[Git][security-tracker-team/security-tracker][fix_987283] 2489 commits: Mark CVE-2023-23919/nodejs as not-affected for buster.
Anton Gladky (@gladk)
gladk at debian.org
Wed May 24 13:48:22 BST 2023
Anton Gladky pushed to branch fix_987283 at Debian Security Tracker / security-tracker
Commits:
9e00fb79 by Guilhem Moulin at 2023-02-25T21:40:19+01:00
Mark CVE-2023-23919/nodejs as not-affected for buster.
And add reference to the disclosure report, where (unlike the CVE text)
upstream claims v14 is unaffected. (The latest release of the v14.x
LTS branch, namely v14.21.3, makes no mention of CVE-2023-23919 either.)
- - - - -
87bc864a by Ola Lundqvist at 2023-02-26T00:00:29+01:00
CVE-2023-24809 (nethack) marked as no-dsa as it is a minor issue.
- - - - -
6284f44b by Ola Lundqvist at 2023-02-26T00:21:56+01:00
LTS: add syslog-ng to dla-needed.txt
- - - - -
4835b67a by Guilhem Moulin at 2023-02-26T01:59:55+01:00
Reserve DLA-3344-1 for nodejs
- - - - -
3453f3c0 by security tracker role at 2023-02-26T08:10:12+00:00
automatic update
- - - - -
96d55eef by Salvatore Bonaccorso at 2023-02-26T14:17:09+01:00
Add comment for multipath-tools
- - - - -
c432d77a by Salvatore Bonaccorso at 2023-02-26T14:20:11+01:00
Reserve DSA number for apr-util update
- - - - -
1c0b0c0e by Tobias Frost at 2023-02-26T14:32:28+01:00
LTS: claim firmware-nonfree in dla-needed.txt
- - - - -
6e6feb8b by Guilhem Moulin at 2023-02-26T15:05:15+01:00
LTS: claim spip in dla-needed.txt
- - - - -
7a4cea97 by Salvatore Bonaccorso at 2023-02-26T15:08:47+01:00
Pinpoint upstream tag introducing issue for CVE-2022-48338
- - - - -
055fe529 by Salvatore Bonaccorso at 2023-02-26T15:08:47+01:00
Prefix fixing commits reference
- - - - -
0a20cf54 by Salvatore Bonaccorso at 2023-02-26T16:25:01+01:00
Update information for CVE-2023-25193/harfbuzz
- - - - -
ebfcb7ff by Moritz Muehlenhoff at 2023-02-26T17:13:24+01:00
qtbase-opensource-src-gles n/a
- - - - -
78465ba7 by Aron Xu at 2023-02-27T01:35:03+08:00
add nodejs to dsa-needed and claim it
- - - - -
aba6e210 by Adrian Bunk at 2023-02-26T20:39:28+02:00
CVE-2022-48337: Add note about memory leak in original fix
- - - - -
10a39f85 by Tobias Frost at 2023-02-26T20:15:02+01:00
Devices affected by CVE-2021-2323 and CVE-2021-44545 are not supported by buster's kernel. (Firmware files also not present in firmware-nonfree)
Affected devices: (via https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html)
CVE-2021-44545
Intel® Wi-Fi 6E AX411
Intel® Wi-Fi 6E AX211
Intel® Wi-Fi 6E AX210
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
CVE-2021-23223
Intel® Wi-Fi 6E AX411
Intel® Wi-Fi 6E AX211
Intel® Wi-Fi 6E AX210
Support for above devices was added with kernel 5.10+ (See https://wireless.wiki.kernel.org/en/users/drivers/iwlwifi)
- - - - -
9ca01020 by Salvatore Bonaccorso at 2023-02-26T20:31:08+01:00
Add as well Debian downstream reference for memory leak for original patch
- - - - -
4d7aa45d by Salvatore Bonaccorso at 2023-02-26T20:39:28+01:00
Add CVE-2023-26544/linux
- - - - -
17c629b7 by Salvatore Bonaccorso at 2023-02-26T20:42:12+01:00
Add CVE-2023-26545/linux
- - - - -
3bfd66dc by security tracker role at 2023-02-26T20:10:27+00:00
automatic update
- - - - -
0913a4e1 by Salvatore Bonaccorso at 2023-02-26T21:35:26+01:00
Process some NFUs
- - - - -
7d1a8acb by Salvatore Bonaccorso at 2023-02-26T21:38:27+01:00
Add CVE-2023-1033/froxlor
- - - - -
97558d00 by Salvatore Bonaccorso at 2023-02-26T21:39:45+01:00
Track fixes for CVE-2022-3770{3,4,5}/amanda via unstable
- - - - -
075e163f by Anton Gladky at 2023-02-26T21:44:49+01:00
LTS: add missing meta-info
- - - - -
ba6933d5 by Salvatore Bonaccorso at 2023-02-26T22:10:33+01:00
Process one NFU
- - - - -
c8e9681c by Anton Gladky at 2023-02-26T22:22:34+01:00
Update note on man2html
- - - - -
b383d3eb by Guilhem Moulin at 2023-02-26T22:41:01+01:00
Reserve DLA-3345-1 for php7.3
- - - - -
ab774c79 by Adrian Bunk at 2023-02-27T00:18:03+02:00
u-boot/buster is not affected by CVE-2022-33103 and CVE-2022-33967
- - - - -
806adb7b by Guilhem Moulin at 2023-02-26T23:27:08+01:00
LTS: claim syslog-ng in dla-needed.txt
- - - - -
9139429c by Salvatore Bonaccorso at 2023-02-27T07:55:04+01:00
Add CVE-2022-37708/docker.io
- - - - -
a52ad797 by Chris Lamb at 2023-02-27T07:35:14+00:00
Reserve DLA-3331-2 for python-cryptography
- - - - -
4e0a67a4 by security tracker role at 2023-02-27T08:10:14+00:00
automatic update
- - - - -
ad245069 by Salvatore Bonaccorso at 2023-02-27T09:18:51+01:00
Add CVE-2023-26605/linux
- - - - -
35c04e00 by Salvatore Bonaccorso at 2023-02-27T09:23:27+01:00
Add CVE-2023-26606/linux
- - - - -
daaa93f5 by Salvatore Bonaccorso at 2023-02-27T09:26:49+01:00
Add CVE-2023-26607/linux
- - - - -
45ace512 by Salvatore Bonaccorso at 2023-02-27T09:34:00+01:00
Process NFUs
- - - - -
59294671 by Moritz Muehlenhoff at 2023-02-27T10:06:32+01:00
new rust-ascii issue
- - - - -
74c473c0 by Moritz Muehlenhoff at 2023-02-27T11:01:16+01:00
qtbase-opensource-src fixed in sid
- - - - -
169276f8 by Sylvain Beucler at 2023-02-27T11:33:42+01:00
CVE-2019-19921/runc: possibly re-introduced by CVE-2021-30465 fix
- - - - -
4ae395b4 by Guilhem Moulin at 2023-02-27T11:51:57+01:00
CVE-2022-38725/syslog-ng: Add reference to upstream fixes.
- - - - -
02d1f326 by Sylvain Beucler at 2023-02-27T13:35:39+01:00
CVE-2022-41862/postgresql-11: fix triage: buster not-affected
- - - - -
041decee by Moritz Muehlenhoff at 2023-02-27T13:37:13+01:00
bookworm triage
- - - - -
27f06521 by Moritz Muehlenhoff at 2023-02-27T14:15:59+01:00
NFUs
- - - - -
36bedc87 by Sylvain Beucler at 2023-02-27T14:33:25+01:00
CVE-2022-41724/golang-1.11: buster not-affected
- - - - -
49dd8c44 by Sylvain Beucler at 2023-02-27T14:33:27+01:00
CVE-2022-41723,CVE-2022-41725/golang-1.11: buster postponed
- - - - -
dd810cc0 by Moritz Muehlenhoff at 2023-02-27T17:29:00+01:00
bookworm triage
- - - - -
4643cb0e by Moritz Mühlenhoff at 2023-02-27T17:47:59+01:00
libgit2 spu
- - - - -
27ec5c5a by Tobias Frost at 2023-02-27T18:25:42+01:00
Revert "Devices affected by CVE-2021-2323 and CVE-2021-44545 are not supported by buster's kernel. (Firmware files also not present in firmware-nonfree)".
when triaging I did not notice that we've got an 5.10 backport LTS kernel…
This reverts commit 10a39f859df4cbc82c57f074c86042049f09e7fd
- - - - -
34763c7c by Sylvain Beucler at 2023-02-27T18:32:13+01:00
Reserve DLA-3346-1 for python-werkzeug
- - - - -
a0a4f036 by Salvatore Bonaccorso at 2023-02-27T20:26:55+01:00
Update information for CVE-2022-41862
- - - - -
49ecf79c by Salvatore Bonaccorso at 2023-02-27T20:27:40+01:00
Remove additional whitespace in NOTE
- - - - -
d82f9156 by Salvatore Bonaccorso at 2023-02-27T20:36:16+01:00
CVE-2021-38578: Remove annotation that upstream bug is private
- - - - -
5ae3324c by Moritz Muehlenhoff at 2023-02-27T20:52:48+01:00
bugnums
- - - - -
9a9f9a19 by Moritz Muehlenhoff at 2023-02-27T21:02:03+01:00
bookworm triage
- - - - -
928a6497 by Guilhem Moulin at 2023-02-27T21:03:02+01:00
Reserve DLA-3347-1 for spip
- - - - -
6bb1ae82 by security tracker role at 2023-02-27T20:10:31+00:00
automatic update
- - - - -
41eaaaeb by Salvatore Bonaccorso at 2023-02-27T21:20:24+01:00
Process NFUs
- - - - -
52954e89 by Salvatore Bonaccorso at 2023-02-27T21:55:23+01:00
Add one new temporary entry for spip issue fixed in 4.2.1, 4.1.8, 4.0.10 and 3.2.18
- - - - -
f14fb995 by Salvatore Bonaccorso at 2023-02-27T21:59:31+01:00
Process some mattermost specific CVEs
- - - - -
b81d86c1 by Salvatore Bonaccorso at 2023-02-27T22:00:04+01:00
Add CVE-2023-1070/teampass, itp'ed
- - - - -
4355b1a1 by Salvatore Bonaccorso at 2023-02-27T22:00:35+01:00
Process some NFUs
- - - - -
e3bc6c08 by Moritz Mühlenhoff at 2023-02-27T22:34:05+01:00
curl DSA
- - - - -
d243c45b by Moritz Muehlenhoff at 2023-02-27T23:20:28+01:00
bugnums
- - - - -
793fae56 by Salvatore Bonaccorso at 2023-02-28T06:29:31+01:00
Add spip to dsa-needed list
- - - - -
fb7ca302 by Salvatore Bonaccorso at 2023-02-28T07:21:57+01:00
Add CVE-2023-1077/linux
- - - - -
4e8a826f by Sébastien Delafond at 2023-02-28T07:24:09+01:00
Claim spip
- - - - -
4698ad2d by Salvatore Bonaccorso at 2023-02-28T07:46:57+01:00
Add CVE-2023-1076/linux
- - - - -
820283cf by Salvatore Bonaccorso at 2023-02-28T07:52:35+01:00
Add CVE-2023-1075/linux
- - - - -
1ac1dcf7 by Salvatore Bonaccorso at 2023-02-28T08:09:04+01:00
Add CVE-2023-1074/linux
- - - - -
da2f1d84 by Salvatore Bonaccorso at 2023-02-28T08:12:44+01:00
Add oss-security reference for CVE-2023-1074
- - - - -
352724de by Salvatore Bonaccorso at 2023-02-28T08:15:59+01:00
Add CVE-2023-1073/linux
- - - - -
29182b37 by security tracker role at 2023-02-28T08:10:24+00:00
automatic update
- - - - -
38d84f76 by Salvatore Bonaccorso at 2023-02-28T09:32:29+01:00
Track fixed version for rust-bumpalo issue (RUSTSEC-2022-0078)
- - - - -
8a639fc9 by Salvatore Bonaccorso at 2023-02-28T09:37:57+01:00
Add CVE-2023-22995/linux
- - - - -
8f1cfa2d by Salvatore Bonaccorso at 2023-02-28T09:48:56+01:00
Track fixed version for CVE-2023-23931/python-cryptography
- - - - -
6da32410 by Moritz Muehlenhoff at 2023-02-28T09:59:33+01:00
new node-cookiejar issue
- - - - -
6966502c by Moritz Muehlenhoff at 2023-02-28T10:02:30+01:00
new 389-ds-base issue
- - - - -
f5c3bb8c by Moritz Muehlenhoff at 2023-02-28T11:09:08+01:00
NFUs
- - - - -
65c81531 by Moritz Muehlenhoff at 2023-02-28T11:16:44+01:00
new markdown-it-py issues
- - - - -
fc3027e8 by Moritz Muehlenhoff at 2023-02-28T12:59:05+01:00
new zoneminder issues
- - - - -
d381eb82 by Guilhem Moulin at 2023-02-28T13:36:40+01:00
CVE-2023-XXXX/spip: Add reference to upstream fixes.
