
$(1)_ARCHS = $(call get_config, '.distributions.$(1).architectures[]')
$(1)_RELEASE = $(1)
+ifneq (,$(filter jessie stretch buster bullseye,$(1)))
+$(1)_SECTIONS = main contrib non-free
+else
+$(1)_SECTIONS = main contrib non-free non-free-firmware
+endif
$(1)_SUBRELEASE =
RELEASES += $(1)
endef
@@ -34,6 +39,7 @@ $(1)_security_DIST = $(1)-security
endif
$(1)_security_ARCHS = $$($(1)_ARCHS)
$(1)_security_RELEASE = $(1)
+$(1)_security_SECTIONS = $$($(1)_SECTIONS)
$(1)_security_SUBRELEASE = security
RELEASES += $(1)_security
endef
@@ -45,6 +51,7 @@ $(1)_backports_MIRROR = $$(MIRROR)
$(1)_backports_DIST = $(1)-backports
$(1)_backports_ARCHS = $$($(1)_ARCHS)
$(1)_backports_RELEASE = $(1)-backports
+$(1)_backports_SECTIONS = $$($(1)_SECTIONS)
$(1)_backports_SUBRELEASE =
RELEASES += $(1)_backports
endef
=====================================
lib/python/security_db.py
=====================================
@@ -412,7 +412,6 @@ class DB:
package INTEGER NOT NULL,
vulnerable INTEGER NOT NULL,
urgency TEXT NOT NULL,
- debian_bug_file INTEGER NOT NULL DEFAULT 1,
PRIMARY KEY (bug_name, package))""")
cursor.execute(
"""CREATE INDEX source_package_status_package
@@ -421,6 +420,10 @@ class DB:
cursor.execute(
"CREATE TABLE removed_packages (name TEXT NOT NULL PRIMARY KEY)")
+ # This table is used to keep the list of source packages, for which the filing of a bug is not required.
+ cursor.execute(
+ "CREATE TABLE ignored_packages (name TEXT NOT NULL PRIMARY KEY)")
+
cursor.execute(
"""CREATE TABLE nvd_data
(cve_name TEXT NOT NULL PRIMARY KEY,
@@ -919,6 +922,7 @@ class DB:
cursor.execute("DELETE FROM bugs_notes")
cursor.execute("DELETE FROM bugs_xref")
cursor.execute("DELETE FROM package_notes_nodsa")
+ cursor.execute("DELETE FROM ignored_packages")
cursor.execute("DELETE FROM removed_packages")
cursor.execute("DELETE FROM next_point_update")
@@ -992,7 +996,7 @@ class DB:
if self.verbose:
print(" update removed packages")
- self.readRemovedPackages(cursor, path + source_removed_packages)
+ self.readRemovedAndIgnoredPackages(cursor, path + source_removed_packages, table = "removed_packages")
errors = []
@@ -1178,34 +1182,6 @@ class DB:
if self.verbose:
print(" finished")
- def readIgnoredDebianBugPackages(self, cursor, filename):
- """Reads a file of packages, where filing debian bugs is being ignored, and stores it in the database."""
- f = open(filename)
-
- re_package = re.compile(r'^\s*([a-z0-9]\S+)\s*$')
- packages = []
-
- for line in f:
- if line == '':
- break
- if line[0] == '#' or line == '\n':
- continue
- match = re_package.match(line)
- if match:
- packages.append(match[0].strip())
- else:
- raise ValueError("not a package: " + repr(line))
-
- for p in packages:
- sqlq = f"""UPDATE source_package_status
- set debian_bug_file = 0
- where
- package IN (SELECT source_packages.rowid
- FROM source_packages
- WHERE source_packages.name = '{p}')"""
-
- cursor.execute(sqlq)
-
def calculateVulnerabilities(self, cursor):
"""Calculate vulnerable packages.
