June 2023 Archives by thread
Starting: Thu Jun 1 06:25:47 BST 2023
Ending: Fri Jun 30 21:45:56 BST 2023
Messages: 807
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-32697/xerial-sqlite-jdbc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3006/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33718/mp4v2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33716 and CVE-2023-33719 for mp4v2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33461/iniparser
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: claim openssl
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] LTS: add cups to dla-needed.txt
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-32324/cups
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add fixing commit for CVE-2023-32324/cups
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] xpdf n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new rust-buffered-reader issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3426-2 for netatalk
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-33461
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for rust-buffered-reader issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-32324/cups
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-2977/opensc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3355{1,2}/erofs-utils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-2977/opensc via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3440-1 for cups
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3022/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes via unstable for CVE-2023-32685/kanboard
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: CVE-2023-30571/libarchive no-dsa on buster
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] lts: mark CVE-2023-2953/openldap as no-dsa for buster
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33546/janiino
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] salt embeds python-tornado
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] 2 commits: lts: add ruby2.5
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Claim sofia-sip.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-0666 does not affect buster
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3441-1 for sofia-sip
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-0668 does not affect buster
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-2854 does not affect buster or bullseye
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-2855 does not affect buster
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-2857 does not affect buster or bullseye
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixes via unstable for liblouis issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-30570/libreswan as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-30571 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-0666: Adjust upstream tag for upstream commit reference
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update upstream tag information for CVE-2023-0668
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-2854
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-2857
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33717/mp4v2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33476/minidlna
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-33476/minidlna
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Claim erlang and golang-go.crypto.
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-32862/nbconvert: Add pointer to follow-up/regression commit.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-30570/libreswan fixes via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Sync CVE-2023-28464 status with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-3006
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed libreswan update via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove modsecurity3 no-dsa entry for bookworm as package got unblocked
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-11709/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26130/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2878 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2961/advancecomp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-3083/teampass
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for guestfs-tools in bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3442-1 for nbconvert
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] LTS: Mark CVE-2019-8457/{db5.3,sqlite3} as ignored
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-4304,CVE-2023-0465/openssl: reference additional fixes based on DSA-5417-1
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3443-1 for wireshark
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dla: drop replicated 'fields' from LTS packages database
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3084 and CVE-2023-3086 in teampass
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-26112 has an MR fixing the bug
Stefano Rivera ( at stefanor)
- [Git][security-tracker-team/security-tracker][master] Adjust version for bookworm for chromium update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-26112 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-3715 does not affect buster
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Update CVE-2023-28617/org-mode
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3444-1 for mariadb-10.3 and update CVE-2022-47015 status
Otto Kekäläinen ( at otto)
- [Git][security-tracker-team/security-tracker][master] data/packages/lts-do-call-me: Message ottoke@ before working on a fix
Otto Kekäläinen ( at otto)
- [Git][security-tracker-team/security-tracker][master] Partially revert changes done for CVE-2022-47015
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for mariadb-10.5 via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add+take cpio (already being fixed in ELTS)
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add note for nbconvert in dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct source package name for janino
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-3610/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-3355{1,2}/erofs-utils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add debian bug reference for CVE-2021-3610/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-3355{1,2}/erofs-utils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-3355{1,2}/erofs-utils as no-dsa for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-30571/libarchive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-26130/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add 'Introduced by' for vim CVE-2023-1127
Samuel Henrique ( at samueloph)
- [Git][security-tracker-team/security-tracker][master] vim CVE-2023-1127: Set buster and bullseye as not-affected
Samuel Henrique ( at samueloph)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3445-1 for cpio
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] update notes
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3095/teampass
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE assigned for dokuwiki issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-34255 (confirmed MITRE rejection)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-1999: Add notes about the commit that introduced it
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2016-9085 as fixed in 0.5.1-3
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Pinpoint upstream tags for CVE-2023-1999 related commits
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3446-1 for linux-5.10
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-34410/Qt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add four new issues in kanboard
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3079/chromium
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-3079/chromium
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3111/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark CVE-2023-31655 as non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new python-reportlab issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new rust-xml-rs issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new rust-trust-dns-server issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] lts: update webkit2gtk note
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add new firefox-esr issues from mfsa2023-19
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2023-20
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Note availability for preparing ruby-rack update for pending CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for kanboard issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-31508
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-2004
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-26931
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3447-1 for ruby2.5
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3268{2,3}/matrix-synapse
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2801/grafana
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: precise 'Added by' lines
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: typo
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add firefox*, thunderbird and chromium to source packages to ignore for bugreporting
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for firefox issues from mfsa2023-20
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two firefox-esr issues from mfsa2023-19