- - - - -
67e1006f by Moritz Muehlenhoff at 2023-02-28T13:59:32+01:00
previous spip issue CVEfied
- - - - -
cb308dea by Moritz Muehlenhoff at 2023-02-28T14:02:08+01:00
spip fixed in sid
- - - - -
ecb72a48 by Salvatore Bonaccorso at 2023-02-28T14:52:19+01:00
Add upstream tag information for markdown-it-py issues
- - - - -
e8392d83 by Salvatore Bonaccorso at 2023-02-28T14:57:45+01:00
Specify upstream tag for spip issue
- - - - -
e4827cd7 by Moritz Muehlenhoff at 2023-02-28T15:01:49+01:00
NFUs
- - - - -
16c529b4 by Moritz Muehlenhoff at 2023-02-28T16:23:12+01:00
bookworm triage
- - - - -
bdca08cf by Moritz Muehlenhoff at 2023-02-28T16:26:26+01:00
new linux issue
- - - - -
c558d50c by Salvatore Bonaccorso at 2023-02-28T16:58:51+01:00
Sync information for CVE-2023-0461 with kernel-sec
- - - - -
bb556c99 by Moritz Muehlenhoff at 2023-02-28T17:24:25+01:00
bookworm triage
- - - - -
ab32324d by Adrian Bunk at 2023-02-28T18:51:58+02:00
lts: mention blockers for emacs and python3.7
- - - - -
ac4faae0 by Sylvain Beucler at 2023-02-28T17:59:32+01:00
CVE-2023-24998/libcommons-fileupload-java: add cautionary note
- - - - -
06072e25 by security tracker role at 2023-02-28T20:10:41+00:00
automatic update
- - - - -
db6b816a by Salvatore Bonaccorso at 2023-02-28T21:37:36+01:00
Clarify status for CVE-2016-10127
Note that back then the scope of the CVE was redefined. The commit added
is covered by CVE-2016-10149 and CVE-2016-10127 remained open. The scope
is broader and a fix would need to be implemented in libxml2.
Still back then there was confusion between scopes of CVE-2016-10127 and
CVE-2016-10149 so let's move it to negligible impact for the remaining
issue.
- - - - -
e058b0f0 by Salvatore Bonaccorso at 2023-02-28T21:42:45+01:00
Process some NFUs
- - - - -
46390642 by Salvatore Bonaccorso at 2023-02-28T21:46:35+01:00
Remove notes from two rejected CVEs
Further investigation showed that they are not security issues and were
withdrawn by the assigning CNA.
- - - - -
f9cbd7a3 by Salvatore Bonaccorso at 2023-02-28T21:48:16+01:00
Remove notes from rejected CVE-2021-34250
It was a reservation duplicate for CVE-2021-33396.
- - - - -
9cc0e04d by Salvatore Bonaccorso at 2023-02-28T21:49:37+01:00
Mark CVE-2021-33396 as NFU
- - - - -
ebb3a94e by Salvatore Bonaccorso at 2023-02-28T21:53:06+01:00
Add CVE-2023-27320/sudo
- - - - -
017e8bd7 by Salvatore Bonaccorso at 2023-02-28T21:55:52+01:00
Add Debian bug reference for markdown-it-py issues
- - - - -
0a0a512c by Salvatore Bonaccorso at 2023-02-28T22:00:07+01:00
Mark removal for mongo-tools from unstable
- - - - -
e6aff80c by Salvatore Bonaccorso at 2023-02-28T22:05:18+01:00
Add Debian bug reference for CVE-2023-27320/sudo
- - - - -
05c9d1f7 by Salvatore Bonaccorso at 2023-02-28T22:09:12+01:00
Add CVE-2023-27371/libmicrohttpd
- - - - -
4f904c47 by Guilhem Moulin at 2023-02-28T22:19:17+01:00
CVE-2023-27372/spip assigned
- - - - -
7b40a51e by Salvatore Bonaccorso at 2023-02-28T22:22:34+01:00
Process NFUs
- - - - -
bcff8807 by Salvatore Bonaccorso at 2023-02-28T22:22:36+01:00
Add CVE-2023-2310{8,9}/crasm
- - - - -
bca4b30c by Salvatore Bonaccorso at 2023-02-28T22:23:04+01:00
Drop temporary workaround entry for DLA-3347-1
- - - - -
b555aadd by Salvatore Bonaccorso at 2023-02-28T22:28:15+01:00
Add upstream tag information for CVE-2021-21416
- - - - -
c280206a by Salvatore Bonaccorso at 2023-02-28T22:34:29+01:00
CVE-2021-21305: Add upstream commit reference for 1.3.y branch
- - - - -
0476c4ef by Salvatore Bonaccorso at 2023-02-28T22:36:37+01:00
CVE-2021-32823: Add upstream tag information
- - - - -
39d44d25 by Salvatore Bonaccorso at 2023-02-28T22:46:19+01:00
Add CVE-2022-25901/node-cookiejar
- - - - -
603c96f7 by Salvatore Bonaccorso at 2023-02-28T22:49:08+01:00
Track proposed update for node-cookiejar via bullseye-pu
- - - - -
debca3df by Bastien Roucariès at 2023-02-28T21:59:58+00:00
Claim node-css-what in dla-needed.txt
- - - - -
6eaf207d by Bastien Roucariès at 2023-02-28T22:00:04+00:00
Mark CVE-2022-21222 as unfixed until node-css-what 5.0.1
Typescript rewrite does not fix the ReDoS see for instance https://sources.debian.org/src/node-css-what/4.0.0-3/src/parse.ts/#L84
Only fixed by https://github.com/fb55/css-what/pull/503 by replacing regexp by manual parsing
- - - - -
4e0325da by Guilhem Moulin at 2023-02-28T23:01:58+01:00
CVE-2023-27372/spip: Add references to regression fix.
- - - - -
3e5cc616 by Guilhem Moulin at 2023-03-01T00:20:46+01:00
Reserve DLA-3348-1 for syslog-ng
- - - - -
26ee6389 by security tracker role at 2023-03-01T08:10:13+00:00
automatic update
- - - - -
65a4ed70 by Salvatore Bonaccorso at 2023-03-01T09:56:10+01:00
Add CVE-2023-1095/linux
- - - - -
bcfd7d52 by Salvatore Bonaccorso at 2023-03-01T10:04:40+01:00
Add CVE-2023-22996/linux
- - - - -
7caf16bf by Salvatore Bonaccorso at 2023-03-01T10:11:39+01:00
Add CVE-2023-22997/linux
- - - - -
5fff4c95 by Salvatore Bonaccorso at 2023-03-01T10:17:59+01:00
Add CVE-2023-22998/linux
- - - - -
7ca564b3 by Salvatore Bonaccorso at 2023-03-01T10:23:40+01:00
Add CVE-2023-22999/linux
- - - - -
c7323ee6 by Salvatore Bonaccorso at 2023-03-01T10:46:20+01:00
Process some NFUs
- - - - -
20f7932a by Moritz Muehlenhoff at 2023-03-01T11:02:24+01:00
NFUs
- - - - -
1f5dddf6 by Salvatore Bonaccorso at 2023-03-01T12:25:09+01:00
Reserve DSA number for multipath-tools update
- - - - -
e6c2bacf by Moritz Muehlenhoff at 2023-03-01T12:25:54+01:00
bullseye triage
- - - - -
bb459174 by Moritz Muehlenhoff at 2023-03-01T12:26:19+01:00
pgpool2 fixed in sid
- - - - -
edffc310 by Moritz Muehlenhoff at 2023-03-01T12:35:05+01:00
NFUs (concludes external check)
- - - - -
84efc8ac by Salvatore Bonaccorso at 2023-03-01T12:49:41+01:00
Add note for syslog-ng as Guilhem Moulin proposed an update
- - - - -
d3aa947a by Salvatore Bonaccorso at 2023-03-01T12:53:21+01:00
Add note for libreswan in dsa-needed list
- - - - -
dfe38b6d by Emilio Pozuelo Monfort at 2023-03-01T13:09:25+01:00
lts: take mariadb-10.3
- - - - -
be34ef0e by Bastien Roucariès at 2023-03-01T13:29:18+00:00
Annote CVE-2022-21222 tracked by #1032188
- - - - -
9012a686 by Salvatore Bonaccorso at 2023-03-01T14:52:20+01:00
Correct version for node-css-what
- - - - -
ed3369d5 by Moritz Muehlenhoff at 2023-03-01T15:49:09+01:00
mark spring-java issues as unimportant following latest upload to sid which adds README.Debian.security
- - - - -
527ea393 by Moritz Muehlenhoff at 2023-03-01T17:02:38+01:00
bookworm triage
- - - - -
7bf7f45d by Moritz Muehlenhoff at 2023-03-01T17:41:58+01:00
bookworm triage
- - - - -
b94f61ea by Salvatore Bonaccorso at 2023-03-01T18:43:49+01:00
Mark CVE-2022-47015 as unfixed
- - - - -
7511c56d by Salvatore Bonaccorso at 2023-03-01T19:03:01+01:00
Add upstream tag information for CVE-2021-30151
- - - - -
79673220 by Salvatore Bonaccorso at 2023-03-01T19:09:18+01:00
Mark CVE-2022-37394 as fixed slightly earlier
Was addressed in 26.0.0rc1 already, which entered with the
2:26.0.0~rc1-3 unstable.
- - - - -
04019542 by Moritz Muehlenhoff at 2023-03-01T19:57:10+01:00
new linux issue (and additional oss-sec references)
- - - - -
1b755ee4 by Sylvain Beucler at 2023-03-01T20:14:41+01:00
CVE-2022-21427/mariadb: reference for mariadb-10.3
- - - - -
03f315eb by Dominik George at 2023-03-01T20:19:53+01:00
Claim packages for March
- - - - -
5bcba200 by Dominik George at 2023-03-01T20:20:05+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
c12b7e8c by Moritz Muehlenhoff at 2023-03-01T20:23:33+01:00
bookworm triage
- - - - -
45c6b704 by Salvatore Bonaccorso at 2023-03-01T20:27:47+01:00
Reference commit in mainline (same commit id, but is already upstreamed)
- - - - -
db901538 by Salvatore Bonaccorso at 2023-03-01T20:38:49+01:00
CVE-2022-21427: Fill in status as well for mariadb-10.5
- - - - -
35e448ba by Salvatore Bonaccorso at 2023-03-01T20:48:54+01:00
Add reference for CVE-2023-27320
- - - - -
d0a04631 by Salvatore Bonaccorso at 2023-03-01T20:58:09+01:00
Add CVE-2023-1078/linux
- - - - -
8f6d33c4 by Salvatore Bonaccorso at 2023-03-01T21:00:17+01:00
Add commit reference for CVE-2023-27320
- - - - -
b0224a36 by security tracker role at 2023-03-01T20:10:53+00:00
automatic update
- - - - -
0007a324 by Salvatore Bonaccorso at 2023-03-01T21:23:24+01:00
Add CVE-2023-23001/linux
- - - - -
4a89c1b7 by Salvatore Bonaccorso at 2023-03-01T21:27:09+01:00
Add CVE-2023-23000/linux
- - - - -
cebb1a6a by Salvatore Bonaccorso at 2023-03-01T21:29:53+01:00
Remove notes for CVE-2022-3168 (CNA has not submitted a record)
- - - - -
1f68d464 by Salvatore Bonaccorso at 2023-03-01T21:30:51+01:00
Remove notes for CVE-2019-14560 (not properly submitted by CNA)
- - - - -
25b21e7c by Salvatore Bonaccorso at 2023-03-01T21:33:06+01:00
Process one NFU
- - - - -
a30f23a8 by Salvatore Bonaccorso at 2023-03-01T21:37:01+01:00
Add CVE-2023-1127/vim
- - - - -
3b287ffe by Salvatore Bonaccorso at 2023-03-01T21:38:10+01:00
Process some NFUs
- - - - -
b4c1e6c0 by Salvatore Bonaccorso at 2023-03-01T22:02:32+01:00
Track php-dompdf-svg-lib and php-font-lib embedded copies
- - - - -
dfe7dd3c by Salvatore Bonaccorso at 2023-03-01T22:14:48+01:00
Add new libde265 issues
- - - - -
1c2d43a8 by Salvatore Bonaccorso at 2023-03-01T22:15:31+01:00
Process some NFUs
- - - - -
cad7f5d4 by Salvatore Bonaccorso at 2023-03-01T22:16:00+01:00
Add CVE-2023-25222/libredwg
- - - - -
67547903 by Salvatore Bonaccorso at 2023-03-01T22:16:22+01:00
Add CVE-2023-0594/grafana
- - - - -
0e197050 by Salvatore Bonaccorso at 2023-03-01T22:17:28+01:00
Add Debian bug references for requests to switch away from embedded copy
- - - - -
69e17936 by Salvatore Bonaccorso at 2023-03-01T22:18:36+01:00
Update version for CVE-2023-24607/qt6-base
As the -7 revision got an updated patch, consider this one the version
fixing the CVE. If the fix was anyway complete already then we can
switch back to -6.