@@ -1293,8 +1269,7 @@ class DB:
ELSE CASE WHEN n.fixed_version IS NULL THEN 1
ELSE CASE WHEN p.version_id < n.fixed_version_id THEN 1
ELSE 0 END END END,
- n.urgency,
- 1
+ n.urgency
FROM package_notes AS n, source_packages AS p
WHERE n.release = '' AND p.name = n.package""")
@@ -1310,8 +1285,7 @@ class DB:
ELSE CASE WHEN n.fixed_version IS NULL THEN 1
ELSE CASE WHEN p.version_id < n.fixed_version_id THEN 1
ELSE 0 END END END,
- n.urgency,
- 1
+ n.urgency
FROM package_notes AS n, source_packages AS p
WHERE p.name = n.package
AND p.release = n.release""")
@@ -1325,8 +1299,7 @@ class DB:
CASE WHEN n.severity == 'Medium' THEN 'medium**'
ELSE CASE WHEN n.severity == 'High' THEN 'high**'
ELSE CASE WHEN n.severity == 'Low' THEN 'low**'
- ELSE 'not yet assigned' END END END,
- s.debian_bug_file
+ ELSE 'not yet assigned' END END END
FROM nvd_data AS n, source_package_status AS s
WHERE s.bug_name == n.cve_name
AND s.urgency == 'not yet assigned'""")
@@ -1364,7 +1337,7 @@ class DB:
# Read list of packages, which should be ignored for the status/unreported
source_ignore_unreported = "data/packages/ignored-debian-bug-packages"
- self.readIgnoredDebianBugPackages(cursor, source_ignore_unreported)
+ self.readRemovedAndIgnoredPackages(cursor, source_ignore_unreported, table = "ignored_packages")
return result
@@ -2002,9 +1975,16 @@ class DB:
ORDER BY bug""", (bug, bug, bug, bug)):
yield bug_name
- def readRemovedPackages(self, cursor, filename):
+ def readRemovedAndIgnoredPackages(self, cursor, filename, table='removed_packages'):
"""Reads a file of removed packages and stores it in the database.
- The original contents of the removed_packages table is preserved."""
+ For that the table parameter must be set to 'removed_packages'.
+ This is the default value.
+ The original contents of the removed_packages table is preserved..
+
+ This function also reads the file of packages, where filing debian bugs is being ignored
+ and stores it in the database. For that the table parameter must be set to 'ignored_packages'.
+ The original contents of the ignored_packages table is preserved..
+ """
f = open(filename)
@@ -2026,7 +2006,7 @@ class DB:
raise ValueError("not a package: " + repr(line))
cursor.executemany(
- "INSERT OR IGNORE INTO removed_packages (name) VALUES (?)", gen())
+ f"INSERT OR IGNORE INTO {table} (name) VALUES (?)", gen())
def getUnknownPackages(self, cursor):
"""Returns a generator for a list of unknown packages.
@@ -2074,7 +2054,10 @@ class DB:
cursor = self.cursor()
last_bug = None
- show_ignored_sql = f" AND COALESCE (debian_bug_file = {1 if show_ignored else 0}, NULL)"
+ if show_ignored == 0:
+ show_ignored_sql = " AND NOT EXISTS (SELECT * FROM ignored_packages WHERE ignored_packages.name = source_packages.name)"
+ else:
+ show_ignored_sql = ""
result = []
for bug, pkg in cursor.execute(
=====================================
org/lts-frontdesk.2022.txt
=====================================
@@ -44,12 +44,12 @@ From 25-07 to 31-07:Thorsten Alteholz <squeeze-lts at alteholz.de>
From 01-08 to 07-08:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
From 08-08 to 14-08:Anton Gladky <gladky.anton at gmail.com>
From 15-08 to 21-08:Chris Lamb <chris at chris-lamb.co.uk>
-From 22-08 to 28-08:Emilio Pozuelo Monfort <pochu27 at gmail.com>
+From 22-08 to 28-08:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
From 29-08 to 04-09:Markus Koschany <markus at koschany.net>
From 05-09 to 11-09:Ola Lundqvist <ola at inguza.com>
From 12-09 to 18-09:Sylvain Beucler <beuc at beuc.net>
From 19-09 to 25-09:Thorsten Alteholz <squeeze-lts at alteholz.de>
-From 26-09 to 02-10:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
+From 26-09 to 02-10:Emilio Pozuelo Monfort <pochu27 at gmail.com>
From 03-10 to 09-10:Anton Gladky <gladky.anton at gmail.com>
From 10-10 to 16-10:Chris Lamb <chris at chris-lamb.co.uk>
From 17-10 to 23-10:Emilio Pozuelo Monfort <pochu27 at gmail.com>
@@ -62,4 +62,4 @@ From 28-11 to 04-12:Anton Gladky <gladky.anton at gmail.com>