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA for c-ares
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] Correct CVE mentioned in DSA-5419-1
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] Drop obsolete documentation for secure-testing project
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for golang-1.19 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add inital tracking for golang-1.20 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add details for CVE-2023-2940{2,3,4,5}/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new guacamole issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] one python3.11 issue fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] report-vuln: get CVE descriptions from CVE JSON API
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-34411
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-24329: Replace upstream branch names with tags including the fix
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: tracker_service: link to cve.org
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] tracker_service: use www.cve.org
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add three new renderdoc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references for renderdoc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-2602 - libpsx is introduced in later versions. Not
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] remove libcap2 from dla-needed.txt. [d288b21]
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] data/ela-needed.txt: Claim libreoffice
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-32181 and CVE-2023-22652 for libeconf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for matrix-synapse issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-32665, CVE-2023-32611 and CVE-2023-29499
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for org-mode via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for CVE-2023-34410/Qt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for renderdoc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add myself (rouca) for docker-registry
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33460/yajl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2816/consul
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] firefox-esr DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-34410/qt6-base via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for kanboard via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3153/ovn
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-2602 CVE-2023-2603 as not-affected for strech, jessie
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3448-1 for firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Revert "Mark CVE-2023-2602 CVE-2023-2603 as not-affected for strech, jessie"
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] qtbase-opensource-src fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] busybox fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-34969/dbus
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for imagemagick via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-34969/dbus as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track dbus update via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-34238/gatsby
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Re-associate two CVEs to gatsby, itp'ed entry instead of NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3449-1 for openssl
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] new gitlab issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new sabnzbdplus issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2022-30065
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-34237 for easier tracking
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33595/python*
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update notes for ruby2.7 and ruby-rack in dsa-needed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] claim owslib
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3161/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5422-1 for jupyter-core
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] new tiff issue, concludes external check
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] puppet n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new fast-xml-parser/node-webfont issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add bookworm fixes for latest firefox-esr DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: claim nvidia-cuda-toolkit in dla-needed.txt
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] LTS: claim php-cas in dla-needed.txt
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3450-1 for ruby2.5
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] new ruby-redcloth issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] consul n/a
Moritz Muehlenhoff ( at jmm)
- Higher ROI at The ProMat - MHI 2023
Cindy Jenkins
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-34104
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-29401/golang-github-gin-gonic-gin
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two erofs-utils via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for openjdk-17 issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new PHP issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3451-1 for pypdf2
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for one php8.2 issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3141/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track thunderbird issues from mfsa2023-21
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add thunderbird for dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 6 commits: data/config.json: Update mapping release -> codenames
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 5 commits: Track node-webpack for bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dsa-needed: Review for which release an update is needed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some of the older NFUs pending review
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] qemu fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2023-1544/qemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix reference for upstream commit for CVE-2023-1544
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct upstream tag reference for CVE-2023-1544
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream commit reference for CVE-2023-0330/qemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-34969/dbus via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Process two CVEs for teampass, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-46945/nagvis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for libeconf issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Assign sofia-sip from dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for several openjdk-11 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for several openjdk-20 issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix source package name for CVE-2023-1297 to consul
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 18 commits: CVE-2023-34969,dbus: Buster is no-dsa
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-1436/libjettison-java for unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-32697/xerial-sqlite-jdbc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two libeconf issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Status update
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Track upstream commit for CVE-2023-2156/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for some linux CVEs with unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 334 gitlab CVEs fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add ffmpeg to dla-needed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3452-1 for thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] dav1d fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add webkit2gtk and wpewebkit to list of package to hide for bugreporting
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: claim ffmpeg
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-2426,vim: Buster, not-affected
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-34104/node-webfont
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-46165/syncthing
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-46165/syncthing
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3159/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3192/froxlor
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-34246/ruby-doorkeeper
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Added libusrsctp to the packages to fix for buster.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Marked CVE-2023-1055 (389-ds-base) as no-dsa for buster folloring decision for bullseye.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-33956 and CVE-2023-339{68,69,70} as no-dsa for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3212/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3447{4,5}/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-3109,CVE-2022-3341/ffmpeg: update buster status
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] claim qt4-x11
Scarlett Gately Moore ( at sgmoore)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3454-1 for ffmpeg
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new xmltooling issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional reference for 4.3.y branch for CVE-2022-3109