- - - - -
80552d4e by Salvatore Bonaccorso at 2023-03-02T06:11:32+01:00
Track fixed version for CVE-2023-0996/libheif
- - - - -
774e568d by Salvatore Bonaccorso at 2023-03-02T06:12:12+01:00
Drop additional whitespace
- - - - -
06af1cad by Salvatore Bonaccorso at 2023-03-02T06:13:34+01:00
Track where phpmyadmin switched to packaged tcpdf
- - - - -
5b4ad49c by Salvatore Bonaccorso at 2023-03-02T07:07:13+01:00
Process two NFUs
- - - - -
f0fe1659 by Salvatore Bonaccorso at 2023-03-02T07:11:58+01:00
Add CVE-2023-1118/linux
- - - - -
79964048 by Salvatore Bonaccorso at 2023-03-02T07:15:09+01:00
Add CVE-2023-25587/binutils
- - - - -
54b99f50 by Sébastien Delafond at 2023-03-02T07:16:03+01:00
Reserve DSA-5367-1 for spip
- - - - -
e383c143 by Salvatore Bonaccorso at 2023-03-02T07:17:11+01:00
Add CVE-2023-0507/grafana
- - - - -
095b0926 by Salvatore Bonaccorso at 2023-03-02T07:25:24+01:00
Reference advisory for CVE-2023-23009
- - - - -
8441e826 by security tracker role at 2023-03-02T08:10:19+00:00
automatic update
- - - - -
3a312e05 by Moritz Muehlenhoff at 2023-03-02T09:14:58+01:00
new node-mermaid issue (concludes external check)
- - - - -
d7715275 by Salvatore Bonaccorso at 2023-03-02T09:17:45+01:00
Add CVE-2023-23002/linux
- - - - -
023341c6 by Salvatore Bonaccorso at 2023-03-02T09:20:10+01:00
Add CVE-2023-23003/linux
- - - - -
f412bcfc by Salvatore Bonaccorso at 2023-03-02T09:22:41+01:00
Add CVE-2023-23004/linux
- - - - -
2779897b by Salvatore Bonaccorso at 2023-03-02T09:25:50+01:00
Add CVE-2023-23005/linux
- - - - -
899778d1 by Salvatore Bonaccorso at 2023-03-02T09:28:13+01:00
Add CVE-2023-23006/linux
- - - - -
2ebe468c by Salvatore Bonaccorso at 2023-03-02T09:37:14+01:00
Process two NFUs
- - - - -
07ffbd22 by Salvatore Bonaccorso at 2023-03-02T09:45:57+01:00
Process some NFUs
- - - - -
50895a7f by Sylvain Beucler at 2023-03-02T13:17:49+01:00
LTS: add wordpress to dla-needed.txt
- - - - -
f34a70c0 by Sylvain Beucler at 2023-03-02T13:56:21+01:00
dla: re-add nova
- - - - -
4dc4f148 by Salvatore Bonaccorso at 2023-03-02T14:46:57+01:00
Track fixed version for CVE-2019-25078/pacparser
- - - - -
8f8206ff by Salvatore Bonaccorso at 2023-03-02T14:49:22+01:00
Add CVE-2023-26463/strongswan
- - - - -
1ae01195 by Salvatore Bonaccorso at 2023-03-02T20:29:17+01:00
Process some NFUs
- - - - -
cf7a310c by Salvatore Bonaccorso at 2023-03-02T20:34:37+01:00
Add CVE-2023-25155/redis
- - - - -
6d41bd5c by Salvatore Bonaccorso at 2023-03-02T20:36:45+01:00
Add upstream tag information for CVE-2023-25155/redis
- - - - -
082a3e98 by security tracker role at 2023-03-02T20:10:36+00:00
automatic update
- - - - -
ec9c2e6e by Moritz Muehlenhoff at 2023-03-02T21:11:57+01:00
bookworm triage
- - - - -
7e22143f by Salvatore Bonaccorso at 2023-03-02T21:15:07+01:00
Process two NFUs
- - - - -
1d588768 by Salvatore Bonaccorso at 2023-03-02T21:18:41+01:00
Process NFUs
- - - - -
1f233de8 by Salvatore Bonaccorso at 2023-03-02T21:23:56+01:00
Process some NFUs
- - - - -
82c65526 by Salvatore Bonaccorso at 2023-03-02T21:26:49+01:00
Add CVE-2023-22462/grafana
- - - - -
b6a73c7a by Salvatore Bonaccorso at 2023-03-02T21:32:55+01:00
Add Debian bug reference for CVE-2023-25155/redis
- - - - -
1caf75b7 by Salvatore Bonaccorso at 2023-03-02T22:03:28+01:00
Add references to upstream commits for CVE-2022-29973
- - - - -
7e379d22 by Ben Hutchings at 2023-03-02T22:46:28+01:00
Reserve DLA-3349-1 for linux-5.10
- - - - -
5601a142 by Moritz Muehlenhoff at 2023-03-02T22:50:41+01:00
bookworm triage
- - - - -
edd7b529 by Salvatore Bonaccorso at 2023-03-03T07:59:51+01:00
Add CVE-2023-26053/gradle
- - - - -
6b203208 by Salvatore Bonaccorso at 2023-03-03T08:03:11+01:00
Add CVE-2022-36021/redis
- - - - -
7ba343b5 by security tracker role at 2023-03-03T08:10:18+00:00
automatic update
- - - - -
ab84b5a8 by Salvatore Bonaccorso at 2023-03-03T09:16:00+01:00
Process NFUs
- - - - -
5c665ac7 by Salvatore Bonaccorso at 2023-03-03T09:18:40+01:00
Process NFUs
- - - - -
02536be7 by Bastien Roucariès at 2023-03-03T09:52:53+00:00
Reserve DLA-3350-1 for node-css-what
- - - - -
f149409a by Bastien Roucariès at 2023-03-03T09:55:16+00:00
Fix version for DLA-3350-1
- - - - -
62bc18bc by Bastien Roucariès at 2023-03-03T10:03:57+00:00
Add CVE-2021-33587 to DLA-3350-1
- - - - -
7fdc140f by Moritz Muehlenhoff at 2023-03-03T11:24:22+01:00
bullseye triage
- - - - -
37162791 by Moritz Muehlenhoff at 2023-03-03T13:00:06+01:00
gradle n/a
- - - - -
d53d9714 by Guilhem Moulin at 2023-03-03T13:35:50+01:00
LTS: claim wordpress in dla-needed.txt
- - - - -
b5138ac3 by Moritz Muehlenhoff at 2023-03-03T13:57:30+01:00
record additional CVEs fixed in libde265 DSA
- - - - -
f2f77ff7 by Lee Garrett at 2023-03-03T15:45:45+01:00
Reserve DLA-3351-1 for apache2
- - - - -
ad594cdc by Moritz Muehlenhoff at 2023-03-03T16:12:15+01:00
libmicrohttpd fixed in sid
- - - - -
835c6c91 by Moritz Muehlenhoff at 2023-03-03T16:13:20+01:00
fuse-exfat fixed in experimental
- - - - -
466c9304 by Salvatore Bonaccorso at 2023-03-03T16:14:04+01:00
Add reference for CVE-2023-0215
- - - - -
9e5eda01 by Sylvain Beucler at 2023-03-03T16:16:00+01:00
golang* buster triage/harmonization
- - - - -
d9c2cc69 by Sylvain Beucler at 2023-03-03T16:33:34+01:00
dla: add libde265
- - - - -
bd644ef8 by Sylvain Beucler at 2023-03-03T16:48:06+01:00
CVE-2019-25104/iortcw: buster end-of-life
- - - - -
cc047d3e by Sylvain Beucler at 2023-03-03T16:52:26+01:00
CVE-2022-25901/node-cookiejar: buster postponed
- - - - -
d6725b60 by Sylvain Beucler at 2023-03-03T16:52:59+01:00
CVE-2023-25155/redis: buster postponed
- - - - -
9b235067 by Salvatore Bonaccorso at 2023-03-03T16:58:25+01:00
Add Debian bug reference for CVE-2022-48345/node-mermaid
- - - - -
4f2612ab by Sylvain Beucler at 2023-03-03T17:06:30+01:00
CVE-2023-25824/mod-gnutls: buster postponed
- - - - -
b44551f8 by Sylvain Beucler at 2023-03-03T17:06:32+01:00
CVE-2019-25072/tendermint-go-common: buster postponed
- - - - -
a0633596 by Sylvain Beucler at 2023-03-03T17:20:33+01:00
dla: add pcre2
- - - - -
b9124777 by Sylvain Beucler at 2023-03-03T17:26:12+01:00
dla: add docker.io
- - - - -
76425fc6 by Guilhem Moulin at 2023-03-03T19:37:51+01:00
LTS: claim pcre2 in dla-needed.txt
- - - - -
9501e698 by Moritz Muehlenhoff at 2023-03-03T19:43:39+01:00
bullseye triage
- - - - -
3e27f195 by Moritz Muehlenhoff at 2023-03-03T20:18:19+01:00
bookworm triage
- - - - -
22478f42 by Salvatore Bonaccorso at 2023-03-03T20:49:07+01:00
Reserve DSA number for libreswan update
- - - - -
1892e4f9 by security tracker role at 2023-03-03T20:10:37+00:00
automatic update
- - - - -
4885d3b8 by Salvatore Bonaccorso at 2023-03-03T21:23:57+01:00
Add CVE-2023-26604/systemd
- - - - -
52bfc79e by Salvatore Bonaccorso at 2023-03-03T21:37:27+01:00
Add CVE-2022-4645/tiff
- - - - -
a9d85004 by Salvatore Bonaccorso at 2023-03-03T21:50:50+01:00
Add CVE-2023-27560/php-phpseclib3
- - - - -
46f18d6e by Salvatore Bonaccorso at 2023-03-03T22:41:02+01:00
Process some NFUs
- - - - -
28f9bc33 by Guilhem Moulin at 2023-03-03T23:38:10+01:00
Reserve DLA-3347-2 for spip
- - - - -
ec9ad475 by Tobias Frost at 2023-03-04T08:04:20+01:00
Document progress on firmware-nonfree.
- - - - -
c0529747 by Tobias Frost at 2023-03-04T08:25:01+01:00
LTS: claim libde265 in dla-needed.txt
- - - - -
d2f773cf by security tracker role at 2023-03-04T08:10:12+00:00
automatic update
- - - - -
cd396fdc by Salvatore Bonaccorso at 2023-03-04T09:56:13+01:00
Process two NFUs
- - - - -
0b661feb by Salvatore Bonaccorso at 2023-03-04T09:59:01+01:00
Remove notes from CVE-2021-39617
Got rejected as further investigation showed it was no security issue.
- - - - -
4b2c4a07 by Salvatore Bonaccorso at 2023-03-04T09:59:34+01:00
Drop notes from CVE-2018-3614
It was rejected earlier due not beeing finally used by a CNA in 2018
with publishing. Cleanup was incomplete, remove the remaining notes.