From 05-12 to 11-12:Chris Lamb <chris at chris-lamb.co.uk>
From 12-12 to 18-12:Emilio Pozuelo Monfort <pochu27 at gmail.com>
From 19-12 to 25-12:Markus Koschany <markus at koschany.net>
-From 26-12 to 01-01:Ola Lundqvist <ola at inguza.com>
\ No newline at end of file
+From 26-12 to 01-01:Ola Lundqvist <ola at inguza.com>
=====================================
org/lts-frontdesk.2023.txt
=====================================
@@ -0,0 +1,52 @@
+From 02-01 to 08-01:Sylvain Beucler <beuc at beuc.net>
+From 09-01 to 15-01:Thorsten Alteholz <squeeze-lts at alteholz.de>
+From 16-01 to 22-01:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
+From 23-01 to 29-01:Anton Gladky <gladky.anton at gmail.com>
+From 30-01 to 05-02:Chris Lamb <chris at chris-lamb.co.uk>
+From 06-02 to 12-02:Emilio Pozuelo Monfort <pochu27 at gmail.com>
+From 13-02 to 19-02:Markus Koschany <markus at koschany.net>
+From 20-02 to 26-02:Ola Lundqvist <ola at inguza.com>
+From 27-02 to 05-03:Sylvain Beucler <beuc at beuc.net>
+From 06-03 to 12-03:Thorsten Alteholz <squeeze-lts at alteholz.de>
+From 13-03 to 19-03:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
+From 20-03 to 26-03:Anton Gladky <gladky.anton at gmail.com>
+From 27-03 to 02-04:Chris Lamb <chris at chris-lamb.co.uk>
+From 03-04 to 09-04:Emilio Pozuelo Monfort <pochu27 at gmail.com>
+From 10-04 to 16-04:Markus Koschany <markus at koschany.net>
+From 17-04 to 23-04:Ola Lundqvist <ola at inguza.com>
+From 24-04 to 30-04:Sylvain Beucler <beuc at beuc.net>
+From 01-05 to 07-05:Thorsten Alteholz <squeeze-lts at alteholz.de>
+From 08-05 to 14-05:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
+From 15-05 to 21-05:Anton Gladky <gladky.anton at gmail.com>
+From 22-05 to 28-05:Chris Lamb <chris at chris-lamb.co.uk>
+From 29-05 to 04-06:Emilio Pozuelo Monfort <pochu27 at gmail.com>
+From 05-06 to 11-06:Markus Koschany <markus at koschany.net>
+From 12-06 to 18-06:Ola Lundqvist <ola at inguza.com>
+From 19-06 to 25-06:Sylvain Beucler <beuc at beuc.net>
+From 26-06 to 02-07:Thorsten Alteholz <squeeze-lts at alteholz.de>
+From 03-07 to 09-07:
+From 10-07 to 16-07:
+From 17-07 to 23-07:
+From 24-07 to 30-07:
+From 31-07 to 06-08:
+From 07-08 to 13-08:
+From 14-08 to 20-08:
+From 21-08 to 27-08:
+From 28-08 to 03-09:
+From 04-09 to 10-09:
+From 11-09 to 17-09:
+From 18-09 to 24-09:
+From 25-09 to 01-10:
+From 02-10 to 08-10:
+From 09-10 to 15-10:
+From 16-10 to 22-10:
+From 23-10 to 29-10:
+From 30-10 to 05-11:
+From 06-11 to 12-11:
+From 13-11 to 19-11:
+From 20-11 to 26-11:
+From 27-11 to 03-12:
+From 04-12 to 10-12:
+From 11-12 to 17-12:
+From 18-12 to 24-12:
+From 25-12 to 31-12:
\ No newline at end of file
=====================================
org/lts-frontdesk.py deleted
=====================================
@@ -1,42 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-import datetime
-
-HEADER = """
-Presentation
-------------
-
-The LTS frontdesk handles:
-
- * CVE triaging:
- https://wiki.debian.org/LTS/Development#Triage_new_security_issues
-
- * Making sure that queries on debian-lts at lists.debian.org get an answer..
-
-Who is in charge ?
-------------------
-"""
-
-LINE = """From {0.day:02d}-{0.month:02d} to {1.day:02d}-{1.month:02d}:"""
-
-
-def main(year):
- print(HEADER.strip())
- print()
-
- for x, y in generate_weeks(int(year)):
- print(LINE.format(x, y))
-
-
-def generate_weeks(year):
- dt = datetime.date(year, 1, 1)
-
- while dt.year == year:
- if dt.weekday() == 0:
- yield (dt, dt + datetime.timedelta(days=6))
- dt += datetime.timedelta(days=1)
-
-
-if __name__ == '__main__':
- sys.exit(main(*sys.argv[1:]))
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f50b11cfa293b3d86e3728f53f0e8965909e8e33...f7f15439008ff4a6355874ae1ab0e0257ac72908
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f50b11cfa293b3d86e3728f53f0e8965909e8e33...f7f15439008ff4a6355874ae1ab0e0257ac72908
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230225/da57ef55/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list