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add xmltooling to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2022-30122/ruby-rack
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] PHP DSAs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-34474/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-34475
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33568/dolibarr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-29401/golang-github-gin-gonic-gin
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-34411/rust-xml-rs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add xmltooling to dla-needed
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5426-1 for owslib (oldstable)
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3195/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1428/grpc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3273{1,2}/grpc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-1056/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commits directly for python-werkzeug issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take python-werkzeug from dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new hoteldruid issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new ATS issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-30630/dmidecode
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for wireshark issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1672/tang
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-3247 assigned for recent PHP issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-1786/cloud-init via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-1786
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-29839/hoteldruid
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-34095/cpdb-libs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] two more wireshark issues fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Marked tang CVE-2023-1672 as no-dsa for buster following bullseye.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Marked several frr CVEs as no-dsa (minor issue).
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Added grpc to dla-needed.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Marked hoteldruid CVE-2023-34537 as no-dsa (minor issue).
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Marked imagemagick CVE-2023-3195 as no-dsa.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Added maradns to dla-needed with a note of low prio.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Revert change for note in CVE-2022-43681
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Added minidlna to dla-needed.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Added opensc to dla-needed.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Added wordpress to dla-needed.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Marked yajl CVE-2023-33460 as postponed.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Update CVE-2023-33250/linux as this now affects sid
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for xmltooling issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for kanboard via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking for proposed xerial-sqlite-jdbc update via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35116/jackson-databind
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-5427-1
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] new librabbitmq issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] golang-1.19 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for texlive-bin via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] xmltooling fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: claim opensc in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2023-1672/tang
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28447/smarty3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28447/smarty4 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-1672/tang
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add VCS entry for qt4-x11
Scarlett Gately Moore ( at sgmoore)
- [Git][security-tracker-team/security-tracker][master] wireshark DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2021-28276/jhead
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for rust-buffered-reader issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add issue in rust-sequoia-openpgp (RUSTSEC-2023-0038)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3138/libx11
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-3138/libx11
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-1672/tang via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Added python-mechanize to dla-needed.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Marked golang-gihub-gib-gonic-gin CVE-2023-29401 as no-dsa (minor issue) for buster.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Added libx11 to dla-needed.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Add libx11 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] NFUs/k8s server side issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] openjdk-17 DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new wireshark issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-3138/libx11 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: take libx11
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] sofia-sip DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Take care of releasing the DSA for prepared updates for ruby-rack
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Pinpoint upstream tag references for trafficserver issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for trafficserver issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-34095
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for hoteldruid issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3268/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3455-1 for golang-go.crypto
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Marked nagvis CVE-2022-46945 as no-dsa following bullseye decision.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Add wpewebkit version for CVE-2023-32373 and CVE-2023-28204
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35788/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some CVEs for mattermost
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] librabbitmq CVEfied
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3291/gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35790/jpeg-xl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Note that rouca is waiting for review for docker-registry
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Claim grpc
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Triage grpc CVE-2023-1428
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Drop grpc
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Claim libusrsctp
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Revert "Triage grpc CVE-2023-1428"
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for ruby3.1 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Marked qtbase-opensource-src CVEs as no-dsa following decision for bullseye or bookworm.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Marked qtsvg-opensource-src CVE-2023-32573 as no-dsa for buster.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2014-125106/nanopb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new nuget issue (whether that very old is affected remains to be seen)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libusrsctp: waiting for comments
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Claim maradns
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] xmltooling DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-30256: Add upstream patches for maradns
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3456-1 for requests
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Claim wordpress in dla-needed.txt
Markus Koschany ( at apo)
- Processing 4b9551028d80b5e9abc4920f54d2906af60f186d failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Fix CVE-2023-28709,tomcat10. (hopefully)
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35005 for airflow, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for several odoo issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 5 commits: Marked gpac CVE-2023-3291 end-of-life.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Marked golang-golang-x-net-dev CVE-2022-41717 and CVE-2022-27664 as postponed.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 4 commits: Marked golang-1.11 CVEs as no-dsa for buster following bullseye.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Added sabnzbdplus to dla-needed.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Added php-dompdf to dla-needed with a note about low prio.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Added trafficserver to dla-needed with a note about low prio due to few users.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35823/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35824/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35825/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35826/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35827/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35828/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-35829/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: fix-up xmltooling entry