- - - - -
0bfbe428 by Sylvain Beucler at 2023-03-04T11:28:13+01:00
CVE-2023-26463/strongswan: introductory commit + buster not-affected
- - - - -
3bf58e19 by Sylvain Beucler at 2023-03-04T11:32:42+01:00
CVE-2023-23009/libreswan: buster not-affected
- - - - -
81736cb9 by Sylvain Beucler at 2023-03-04T11:47:39+01:00
CVE-2022-40664,CVE-2023-22602/shiro: buster postponed
- - - - -
674a7c89 by Sylvain Beucler at 2023-03-04T11:49:41+01:00
CVE-2022-25927/node-ua-parser-js: buster postponed
- - - - -
465dc3be by Sylvain Beucler at 2023-03-04T11:51:48+01:00
CVE-2022-4645/tiff: buster postponed
- - - - -
d68c3488 by Sylvain Beucler at 2023-03-04T12:14:36+01:00
dla: add systemd
- - - - -
bd56d031 by Sylvain Beucler at 2023-03-04T12:40:17+01:00
CVE-2023-22332/pgpool2: precise triage rationale
- - - - -
ced84a52 by Sylvain Beucler at 2023-03-04T13:01:39+01:00
CVE-2020-36401/mruby: precise buster triage
- - - - -
3ba23471 by Sylvain Beucler at 2023-03-04T13:43:14+01:00
CVE-2022-24894,CVE-2022-24895/symfony: precise triage rationale
- - - - -
abf505f9 by Adrian Bunk at 2023-03-04T15:33:47+02:00
dla: take systemd
- - - - -
81d882bb by Salvatore Bonaccorso at 2023-03-04T15:12:37+01:00
Process two NFUs
- - - - -
89278217 by Salvatore Bonaccorso at 2023-03-04T15:14:29+01:00
Add CVE-2023-1170/vim
- - - - -
fa000347 by Salvatore Bonaccorso at 2023-03-04T15:23:19+01:00
Add newly assigned CVE-2023-27561/runc
Place is in data/CVE/list nearer to CVE-2019-19921 as the issue exists
due to a CVE-2019-19921 regression.
- - - - -
897a8dac by Salvatore Bonaccorso at 2023-03-04T16:24:42+01:00
Track proposed update for node-css-what via bullseye-pu
- - - - -
b2ffe263 by Sylvain Beucler at 2023-03-04T16:42:05+01:00
dla: update runc status
- - - - -
50e27cca by Salvatore Bonaccorso at 2023-03-04T17:37:49+01:00
Track two redis issues fixed via unstable
- - - - -
4349b1f3 by Tobias Frost at 2023-03-04T18:21:05+01:00
Reserve DLA-3352-1 for libde265
- - - - -
e2fa5346 by security tracker role at 2023-03-04T20:10:39+00:00
automatic update
- - - - -
4dbba021 by Salvatore Bonaccorso at 2023-03-05T08:53:04+01:00
Add CVE-2023-1175/vim
- - - - -
b2352f76 by Salvatore Bonaccorso at 2023-03-05T08:54:28+01:00
Track more vim fixes via unstable upload
- - - - -
00a96368 by security tracker role at 2023-03-05T08:10:18+00:00
automatic update
- - - - -
78364cdd by Salvatore Bonaccorso at 2023-03-05T09:37:32+01:00
Add CVE-2015-10088/ayttm
- - - - -
5d1f0b96 by Salvatore Bonaccorso at 2023-03-05T09:38:31+01:00
Process some NFUs
- - - - -
e5771044 by Salvatore Bonaccorso at 2023-03-05T10:23:44+01:00
Track fixed version for CVE-2022-23538/singularity-container
- - - - -
f9012022 by Salvatore Bonaccorso at 2023-03-05T10:25:50+01:00
Track golang-github-tidwall-gjson fixes via experimental
- - - - -
4ad5997f by Anton Gladky at 2023-03-05T10:43:14+01:00
Mark CVE-2009-4228 as not-affected
- - - - -
d672ae42 by Salvatore Bonaccorso at 2023-03-05T10:47:41+01:00
Revert "Mark CVE-2009-4228 as not-affected"
This reverts commit 4ad5997f64d9ab9dde81235c1bdcf8a26e16c4a7.
Having "newer versions in the archive" is not a valid reason for
not-affected. We either continue to err on the safe side and keep
something as unfixed or pinpoint a fix. In this case it is mostly
irrelevant as the issue is unimportant.
- - - - -
28f6fd92 by Salvatore Bonaccorso at 2023-03-05T10:50:32+01:00
Add CVE assignment reference to distinquish CVE-2009-4228 from CVE-2009-4227
- - - - -
b62ddb44 by Salvatore Bonaccorso at 2023-03-05T11:00:19+01:00
Process some NFUs
- - - - -
a06b1e53 by Anton Gladky at 2023-03-05T11:08:21+01:00
Reserve DLA-3353-1 for xfig
- - - - -
103a56e7 by Salvatore Bonaccorso at 2023-03-05T11:11:23+01:00
Add Debian bug reference for CVE-2023-27560/phpseclib
- - - - -
23412668 by Salvatore Bonaccorso at 2023-03-05T13:58:47+01:00
data/config.json: Add codename entries for forky
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
e9ceb9c7 by Salvatore Bonaccorso at 2023-03-05T14:17:52+01:00
distributions.json: Add forky
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
7ee5e16c by Salvatore Bonaccorso at 2023-03-05T13:23:26+00:00
Merge branch 'initial-forky-support' into 'master'
Add codename entries for forky
See merge request security-tracker-team/security-tracker!128
- - - - -
e522c038 by Salvatore Bonaccorso at 2023-03-05T17:09:38+01:00
Track fixed version for two CVEs for linux fixed via unstable
- - - - -
ab9f1289 by Adrian Bunk at 2023-03-05T19:47:27+02:00
dla: give imagemagick to Bastien
- - - - -
98519993 by Moritz Mühlenhoff at 2023-03-05T20:19:47+01:00
syslog-ng DSA
- - - - -
874845fb by Salvatore Bonaccorso at 2023-03-05T20:40:23+01:00
Add new set of webkit2gtk issues
- - - - -
3e1075e0 by security tracker role at 2023-03-05T20:10:30+00:00
automatic update
- - - - -
4e0bd85f by Salvatore Bonaccorso at 2023-03-05T21:16:48+01:00
Process NFUs
- - - - -
f25824d6 by Markus Koschany at 2023-03-06T01:31:29+01:00
CVE-2022-38143,openimageio: Link to pull request
- - - - -
b017dc4a by Salvatore Bonaccorso at 2023-03-06T05:51:15+01:00
Add CVE-2023-27635/debian-goodies
- - - - -
d04009ec by security tracker role at 2023-03-06T08:10:12+00:00
automatic update
- - - - -
41708b62 by Salvatore Bonaccorso at 2023-03-06T09:22:44+01:00
Reference pull requet for CVE-2023-27561
- - - - -
1dcd6357 by Salvatore Bonaccorso at 2023-03-06T09:24:42+01:00
Process some NFUs
- - - - -
4de58954 by Moritz Muehlenhoff at 2023-03-06T10:56:51+01:00
new libtpms issues (concludes external check)
- - - - -
e4712b62 by Sylvain Beucler at 2023-03-06T11:10:24+01:00
LTS: add wireless-regdb to dla-needed.txt
- - - - -
46a8ccf4 by Sylvain Beucler at 2023-03-06T12:01:09+01:00
dla-needed.txt: drop extra blank line
- - - - -
2557527e by Sylvain Beucler at 2023-03-06T12:21:12+01:00
dla: update ceph note
- - - - -
886f307f by Sylvain Beucler at 2023-03-06T12:22:01+01:00
dla: wireless-regdb was added following tobi's request
- - - - -
f731c2f7 by Sylvain Beucler at 2023-03-06T12:38:19+01:00
dla: claim qemu
- - - - -
58e969c4 by Emilio Pozuelo Monfort at 2023-03-06T13:35:57+01:00
CVE-2022-22967/salt: add fixing commit
- - - - -
a9819afa by Salvatore Bonaccorso at 2023-03-06T13:44:44+01:00
Add upstream tag information for CVE-2023-27560
- - - - -
6f0efb7b by Salvatore Bonaccorso at 2023-03-06T13:47:59+01:00
Track fixed version for CVE-2023-27560/php-phpseclib3
- - - - -
33452f47 by Emilio Pozuelo Monfort at 2023-03-06T14:00:15+01:00
lts: take kopanocore
- - - - -
4c3dce27 by Salvatore Bonaccorso at 2023-03-06T14:17:52+01:00
Add Debian bug reference for CVE-2023-101{7,8}/libtpms
- - - - -
c975fd95 by Emilio Pozuelo Monfort at 2023-03-06T15:43:00+01:00
Reserve DLA-3354-1 for kopanocore
- - - - -
1fff4348 by Salvatore Bonaccorso at 2023-03-06T17:32:08+01:00
Add new tryton-server issue
- - - - -
27012d59 by Moritz Muehlenhoff at 2023-03-06T17:40:26+01:00
NFUs
- - - - -
1b280654 by Moritz Muehlenhoff at 2023-03-06T17:45:05+01:00
Two more libde265 issues (fixed in sid/bullseye)
- - - - -
ccd82f59 by Moritz Muehlenhoff at 2023-03-06T17:51:24+01:00
new web2py issue
- - - - -
6d7dcbff by Moritz Muehlenhoff at 2023-03-06T18:12:37+01:00
NFUs
- - - - -
004bd0cc by Tobias Frost at 2023-03-06T19:12:43+01:00
Mark libde265 CVE-2022-47664/CVE-2022-47665 as fixed by DLA-3352-1.