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: trace note author
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3457-1 for maradns
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla: precise rationale for linux
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1183/hsqldb1.8.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add notes
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dogecoin: reference 3 CVEs from common bitcoin codebase
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add dogecoin
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add debian-archive-keyring
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-3247: reference for php7.3/buster
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add php7.3
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2023-1183/hsqldb1.8.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add hsqldb1.8.0 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim ruby-doorkeeper.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add commit reference for CVE-2018-17144
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim php7.3 in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] 5 commits: tracker_service.py: Remove nonfunctional bugtraq source
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add more context for debian-archive-keyring
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] new suricata issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] py-reportlab fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new jtidy issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: add hsqldb1.8.0
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add libxpm
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-35825 confirmed rejected as duplicate of CVE-2023-3141
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for minidlna issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Claim libxpm
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-34623/jtidy
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3312/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add one CVE ID to previous gpac DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] gpac triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: claim python-mechanize in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3458-1 for php7.3
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Sync status for suites in CVE-2023-1655 with upper one
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28531/openssh
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3317/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3316/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3459-1 for libxpm
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-2454,CVE-2023-2455/postgresql: reference patches
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add renderdoc
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] claim minidlna
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3460-1 for python-mechanize
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Take minidlna for already prepared update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] libde265 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] two jpeg-xl issues fixed in experimental
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: add suricata
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-28100,CVE-2023-28101/flatpak: reference patches
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: fix-up triaging notes
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add avahi
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-38223/w3m: reference bug about incomplete fix
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add symfony
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add libapache2-mod-auth-openidc
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add lemonldap-ng
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for two libde265 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes via experimental for gpac issues from #1034187
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Partial review for gpac issues from #1033116
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3220/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3461-1 for libfastjson
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Update wordpress temp CVE. Bullseye and Buster are not affected
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2021-42778/opensc as not-affected for buster and stretch.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3463-1 for opensc
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3482{3,4}/fdkaac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for libx11 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] ATS fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for CVEs in nodejs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new rust-memoffset issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for minidlna update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add myself (rouca) to avahi
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DLA-3464-1 for xmltooling
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Add xmltooling entry for buster to temporary CVE entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: take systemd
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-34623/jtidy: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-6706/lua5.3: reference patch
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add lua5.3
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Update CVE-2023-1183 for hsqldb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Note that Markus will take care of releasing the DSAs for hsqldb and hsqldb1.8.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new bind9 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference patches for bind9 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3465-1 for minidlna
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add bind9 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-33476/minidlna via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] ATS DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5436-1 for hsqldb1.8.0
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5437-1 for hsqldb
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3466-1 for avahi
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Claim asterisk in dsa-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3468-1 for hsqldb1.8.0
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-2828 and CVE-2023-2911 in bind9
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3357/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3358/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3359/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Triage python-reportlab for buster
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] LTS: claim lua5.3 in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] bind9 n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new iotjs issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add myself for docker
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] three journald issues disputed by systemd upstream
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-6706/lua5.3: Point to post on lua-users list.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add notes to python-reportlab
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-34241/cups
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: claim debian-archive-keyring
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-34241/cups
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add imagemagick and assign to rouca
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: claim python-glance-store
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] new guava-libraries issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] correct version number for ATS/bookworm
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2023-33733
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional references for the origins of CVE-2020-8908
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-36239/ming
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5438-1 for asterisk
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3469-1 for lua5.3
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-34241/cups via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] vtk6 removed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] vtk7 removed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: add bind9
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-34241/cups: buster postponed + fix typo
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-34241/cups: reference introductory commit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-34867,CVE-2023-34868: buster ignored
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-3316/tiff: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-3316/tiff: precise buster triage
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] RUSTSEC-2023-0045/rust-memoffset: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] non issues in gifsicle and sngrep
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] one asterisk issue fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new netty issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new flask-appbuilder issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new flvmeta non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim bind9.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for two fdkaac issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag reerence for gifsicle issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag reference for netty issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-34110
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-36243
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-1801 for fixed version in unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new libredwg issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-31038
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-36192
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two c-ares issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-36193/gifsicle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for flvmeta issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for guava-libraries issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark one NFU in kOps
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-26115 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3384 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-34981 tracking
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add four issues in nextcloud-server, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for ruby-rack for bullseye
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Claim glib2.0 in dla-needed.txt
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-34462/netty: buster not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-XXXX/osslsigncode: reference mitre request
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2018-10237/guava-libraries: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-36193/gifsicle via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for vim issues addressed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3338/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two guava-libraries issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add embed copy of yajl
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] sabnzbdplus fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3470-1 for owslib
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Remove source package listings from CVE-2023-33460 with no security impact
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for bind9 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2015-20109/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-43519: document first vulnerable commit
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3471-1 for c-ares
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Track fixed verison for CVE-2023-36192/sngrep via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-36661 assigned for xmltooling issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-36664/ghostscript
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] gitlab n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-36660/nettle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-36660/nettle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-24813 does not affect bullseye
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3472-1 for libx11
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dla: take trafficserver
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reference upstream question for CVE-2021-43519
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28370/python-tornado
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct tracking for CVE-2023-36660/nettle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add ghostscript to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-36664/ghostscript
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: take libapache2-mod-auth-openidc
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] LTS: claim symfony and lemonldap-ng in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Track proposed udpate for cups via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for cups via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2022-42964/pymatgen
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] reclaim fusiondirectory, libreoffice
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Add three new chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: reclaim packages
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-43519: Mark lua5.{1,2,3} as not-affected.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add comment about state of nvidia-cuda-toolkit.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Reclaim samba
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] Update on php-cas situation.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] lts-do-call-me: use regex rather than non-path-globbing, to ease tooling implementation
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate CVE-2022-1231 with plantuml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-343{1,2}/plantuml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new linux issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Sync information for CVE-2023-3355 with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Sync CVE-2023-3397 with kernel-sec information
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add mediawiki ignored-debian-bug-packages
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-1206/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new nvidia issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-34095/cpdb-libs via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for nvidia-graphics-drivers-tesla-460 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3390/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3389/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3090/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for nvidia-graphics-drivers-tesla-450 issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] maradns DSA
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] add flask/oldstable
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] reassign flask to jmm since it's already worked on
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3439/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2543{4,5}/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26965/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2860/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33951/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-33952/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3354/qemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3428/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-36464/pypdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reclaim docker-registry
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3473-1 for docker-registry
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Track fixed version of frr issues in unstable
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reclaim golang-yaml.v2
Scarlett Gately Moore ( at sgmoore)
- [Git][security-tracker-team/security-tracker][master] new gst-plugins-base1.0 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new gst-plugins-good1.0 issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] fix source package name (changelog entry in good1.0 upload is wrong)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: take suricata
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0005
Alberto Garcia ( at berto)
- Processing 7b002770aac0166b14ff765a9531e5d440cdadaf failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-48503 to data/CVE/list
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Add information about the WebKit versions that fix CVE-2023-32435
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Add update for ruby-doorkeeper.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] flask DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2861/qemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference specifically the commits for CVE-2022-43681, CVE-2022-40318 and CVE-2022-40302
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-2163/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reassociate some NFUs with itp'ed bug
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add three new CVEs for ilias, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-2704 as postponed also for python3.7 in buster
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3474-1 for systemd
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2022-2309
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] mark CVE-2023-36664 as not-affected for Buster
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3475-1 for trafficserver
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim syncthing
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference forCVE-2023-33460
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-1231/plantuml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add bug reference for nodejs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: add cups
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-2309/libxml2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-26966/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for plantuml issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3477-1 for python3.7
Adrian Bunk ( at bunk)
Last message date:
Fri Jun 30 21:45:56 BST 2023
Archived on: Fri Jun 30 21:45:59 BST 2023
This archive was generated by
Pipermail 0.09 (Mailman edition).