- - - - -
d308317f by security tracker role at 2023-03-06T20:10:38+00:00
automatic update
- - - - -
66aa4601 by Salvatore Bonaccorso at 2023-03-06T21:14:42+01:00
Process NFUs
- - - - -
6fa5b6b4 by Salvatore Bonaccorso at 2023-03-06T21:21:16+01:00
Process some NFUs
- - - - -
ef5b3907 by Salvatore Bonaccorso at 2023-03-06T21:22:02+01:00
Add CVE-2022-48364/mastodon
- - - - -
2c4762e9 by Salvatore Bonaccorso at 2023-03-06T21:47:48+01:00
Update information for CVE-2022-396{4,5}/ffmpeg
- - - - -
038d2e0b by Salvatore Bonaccorso at 2023-03-06T22:43:17+01:00
Process some NFUs
- - - - -
c07baee6 by Salvatore Bonaccorso at 2023-03-06T22:44:46+01:00
Add CVE-2023-26483/golang-github-russellhaering-gosaml2, itp'ed
- - - - -
8d15278e by Salvatore Bonaccorso at 2023-03-07T06:31:34+01:00
Add CVE-2023-1193/linux
- - - - -
b350a120 by Salvatore Bonaccorso at 2023-03-07T06:34:03+01:00
Add CVE-2023-1192/linux
- - - - -
2002e78e by Salvatore Bonaccorso at 2023-03-07T06:36:12+01:00
Add CVE-2023-1194/linux
- - - - -
3b09527f by Salvatore Bonaccorso at 2023-03-07T06:40:15+01:00
Add CVE-2023-1195/linux
- - - - -
af4b5d8d by security tracker role at 2023-03-07T08:10:14+00:00
automatic update
- - - - -
46bd31cc by Salvatore Bonaccorso at 2023-03-07T10:00:26+01:00
Add CVE-2023-121{1,2}/phpipam
- - - - -
dd5e00a0 by Salvatore Bonaccorso at 2023-03-07T10:02:06+01:00
Process NFUs
- - - - -
ea6cfc2b by Salvatore Bonaccorso at 2023-03-07T10:04:45+01:00
Add CVE-2023-1161/wireshark
- - - - -
563e10ad by Salvatore Bonaccorso at 2023-03-07T13:40:20+01:00
Track several fixes for gpac issues fixed via unstable
- - - - -
c1f25427 by Salvatore Bonaccorso at 2023-03-07T13:43:07+01:00
Process several moodle issues
- - - - -
6364c44f by Salvatore Bonaccorso at 2023-03-07T14:44:47+01:00
Process some NFUs
- - - - -
8c52c30b by Salvatore Bonaccorso at 2023-03-07T14:58:49+01:00
Update information for CVE-2023-26605/linux
- - - - -
76e65624 by Moritz Muehlenhoff at 2023-03-07T15:55:29+01:00
bookworm triage
- - - - -
7c165c6c by Moritz Muehlenhoff at 2023-03-07T15:55:49+01:00
Deassociate CVE-2022-23825 from src:linux, CVE is about a hardware issue and Xen's mitigation for it
- - - - -
2e66929d by Moritz Muehlenhoff at 2023-03-07T16:06:24+01:00
mark two linux issues as non issues
- - - - -
62470399 by Moritz Muehlenhoff at 2023-03-07T16:34:07+01:00
mark three additional kernel bugs as non issues
- - - - -
d56fd85f by Moritz Muehlenhoff at 2023-03-07T16:47:54+01:00
new apache2 issues
- - - - -
fcdacb3b by Salvatore Bonaccorso at 2023-03-07T17:11:21+01:00
Update information according to kernel-sec for CVE-2020-36516
- - - - -
6f8f3a6e by Salvatore Bonaccorso at 2023-03-07T20:43:53+01:00
Update references for apache2 CVEs
- - - - -
a9d630c4 by Salvatore Bonaccorso at 2023-03-07T21:03:02+01:00
Add Debin bug reference for apache2 issues
- - - - -
11df1906 by security tracker role at 2023-03-07T20:10:38+00:00
automatic update
- - - - -
a0e9d248 by Salvatore Bonaccorso at 2023-03-07T21:22:15+01:00
Process some NFUs
- - - - -
d6484329 by Salvatore Bonaccorso at 2023-03-07T21:45:46+01:00
Reserve DSA number for apr update
- - - - -
feec973b by Salvatore Bonaccorso at 2023-03-07T22:05:41+01:00
Process some NFUs
- - - - -
3ef2b979 by Salvatore Bonaccorso at 2023-03-07T22:10:07+01:00
Add CVE-2023-27478/libmemcached
- - - - -
469575a0 by Salvatore Bonaccorso at 2023-03-07T22:22:39+01:00
Add Debian bug reference for CVE-2023-27478/libmemcached
- - - - -
19db6dcb by Salvatore Bonaccorso at 2023-03-07T22:53:55+01:00
Add new chromium issues
- - - - -
0ca5d3dc by Salvatore Bonaccorso at 2023-03-07T22:55:18+01:00
Add chromium to dsa-needed list
- - - - -
de9f534f by Salvatore Bonaccorso at 2023-03-08T07:01:18+01:00
Track fixed version for libtpms issues fixed via unstable
- - - - -
ce5e0c02 by Salvatore Bonaccorso at 2023-03-08T07:08:43+01:00
Track fixed version for chromium via unstable
- - - - -
3fba54a3 by Salvatore Bonaccorso at 2023-03-08T07:09:50+01:00
Track fixed version for apache2 issues via unstable
- - - - -
623a2429 by Salvatore Bonaccorso at 2023-03-08T09:07:26+01:00
Add CVE-2023-1249/linux
- - - - -
33c51249 by security tracker role at 2023-03-08T08:10:20+00:00
automatic update
- - - - -
478950ba by Salvatore Bonaccorso at 2023-03-08T09:41:41+01:00
Process some NFUs
- - - - -
8d60e912 by Salvatore Bonaccorso at 2023-03-08T09:46:44+01:00
Add CVE-2023-1264/vim
- - - - -
6979bc79 by Moritz Muehlenhoff at 2023-03-08T10:58:37+01:00
bookworm triage
- - - - -
3e0e0367 by Moritz Muehlenhoff at 2023-03-08T11:03:41+01:00
new rust-remove-dir-all issue
- - - - -
3275ccc5 by Moritz Muehlenhoff at 2023-03-08T11:18:14+01:00
new Go/ECC issue
- - - - -
4f004f5e by Moritz Muehlenhoff at 2023-03-08T12:21:55+01:00
NFUs
- - - - -
96697879 by Moritz Muehlenhoff at 2023-03-08T13:43:53+01:00
new emacs issue
- - - - -
672e076e by Salvatore Bonaccorso at 2023-03-08T15:00:55+01:00
Reference upstream commits for CVE-2023-24532
- - - - -
0f5ffe21 by Emilio Pozuelo Monfort at 2023-03-08T18:39:39+01:00
lts: drop golang-github-nats-io-jwt, issues are postponed
- - - - -
1f0cd048 by Emilio Pozuelo Monfort at 2023-03-08T18:41:45+01:00
Add upstream issue for CVE-2022-26562/kopanocore
- - - - -
94fe87ee by Thorsten Alteholz at 2023-03-08T19:35:50+01:00
mark CVE-2023-27635 as no-dsa for Buster
- - - - -
5990d70b by Moritz Muehlenhoff at 2023-03-08T20:02:07+01:00
bullseye triage
- - - - -
ec80c02b by Moritz Muehlenhoff at 2023-03-08T20:09:39+01:00
NFUs
- - - - -
771b9bbe by Salvatore Bonaccorso at 2023-03-08T21:01:40+01:00
Add second issue with emacs with emacsclient-mail.desktop
- - - - -
e51da50d by Salvatore Bonaccorso at 2023-03-08T21:02:50+01:00
Add Debian bug reference for emacs issues
- - - - -
6e26e6b4 by Salvatore Bonaccorso at 2023-03-08T21:08:12+01:00
Add oss-security reference for emacs issues
- - - - -
a0fffe14 by security tracker role at 2023-03-08T20:10:38+00:00
automatic update
- - - - -
a7d78142 by Salvatore Bonaccorso at 2023-03-08T21:14:47+01:00
Process one NFU
- - - - -
6aa4853b by Salvatore Bonaccorso at 2023-03-08T21:17:59+01:00
Process some NFUs
- - - - -
bcdd2602 by Salvatore Bonaccorso at 2023-03-09T05:54:06+01:00
Track fixed version for CVE-2023-27320/sudo via unstable
- - - - -
5baa595f by Salvatore Bonaccorso at 2023-03-09T06:51:38+01:00
Add CVE-2023-1252/linux
- - - - -
a04f7b92 by Salvatore Bonaccorso at 2023-03-09T07:33:16+01:00
Add CVE-2023-1108/undertow
- - - - -
2e8f26da by Salvatore Bonaccorso at 2023-03-09T07:39:42+01:00
Add CVE-2023-27530/ruby-rack
- - - - -
65cfb058 by Salvatore Bonaccorso at 2023-03-09T07:41:12+01:00
Two CVEs assigned for emacs issues
- - - - -
88a52ac1 by Salvatore Bonaccorso at 2023-03-09T08:05:23+01:00
Add CVE-2023-27476/owslib
- - - - -
cb7b62f8 by Salvatore Bonaccorso at 2023-03-09T08:11:52+01:00
Add CVE-2021-46322/duktape
- - - - -
f0edc4ba by security tracker role at 2023-03-09T08:10:28+00:00
automatic update
- - - - -
d2ebeb82 by Salvatore Bonaccorso at 2023-03-09T10:17:36+01:00
Process some NFUs
- - - - -
8d955929 by Salvatore Bonaccorso at 2023-03-09T15:44:53+01:00
Process some NFUs
- - - - -
e8636ece by Salvatore Bonaccorso at 2023-03-09T15:49:09+01:00
Add CVE-2021-37519/memcached
- - - - -
1a29c3f3 by Sylvain Beucler at 2023-03-09T16:55:53+01:00
qemu: quick recheck for old pending patches
- - - - -
07076ab5 by Sylvain Beucler at 2023-03-09T16:55:55+01:00
CVE-2022-1050/qemu: referenced merged patch
- - - - -
41cf69b6 by Sylvain Beucler at 2023-03-09T17:15:38+01:00
qemu: quick recheck for recent pending patches
- - - - -
932653e2 by Moritz Muehlenhoff at 2023-03-09T20:06:33+01:00
NFUs
- - - - -
1d834c14 by Moritz Mühlenhoff at 2023-03-09T20:15:59+01:00
chromium DSA
- - - - -
7dd0c36f by Tobias Frost at 2023-03-09T20:22:09+01:00
Reserve DLA-3356-1 for wireless-regdb
- - - - -
1efc0cd8 by security tracker role at 2023-03-09T20:10:27+00:00
automatic update
- - - - -
21f11c9a by Salvatore Bonaccorso at 2023-03-09T21:15:13+01:00
Process some NFUs
- - - - -
47d63ba9 by Tobias Frost at 2023-03-09T22:30:38+01:00
Free DLA-3355-1
- - - - -
cee50d32 by security tracker role at 2023-03-10T08:10:13+00:00
automatic update
- - - - -
604def06 by Moritz Muehlenhoff at 2023-03-10T11:51:03+01:00
NFUs
- - - - -
ea71b6bd by Moritz Muehlenhoff at 2023-03-10T12:03:52+01:00
new gitlab issues
- - - - -
18c1d89d by Moritz Muehlenhoff at 2023-03-10T12:33:47+01:00
new wabt issues
- - - - -
7db0fa40 by Moritz Muehlenhoff at 2023-03-10T12:58:20+01:00
new radare2 issue
- - - - -
c02aa703 by Moritz Muehlenhoff at 2023-03-10T13:01:09+01:00
consul n/a
- - - - -
4acd769b by Moritz Muehlenhoff at 2023-03-10T13:09:31+01:00
new nvidia-cuda-toolkit issues
- - - - -
2c005274 by Moritz Muehlenhoff at 2023-03-10T14:45:29+01:00
man-db n/a
- - - - -
9921ae5a by Moritz Muehlenhoff at 2023-03-10T15:42:00+01:00
new wordpress issue
- - - - -
03bae39b by Moritz Muehlenhoff at 2023-03-10T16:40:33+01:00
NFUs and resolve various TODOs
- - - - -
cab3f84e by Moritz Muehlenhoff at 2023-03-10T16:54:05+01:00
hdf5 non issue
poppler n/a
- - - - -
e40c9514 by Moritz Muehlenhoff at 2023-03-10T16:56:59+01:00
new fcitx5 issue
- - - - -
4408b3ea by Moritz Muehlenhoff at 2023-03-10T16:59:34+01:00
new mbedtls issue
- - - - -
c284a1ca by Moritz Muehlenhoff at 2023-03-10T17:09:04+01:00
new allegro4.4/allegro5 issues
- - - - -
e1afe22e by Moritz Muehlenhoff at 2023-03-10T17:13:08+01:00
new ttyd non issue
- - - - -
d7a06838 by Moritz Muehlenhoff at 2023-03-10T17:24:29+01:00
new tidy-html5 issue
- - - - -
5a6d43fc by Moritz Muehlenhoff at 2023-03-10T17:26:32+01:00
new freeimage issue
- - - - -
59345e75 by Moritz Muehlenhoff at 2023-03-10T17:28:59+01:00
new python-mechanize issue
- - - - -
1fd56a23 by Moritz Muehlenhoff at 2023-03-10T17:30:59+01:00
new mootools issue
- - - - -
f7d2e915 by Moritz Muehlenhoff at 2023-03-10T17:33:13+01:00
new schism issue
- - - - -
8cf77fc6 by Moritz Muehlenhoff at 2023-03-10T17:35:47+01:00
new mpv issue
- - - - -
eb39682d by Tobias Frost at 2023-03-10T17:58:21+01:00
LTS: claim intel-microcode in dla-needed.txt
- - - - -
57e9f283 by Sylvain Beucler at 2023-03-10T19:50:13+01:00
CVE-2023-27561/runc: clarification
- - - - -
28fd8252 by Sylvain Beucler at 2023-03-10T19:50:14+01:00
CVE-2021-3592/qemu: reference regression fix
- - - - -
a9780b83 by Moritz Muehlenhoff at 2023-03-10T20:17:49+01:00
bugnums
- - - - -
25fd4fdc by Salvatore Bonaccorso at 2023-03-10T20:52:37+01:00
CVE-2023-27114: Reference commit from the repository
- - - - -
dd8dd8a8 by Salvatore Bonaccorso at 2023-03-10T20:54:36+01:00
Add reference to upstream advisory for CVE-2023-0845
- - - - -
1ba78771 by Salvatore Bonaccorso at 2023-03-10T20:59:54+01:00
Update information for CVE-2022-3590
As of 6.1.1 the issue appears to be still unfixed. The issue still
affects all versions from 4.1.30 up to the 6.1.1 release.
Link: https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11
Link: https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
- - - - -
5d25a2d2 by Salvatore Bonaccorso at 2023-03-10T21:04:01+01:00
Insert back one lost CVE entry
- - - - -
9d7bcfbf by Salvatore Bonaccorso at 2023-03-10T21:09:08+01:00
Adjust source package name to fcitx5 for CVE-2021-37311
- - - - -
3766e10f by security tracker role at 2023-03-10T20:10:28+00:00
automatic update
- - - - -
b2ce62e2 by Salvatore Bonaccorso at 2023-03-10T21:12:31+01:00
Process two NFUs
- - - - -
350e056f by Salvatore Bonaccorso at 2023-03-10T21:21:01+01:00
Process some NFUs
- - - - -
80607d48 by Salvatore Bonaccorso at 2023-03-10T21:23:29+01:00
Add CVE-2023-26464/apache-log4j1.2
- - - - -
ca096458 by Salvatore Bonaccorso at 2023-03-10T21:31:00+01:00
Process some NFUs
- - - - -
d9f44d07 by Salvatore Bonaccorso at 2023-03-10T21:34:28+01:00
Mark CVE-2021-36647 as already fixed earlier
Fixed upstream in 3.0.0, 2.27.0 or 2.16.11. Unstable got the 2.16.11-0.1
uploadfollowed by later on 2.28.0 series. Pin point it thus to the
earliest version in unstable containing the fixes.
- - - - -
373656c1 by Salvatore Bonaccorso at 2023-03-10T21:44:33+01:00
CVE-2021-36489: Track fix back to the un-repackaged version as well already
- - - - -
e75afb0a by Salvatore Bonaccorso at 2023-03-10T22:38:41+01:00
Mark rust-crossbeam-utils-0.7 as removed from unstable
- - - - -
3067b336 by Salvatore Bonaccorso at 2023-03-10T22:39:13+01:00
Mark rust-crossbeam-utils-0.7 as removed from every supported suite
- - - - -
7a6eb6fe by security tracker role at 2023-03-11T08:10:12+00:00
automatic update
- - - - -
226e7b0b by Salvatore Bonaccorso at 2023-03-11T09:22:16+01:00
Process some NFUs
- - - - -
c80e7a91 by Salvatore Bonaccorso at 2023-03-11T16:58:09+01:00
Mark CVE-2022-37704 as no-dsa for bullseye
- - - - -
6536a0fa by Bastien Roucariès at 2023-03-11T16:48:50+00:00
Reserve DLA-3357-1 for imagemagick
- - - - -
540034fa by Thorsten Alteholz at 2023-03-11T18:57:19+01:00
LTS: add duktape to dla-needed.txt
- - - - -
d764bd63 by Thorsten Alteholz at 2023-03-11T18:58:42+01:00
claim duktape
- - - - -
86c8c6fb by Thorsten Alteholz at 2023-03-11T19:13:06+01:00
mark CVE-2021-36489 as no-dsa for Buster
- - - - -
b49273d5 by Thorsten Alteholz at 2023-03-11T19:15:11+01:00
mark CVE-2021-37311 as no-dsa for Buster
- - - - -
c4b51c8c by Thorsten Alteholz at 2023-03-11T19:26:07+01:00
mark CVE-2023-0996 as no-dsa for Buster
- - - - -
b9ddbc55 by Thorsten Alteholz at 2023-03-11T19:33:54+01:00
mark CVE-2021-36647 as no-dsa for Buster
- - - - -
0a95a705 by Thorsten Alteholz at 2023-03-11T19:35:33+01:00
mark CVE-2023-0193 and CVE-2023-0196 as no-dsa for Buster
- - - - -
32b3df89 by Moritz Muehlenhoff at 2023-03-11T19:40:13+01:00
NFUs
- - - - -
29592114 by Sylvain Beucler at 2023-03-11T20:50:08+01:00
CVE-2021-3750/qemu: update triage and patch links
- - - - -
0dd21a72 by security tracker role at 2023-03-11T20:10:29+00:00
automatic update
- - - - -
f0d74f05 by Salvatore Bonaccorso at 2023-03-11T21:16:44+01:00
Process some NFUs
- - - - -
f55018f3 by Salvatore Bonaccorso at 2023-03-11T21:19:13+01:00
Process some more NFUs
- - - - -
c10089ee by Sylvain Beucler at 2023-03-11T21:44:03+01:00
CVE-2021-3929/qemu: update triage and patch links
- - - - -
614a1054 by Thorsten Alteholz at 2023-03-12T00:29:04+01:00
LTS: add mpv to dla-needed.txt
- - - - -
b88a157a by Thorsten Alteholz at 2023-03-12T00:29:04+01:00
claim mpv
- - - - -
3039e997 by Thorsten Alteholz at 2023-03-12T00:29:04+01:00
Reserve DLA-3358-1 for mpv
- - - - -
199e0ac9 by Salvatore Bonaccorso at 2023-03-12T08:44:01+01:00
Add CVE-2023-1350/liferea
- - - - -
d3eb1205 by Salvatore Bonaccorso at 2023-03-12T08:52:25+01:00
Add Debian bug reference for CVE-2023-1350/liferea
- - - - -
98644e0f by security tracker role at 2023-03-12T08:10:16+00:00
automatic update
- - - - -
91287b71 by Salvatore Bonaccorso at 2023-03-12T14:06:13+01:00
Add CVE-2023-1355/vim
- - - - -
2e32d387 by Salvatore Bonaccorso at 2023-03-12T14:09:40+01:00
Process some NFUs
- - - - -
c8114c8f by Tobias Frost at 2023-03-12T19:07:05+01:00
Document approach to intel-microcode.
- - - - -
949c44e5 by security tracker role at 2023-03-12T20:10:18+00:00
automatic update
- - - - -
a7074c77 by Salvatore Bonaccorso at 2023-03-12T21:17:39+01:00
Reference upstream tag for CVE-2023-1350
- - - - -
23a9d480 by Salvatore Bonaccorso at 2023-03-12T21:28:29+01:00
Process some NFUs
- - - - -
998b1e5e by Utkarsh Gupta at 2023-03-13T02:08:00+05:30
Add note for ruby-rails-html-sanitizer
- - - - -
4dacbb52 by Utkarsh Gupta at 2023-03-13T02:08:55+05:30
Reserve DLA-3359-1 for libapache2-mod-auth-mellon
- - - - -
63a9de7a by Utkarsh Gupta at 2023-03-13T02:10:30+05:30
Reserve DLA-3360-1 for ruby-sidekiq
- - - - -
392ff630 by Anton Gladky at 2023-03-12T21:52:23+01:00
LTS: take 389-ds-base
- - - - -
51777719 by Thorsten Alteholz at 2023-03-12T23:55:29+01:00
LTS: add apache2 to dla-needed.txt
- - - - -
98184fc7 by Thorsten Alteholz at 2023-03-13T00:01:28+01:00
LTS: add ruby-racks to dla-needed.txt
- - - - -
a92e695d by Thorsten Alteholz at 2023-03-13T00:03:12+01:00
Revert "LTS: add ruby-racks to dla-needed.txt"
This reverts commit 98184fc75622fb669ea31ef6b2dab480d30d2af2.
- - - - -
7bf298af by Thorsten Alteholz at 2023-03-13T00:04:21+01:00
LTS: add ruby-rack to dla-needed.txt
- - - - -
7b32c923 by Thorsten Alteholz at 2023-03-13T00:06:03+01:00
LTS: add libmicrohttpd to dla-needed.txt
- - - - -
88a111f9 by Thorsten Alteholz at 2023-03-13T00:08:05+01:00
mark CVE-2021-33367 as no-dsa for Buster
- - - - -
83fe56dd by Thorsten Alteholz at 2023-03-13T00:09:05+01:00
mark CVE-2022-3213 as no-dsa for Buster
- - - - -
6fd1fd35 by Thorsten Alteholz at 2023-03-13T00:14:48+01:00
mark CVE-2021-37519 as not-affected for Buster
- - - - -
1bdc1a56 by Thorsten Alteholz at 2023-03-13T00:22:00+01:00
claim libmicrohttpd
- - - - -
f36b5073 by Thorsten Alteholz at 2023-03-13T00:27:09+01:00
LTS: add redis to dla-needed.txt
- - - - -
069f696a by Aron Xu at 2023-03-13T10:59:44+08:00
Reserve DSA-5372-1 for rails
- - - - -
d15d3ae9 by Salvatore Bonaccorso at 2023-03-13T05:49:25+01:00
Track fixed version for CVE-2023-1350/liferea
- - - - -
e7aa9abb by Salvatore Bonaccorso at 2023-03-13T05:51:42+01:00
CVE-2023-1350: Add followup commit and clarify status of feature
- - - - -
cb0d4a68 by Salvatore Bonaccorso at 2023-03-13T05:55:07+01:00
Track as well rust-lock-api-0.1 for RUSTSEC-2020-0070
- - - - -
7707875b by Anton Gladky at 2023-03-13T06:06:37+01:00
LTS: take go
- - - - -
2688047f by Anton Gladky at 2023-03-13T06:06:55+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
021f3208 by Anton Gladky at 2023-03-13T06:16:29+01:00
LTS: add sox to dla-needed.txt
- - - - -
5b85a46f by Anton Gladky at 2023-03-13T06:18:31+01:00
LTS: assign sox to Helmut.
- - - - -
6caf7eec by Aron Xu at 2023-03-13T15:22:24+08:00
Add gpac to dsa-needed and claim it
- - - - -
41a11235 by security tracker role at 2023-03-13T08:10:13+00:00
automatic update
- - - - -
216d8abc by Salvatore Bonaccorso at 2023-03-13T09:19:17+01:00
Process some NFUs
- - - - -
57597af6 by Moritz Muehlenhoff at 2023-03-13T09:36:03+01:00
"new" chromium issues
- - - - -
cc29fbf9 by Moritz Muehlenhoff at 2023-03-13T10:22:55+01:00
NFUs
- - - - -
07c4bf08 by Markus Koschany at 2023-03-13T10:59:07+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
f9e00d58 by Markus Koschany at 2023-03-13T10:59:44+01:00
Update note for openimageio in dla-needed.txt
- - - - -
6d2763ee by Chris Lamb at 2023-03-13T12:08:42+00:00
data/dla-needed.txt: Claim redis.
- - - - -
a29784c9 by Chris Lamb at 2023-03-13T12:09:51+00:00
data/dla-needed.txt: Claim ruby-loofah.
- - - - -
7023b378 by Moritz Muehlenhoff at 2023-03-13T14:06:35+01:00
new node-webpack issue
- - - - -
48bc6af2 by Moritz Muehlenhoff at 2023-03-13T14:37:00+01:00
openldap n/a
- - - - -
40763f04 by Moritz Muehlenhoff at 2023-03-13T16:57:47+01:00
resolve one TODO
- - - - -
ee6064f7 by Chris Lamb at 2023-03-13T16:35:51+00:00
dla-needed.txt: Update note for ruby-loofah.
- - - - -
6476e51e by Chris Lamb at 2023-03-13T16:43:38+00:00
Reserve DLA-3361-1 for redis
- - - - -
2de74675 by Salvatore Bonaccorso at 2023-03-13T19:07:34+01:00
Remove todo entry for CVE-2022-42920
- - - - -
5fc7df1c by Salvatore Bonaccorso at 2023-03-13T20:19:52+01:00
Reference merge commit for CVE-2023-28154
- - - - -
a71124b8 by Salvatore Bonaccorso at 2023-03-13T20:29:29+01:00
Add Debian bug reference for CVE-2023-28154
- - - - -
246b27ea by Salvatore Bonaccorso at 2023-03-13T20:51:52+01:00
Add Debian bug reference for CVE-2023-27530/ruby-rack
- - - - -
100cd8b6 by security tracker role at 2023-03-13T20:10:40+00:00
automatic update
- - - - -
d9f0d16a by Salvatore Bonaccorso at 2023-03-13T21:24:07+01:00
Process some NFUs
- - - - -
75bfa94f by Salvatore Bonaccorso at 2023-03-13T21:33:40+01:00
Process some NFUs
- - - - -
3f623236 by Sylvain Beucler at 2023-03-13T21:54:18+01:00
CVE-2022-1050/qemu: buster not-affected
- - - - -
366bf573 by Daniel Leidert at 2023-03-13T22:26:09+01:00
Reclaim ruby-loofah
(thanks to Chris for contacting me)
- - - - -
69a70e9a by Salvatore Bonaccorso at 2023-03-14T05:47:23+01:00
Add CVE-2022-43441/node-sqlite3
- - - - -
d61780e4 by Salvatore Bonaccorso at 2023-03-14T05:57:06+01:00
Track fixed version for CVE-2023-28154/node-webpack
- - - - -
6d163b78 by Salvatore Bonaccorso at 2023-03-14T06:06:55+01:00
Add CVE-2023-1289/imagemagick
- - - - -
93b7c3c7 by security tracker role at 2023-03-14T08:10:13+00:00
automatic update
- - - - -
4ae9fea0 by Sylvain Beucler at 2023-03-14T11:06:01+01:00
CVE-2022-4144/qemu: reference first patch half
- - - - -
44c667e0 by Sylvain Beucler at 2023-03-14T11:11:04+01:00
CVE-2022-1050/qemu: move pvrdma info to NOTE for consistency
- - - - -
856ac826 by Sylvain Beucler at 2023-03-14T11:40:18+01:00
CVE-2022-4144/qemu: reference another pre-requisite
- - - - -
629d2aaf by Salvatore Bonaccorso at 2023-03-14T13:13:24+01:00
Process some NFUs
- - - - -
c6ea268e by Sylvain Beucler at 2023-03-14T15:00:46+01:00
CVE-2022-4144/qemu: buster postponed
- - - - -
e04cdcf3 by Sylvain Beucler at 2023-03-14T15:04:26+01:00
CVE-2023-0330/qemu: buster postponed
- - - - -
a1b5eb28 by Moritz Muehlenhoff at 2023-03-14T16:29:52+01:00
bullseye triage
- - - - -
4b17b3dc by Moritz Muehlenhoff at 2023-03-14T16:35:47+01:00
new firefox issues
- - - - -
6f0ec73f by Moritz Muehlenhoff at 2023-03-14T16:38:47+01:00
new firefox-esr issues
- - - - -
2836c442 by Moritz Muehlenhoff at 2023-03-14T17:28:54+01:00
NFUs
- - - - -
d08acceb by Sylvain Beucler at 2023-03-14T20:25:36+01:00
Reserve DLA-3362-1 for qemu
- - - - -
b61850c6 by Salvatore Bonaccorso at 2023-03-14T20:35:46+01:00
Track temporarily experimental fix for CVE-2022-24803
- - - - -
08655120 by Salvatore Bonaccorso at 2023-03-14T20:44:12+01:00
Add CVE-2023-1380/linux
- - - - -
e55bb019 by Salvatore Bonaccorso at 2023-03-14T20:48:35+01:00
Add CVE-2023-28144/hotspot
- - - - -
e9d788fe by Salvatore Bonaccorso at 2023-03-14T20:54:46+01:00
Update note for CVE-2023-28144/hotspot
- - - - -
88a53a6f by security tracker role at 2023-03-14T20:10:33+00:00
automatic update
- - - - -
539aa812 by Salvatore Bonaccorso at 2023-03-14T21:18:31+01:00
Add CVE-2023-28339/opendoas
- - - - -
93b3c5d6 by Salvatore Bonaccorso at 2023-03-14T21:41:20+01:00
Process NFUs
- - - - -
bf0bb595 by Salvatore Bonaccorso at 2023-03-14T21:56:54+01:00
Track proposed node-webpack update via bullseye-pu
- - - - -
6809e58e by Moritz Mühlenhoff at 2023-03-14T22:35:56+01:00
node-sqlite3 DSA
- - - - -
a7352919 by Salvatore Bonaccorso at 2023-03-14T22:55:18+01:00
Track fixed version for two emacs CVEs
- - - - -
e8aaa1a0 by Salvatore Bonaccorso at 2023-03-15T05:18:11+01:00
Track fixes for firefox-esr via unstable for mfsa2023-10
- - - - -
146b7263 by Salvatore Bonaccorso at 2023-03-15T07:06:18+01:00
Track fixed version for CVE-2022-41550/libosip2 via unstable
- - - - -
63067fcd by Salvatore Bonaccorso at 2023-03-15T07:39:40+01:00
Add CVE-2023-1382/linux
- - - - -
985c71ac by Salvatore Bonaccorso at 2023-03-15T07:49:08+01:00
Add CVE-2023-1390/linux
- - - - -
3781e050 by Salvatore Bonaccorso at 2023-03-15T08:00:11+01:00
Add CVE-2023-28327/linux
- - - - -
f036f7aa by Salvatore Bonaccorso at 2023-03-15T08:06:34+01:00
Add CVE-2023-28328/linux
- - - - -
5e97e19c by security tracker role at 2023-03-15T08:10:24+00:00
automatic update
- - - - -
4e777964 by Emilio Pozuelo Monfort at 2023-03-15T11:53:31+01:00
lts: take firefox-esr
- - - - -
af8e549f by Henri Salo at 2023-03-15T13:11:59+02:00
NFU
- - - - -
4bf9428e by Moritz Muehlenhoff at 2023-03-15T12:53:04+01:00
NFUs
- - - - -
1d90f132 by Moritz Muehlenhoff at 2023-03-15T16:47:30+01:00
intel-microcode fixed in sid
- - - - -
a85187f8 by Moritz Muehlenhoff at 2023-03-15T19:07:14+01:00
bookworm triage
- - - - -
4096b90c by Moritz Muehlenhoff at 2023-03-15T19:46:07+01:00
bookworm triage
- - - - -
fcdce712 by Moritz Mühlenhoff at 2023-03-15T19:50:23+01:00
firefox-esr
- - - - -
9aa99c41 by Salvatore Bonaccorso at 2023-03-15T20:41:55+01:00
Track fixed version for CVE-2021-37789/libstb
- - - - -
5f342d61 by Salvatore Bonaccorso at 2023-03-15T20:59:20+01:00
Add CVE-2023-28371/stellarium
- - - - -
be61f2b1 by security tracker role at 2023-03-15T20:10:23+00:00
automatic update
- - - - -
4ba04d72 by Salvatore Bonaccorso at 2023-03-15T21:20:41+01:00
Process some NFUs
- - - - -
8da1ad5c by Salvatore Bonaccorso at 2023-03-15T21:28:29+01:00
Process some NFUs
- - - - -
9800528d by Salvatore Bonaccorso at 2023-03-15T21:42:12+01:00
Add two new nomad CVEs
- - - - -
3879ab48 by Salvatore Bonaccorso at 2023-03-15T22:06:29+01:00
Add CVE-2023-2710{2,3}/libde265
- - - - -
43478e0c by Salvatore Bonaccorso at 2023-03-15T22:07:22+01:00
Process NFUs
- - - - -
d37c52f1 by Salvatore Bonaccorso at 2023-03-15T22:29:42+01:00
Add new thunderbird issues from mfsa2023-11
- - - - -
1f4d3555 by Salvatore Bonaccorso at 2023-03-15T22:30:31+01:00
Add thunderbird to dsa-needed list
- - - - -
5f1b17fc by Salvatore Bonaccorso at 2023-03-15T22:32:22+01:00
Track fixed version for thunderbird issues from mfsa2023-11
- - - - -
90ab1b53 by Guilhem Moulin at 2023-03-16T03:28:24+01:00
Reserve DLA-3363-1 for pcre2
- - - - -
0eccc9a8 by Salvatore Bonaccorso at 2023-03-16T07:46:17+01:00
Process two NFUs
- - - - -
1b8e0ff5 by Salvatore Bonaccorso at 2023-03-16T08:33:19+01:00
Add CVE-2023-28466/linux
- - - - -
f9a4a80c by security tracker role at 2023-03-16T08:10:17+00:00
automatic update
- - - - -
8fc63cfb by Moritz Muehlenhoff at 2023-03-16T09:21:09+01:00
bookworm triage
- - - - -
3cb56407 by Salvatore Bonaccorso at 2023-03-16T11:04:37+01:00
Process three NFUs
- - - - -
17e94768 by Salvatore Bonaccorso at 2023-03-16T11:07:26+01:00
Add CVE-2023-2848{6,7}/sudo
- - - - -
56efda40 by Salvatore Bonaccorso at 2023-03-16T11:11:06+01:00
Process two NFUs
- - - - -
1be120e5 by Salvatore Bonaccorso at 2023-03-16T11:14:25+01:00
Add CVE-2023-28450/dnsmasq
- - - - -
f6c41193 by Moritz Muehlenhoff at 2023-03-16T14:17:47+01:00
bullseye triage
- - - - -
68739287 by Salvatore Bonaccorso at 2023-03-17T09:09:41+01:00
Track fixed version for CVE-2021-38371/exim4 via unstable
- - - - -
b5e42675 by Salvatore Bonaccorso at 2023-03-17T09:09:43+01:00
Add CVE-2023-24278 as NFU
- - - - -
d58f7830 by Salvatore Bonaccorso at 2023-03-17T09:09:44+01:00
Update information for CVE-2022-38457 and CVE-2022-40133
- - - - -
e0021e06 by Salvatore Bonaccorso at 2023-03-17T09:09:46+01:00
Track fixed version for CVE-2020-25016/rust-rgb via unstable
- - - - -
b55d4864 by Salvatore Bonaccorso at 2023-03-17T09:09:47+01:00
Update information for CVE-2022-43995/sudo
- - - - -
c72e0539 by Moritz Muehlenhoff at 2023-03-17T09:23:29+01:00
bookworm triage
- - - - -
d6a9465e by Moritz Mühlenhoff at 2023-03-17T10:23:02+01:00
thunderbird DSA
- - - - -
fd95911a by Moritz Muehlenhoff at 2023-03-17T11:26:51+01:00
bookworm triage
- - - - -
8f080812 by Salvatore Bonaccorso at 2023-03-17T11:40:56+01:00
Add two new flatpak issues
- - - - -
3d90a5d1 by Moritz Mühlenhoff at 2023-03-17T11:45:17+01:00
ceph spu
- - - - -
aea14a3c by Moritz Muehlenhoff at 2023-03-17T12:46:40+01:00
remove duplicated entry
- - - - -
f148c358 by Emilio Pozuelo Monfort at 2023-03-17T14:23:31+01:00
Reserve DLA-3364-1 for firefox-esr
- - - - -
73660236 by Moritz Muehlenhoff at 2023-03-17T14:47:56+01:00
bookworm triage
- - - - -
4595f08a by Moritz Muehlenhoff at 2023-03-17T15:09:07+01:00
bugnums
- - - - -
69103dca by Moritz Muehlenhoff at 2023-03-17T15:37:04+01:00
bugnums
- - - - -
7ee53265 by Salvatore Bonaccorso at 2023-03-17T17:55:28+01:00
Mark CVE-2023-2810{0,1}/flatpkak as no-dsa
- - - - -
661acf7e by Salvatore Bonaccorso at 2023-03-17T17:57:41+01:00
Add tracking bug for now explicitly on CVE-2023-24808
- - - - -
aba57269 by Moritz Muehlenhoff at 2023-03-17T19:48:43+01:00
NFUs
- - - - -
95dfae46 by Tobias Frost at 2023-03-17T20:09:33+01:00
Document progress on intel-microcode.
- - - - -
7502612c by Salvatore Bonaccorso at 2023-03-17T20:15:43+01:00
Track proposed update for intel-microcode via bullseye-pu
- - - - -
7dd92d31 by Salvatore Bonaccorso at 2023-03-17T20:19:59+01:00
Reserve DSA number for sox regression update
- - - - -
6c1bb365 by security tracker role at 2023-03-17T20:10:27+00:00
automatic update
- - - - -
412b6cf6 by Salvatore Bonaccorso at 2023-03-17T21:24:43+01:00
Process some NFUs
- - - - -
a2c64254 by Salvatore Bonaccorso at 2023-03-17T21:43:37+01:00
Add CVE-2023-28531/openssh
- - - - -
13b173f9 by Salvatore Bonaccorso at 2023-03-17T21:56:22+01:00
Process some NFUs
- - - - -
0e7317a5 by Salvatore Bonaccorso at 2023-03-17T22:27:09+01:00
Add CVE-2023-1463/teampass
- - - - -
ca6655c3 by Salvatore Bonaccorso at 2023-03-17T22:28:22+01:00
Process three gpac issues
- - - - -
4b04785e by Salvatore Bonaccorso at 2023-03-17T22:29:26+01:00
Process some NFUs
- - - - -
3507ae5f by Salvatore Bonaccorso at 2023-03-17T22:38:03+01:00
Add CVE-2023-2676{7,8,9}/liblouis
- - - - -
c61590af by Sylvain Beucler at 2023-03-17T22:45:15+01:00
dla: reference xapian-core work
- - - - -
346c5615 by security tracker role at 2023-03-18T08:10:12+00:00
automatic update
- - - - -
ec5ed5b4 by Salvatore Bonaccorso at 2023-03-18T09:17:36+01:00
Process some NFUs
- - - - -
523a5c89 by Salvatore Bonaccorso at 2023-03-18T09:18:06+01:00
Add three CVEs for cilium, itp'ed
- - - - -
95bc6bb4 by Abhijith PA at 2023-03-18T14:50:50+05:30
data/dla-needed.txt: claim consul
- - - - -
958767fb by Utkarsh Gupta at 2023-03-18T18:38:53+05:30
Mark CVE-2023-2848{6,7}/sudo as no-dsa for buster
- - - - -
f67cb5c5 by Utkarsh Gupta at 2023-03-18T18:39:22+05:30
Mark CVE-2023-1175/vim as no-dsa for buster
- - - - -
28fa556a by Utkarsh Gupta at 2023-03-18T18:41:09+05:30
Mark CVE-2021-33391/tidy-html5 as no-dsa for buster
- - - - -
42acdb7f by Utkarsh Gupta at 2023-03-18T18:41:33+05:30
Mark CVE-2023-1161/wireshark as no-dsa for buster
- - - - -
512eab88 by Utkarsh Gupta at 2023-03-18T18:42:42+05:30
Add hdf5 to dla-needed
- - - - -
9d217c48 by Sylvain Beucler at 2023-03-18T15:54:00+01:00
Reserve DLA-3355-1 for xapian-core
(manually picking DLA-3355 which was incorrectly reserved and freed in 47d63ba935d6ed95ddd5e20e1a0c865c65b57ce6)
- - - - -
cb7e2b35 by Salvatore Bonaccorso at 2023-03-18T15:57:07+01:00
Track fixed version for CVE-2022-21949/ruby-xmlhash via unstable
- - - - -
32872097 by Salvatore Bonaccorso at 2023-03-18T16:21:46+01:00
Track fixed version for php8.2 upload via unstable
- - - - -
c6d98bf9 by Bastien Roucariès at 2023-03-18T16:18:13+00:00
Reserve DLA-3357-2 for imagemagick
- - - - -
ab3df978 by Moritz Muehlenhoff at 2023-03-18T19:54:20+01:00
rust-prettytable-rs fixed in sid
- - - - -
8eae023b by Salvatore Bonaccorso at 2023-03-18T20:55:40+01:00
Add Debian bug reference for CVE-2023-28450/dnsmasq
- - - - -
e4491e34 by Salvatore Bonaccorso at 2023-03-18T20:58:56+01:00
Add Debian bug reference for CVE-2023-28531/openssh
- - - - -
ed03f69e by security tracker role at 2023-03-18T20:10:30+00:00
automatic update
- - - - -
3ac0f3a5 by Salvatore Bonaccorso at 2023-03-18T21:20:35+01:00
Process some NFUs
- - - - -
529fe49b by Salvatore Bonaccorso at 2023-03-18T21:42:23+01:00
Track proposed flatpak fixes via bullseye-pu
- - - - -
5d6c254c by Salvatore Bonaccorso at 2023-03-18T21:51:30+01:00
Remove tracking for apache2 via bullseye-pu as pending in next DSA
- - - - -
c19b1664 by Salvatore Bonaccorso at 2023-03-19T08:33:44+01:00
Add CVE-2023-1032/linux
- - - - -
042091c5 by Salvatore Bonaccorso at 2023-03-19T08:36:39+01:00
Add CVE-2023-1476 as NFU
- - - - -
9e37608e by Salvatore Bonaccorso at 2023-03-19T09:05:47+01:00
Add CVE-2022-4842{3,4,5}/linux
- - - - -
57395a32 by security tracker role at 2023-03-19T08:10:18+00:00
automatic update
- - - - -
081b6a95 by Salvatore Bonaccorso at 2023-03-19T09:22:29+01:00
Process some NFUs
- - - - -
31ef187f by Salvatore Bonaccorso at 2023-03-19T14:31:37+01:00
Add fixed version for CVE-2023-22799/ruby-globalid via unstable
- - - - -
8e2d7da3 by Salvatore Bonaccorso at 2023-03-19T15:11:17+01:00
Add CVE-2023-28617/{org-mode,emacs}
- - - - -
cd36fb3e by Salvatore Bonaccorso at 2023-03-19T15:55:16+01:00
Track fixed version for linux issues fixed via unstable
- - - - -
e8afa573 by Salvatore Bonaccorso at 2023-03-19T17:13:57+01:00
Add Debian bug reference for liblouis issues
- - - - -
602724ea by Salvatore Bonaccorso at 2023-03-19T17:52:44+01:00
Demote liblouis issues to unimportant severity
- - - - -
c2982d46 by Salvatore Bonaccorso at 2023-03-19T20:51:59+01:00
Process some NFUs
- - - - -
45c60176 by Salvatore Bonaccorso at 2023-03-19T20:52:25+01:00
Add CVE-2021-46877/jackson-databind
- - - - -
f54f0a81 by Salvatore Bonaccorso at 2023-03-19T20:53:05+01:00
Mark CVE-2021-46877 as no-dsa
- - - - -
d2488ae6 by Salvatore Bonaccorso at 2023-03-19T20:54:23+01:00
Mark CVE-2023-28617 as no-dsa for bullseye
Thanks: Sebastien Delafond for the confirmation
- - - - -
96ed296b by security tracker role at 2023-03-19T20:10:37+00:00
automatic update
- - - - -
8c79722a by Salvatore Bonaccorso at 2023-03-19T21:38:06+01:00
Process one NFU
- - - - -
0662ffd7 by Salvatore Bonaccorso at 2023-03-19T22:21:41+01:00
Add new set of tcpreplay issues
- - - - -
d00da44c by Markus Koschany at 2023-03-19T23:43:52+01:00
CVE-2022-41649,openimageio: Link to fixing commit
- - - - -
0b8e81cb by Markus Koschany at 2023-03-19T23:43:53+01:00
CVE-2022-41684,openimageio: Link to fixing commit
- - - - -
3c7270da by Markus Koschany at 2023-03-19T23:43:54+01:00
CVE-2022-41794,openimageio: Link to fixing commit
- - - - -
6dece549 by Markus Koschany at 2023-03-19T23:43:56+01:00
CVE-2022-41837,openimageio: Link to fixing commit
- - - - -
88c8703d by Markus Koschany at 2023-03-19T23:43:57+01:00
CVE-2022-41838,CVE-2022-41999,openimageio: Link to fixing commits
- - - - -
83ae7f51 by Markus Koschany at 2023-03-19T23:43:58+01:00
CVE-2022-38143,openimageio: Buster is not affected
The vulnerable code was introduced later
- - - - -
2e12246c by Markus Koschany at 2023-03-19T23:43:59+01:00
CVE-2022-43592,openimageio: Link to pull request
- - - - -
22e314ce by Markus Koschany at 2023-03-19T23:44:01+01:00
CVE-2022-43594,openimageio: Link to pull request
- - - - -
d1bd600f by Markus Koschany at 2023-03-19T23:44:02+01:00
CVE-2022-43595,openimageio: Link to pull request
- - - - -
2b466f30 by Markus Koschany at 2023-03-19T23:44:03+01:00
CVE-2022-43596,CVE-2022-43597,CVE-2022-43598,CVE-2022-43599,CVE-2022-43600
CVE-2022-43601,CVE-2022-43602,openimageio: Link to pull request
- - - - -
ea5ad6b5 by Anton Gladky at 2023-03-20T06:28:06+01:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
802c2c18 by Salvatore Bonaccorso at 2023-03-20T08:07:41+01:00
Add CVE-2023-27539/ruby-rack
- - - - -
6cc92f9c by Salvatore Bonaccorso at 2023-03-20T08:08:35+01:00
Adjust tag information for CVE-2023-27530
- - - - -
f42dad34 by Salvatore Bonaccorso at 2023-03-20T08:11:24+01:00
Mark CVE-2023-27531 as NFU
- - - - -
cbcdbef8 by Salvatore Bonaccorso at 2023-03-20T08:15:02+01:00
Add CVE-2023-23913/rails
- - - - -
f2fa2541 by Salvatore Bonaccorso at 2023-03-20T08:17:58+01:00
Add CVE-2023-28120/rails
- - - - -
c41f830d by Emilio Pozuelo Monfort at 2023-03-20T08:42:37+01:00
lts: take thunderbird
- - - - -
498b5267 by Emilio Pozuelo Monfort at 2023-03-20T08:44:01+01:00
Reserve DLA-3365-1 for thunderbird
- - - - -
8eb0af4b by security tracker role at 2023-03-20T08:10:21+00:00
automatic update
- - - - -
eb99e3b8 by Salvatore Bonaccorso at 2023-03-20T09:38:01+01:00
Track fixed version for firefox issues for mfsa2023-09
- - - - -
8dff0de1 by Helmut Grohne at 2023-03-20T10:43:55+01:00
reserve DLA-3315-2 for sox regression update
- - - - -
6e192076 by Chris Lamb at 2023-03-20T09:50:23+00:00
data/dla-needed.txt: Claim nheko.
- - - - -
d048824c by Chris Lamb at 2023-03-20T09:53:09+00:00
Add "introduced in" URL for CVE-2022-39264/nheko
- - - - -
1049ed24 by Chris Lamb at 2023-03-20T09:54:12+00:00
Triage CVE-2022-39264 in nheko for buster LTS.
- - - - -
e0866e3e by Guilhem Moulin at 2023-03-20T11:50:55+01:00
LTS: reclaim wordpress in dla-needed.txt
- - - - -
abf4b80a by Adrian Bunk at 2023-03-20T12:59:55+02:00
dla: Reclaim packages and ping/check blockers
- - - - -
e0639694 by Moritz Muehlenhoff at 2023-03-20T15:57:31+01:00
new curl issues
- - - - -
8d08c350 by Moritz Muehlenhoff at 2023-03-20T15:58:31+01:00
phpldapadmin fixed in sid
- - - - -
145caeb1 by Moritz Muehlenhoff at 2023-03-20T16:13:53+01:00
NFUs
- - - - -
fe8e9be4 by Moritz Muehlenhoff at 2023-03-20T16:57:16+01:00
new json-smart issue
- - - - -
7838c85c by Emilio Pozuelo Monfort at 2023-03-20T17:00:21+01:00
merge-cve-files: fix crash when there's an experimental tag
If CVE/list has a CVE such as:
CVE-2023-1234
[experimental] - foo 1.0-1
- foo 1.0-2
And we attempt to fix an annotation such as
CVE-2023-1234
[bullseye] - foo 0.1-1+deb11u1
that will crash when we are iterating over the experimental annotation
as next_annotation would be the sid one with release==None, and we would
be comparing internRelease(bullseye) with internRelease(None), which
is not supported.
This is happening with the current data/next-point-update.txt
- - - - -
815be11a by Moritz Muehlenhoff at 2023-03-20T17:07:28+01:00
new jpegoptim issue
- - - - -
0c4e0af4 by Moritz Muehlenhoff at 2023-03-20T17:14:02+01:00
new node-request issue
- - - - -
aafba9b6 by Moritz Muehlenhoff at 2023-03-20T17:21:11+01:00
NFUs
- - - - -
d514554b by Salvatore Bonaccorso at 2023-03-20T18:03:54+01:00
Add further upstream information for curl issues
- - - - -
fdfa4f80 by Sylvain Beucler at 2023-03-20T18:17:27+01:00
dla: reclaim runc
- - - - -
bd3038b5 by Moritz Mühlenhoff at 2023-03-20T19:39:27+01:00
apache2 DSA
- - - - -
9325b201 by Salvatore Bonaccorso at 2023-03-20T20:32:49+01:00
Add Debian bug reference for CVE-2023-28155
- - - - -
f8e47c52 by Salvatore Bonaccorso at 2023-03-20T20:34:48+01:00
Add Debian bug reference for CVE-2022-30256/maradns
- - - - -
ce47b2c6 by Salvatore Bonaccorso at 2023-03-20T20:37:39+01:00
Add Debian bug reference for CVE-2023-1108
- - - - -
37c9b798 by Salvatore Bonaccorso at 2023-03-20T20:38:38+01:00
Add Debian bug reference for CVE-2022-3590
- - - - -
4345dc9f by Salvatore Bonaccorso at 2023-03-20T20:39:49+01:00
Add Debian bug reference for CVE-2023-1289
- - - - -
b0cc9068 by Salvatore Bonaccorso at 2023-03-20T20:40:39+01:00
Add Debian bug reference for CVE-2023-26266
- - - - -
321ed613 by Salvatore Bonaccorso at 2023-03-20T20:42:07+01:00
Add Debian bug reference for CVE-2023-2710{2,3}
- - - - -
2e6fbca2 by Salvatore Bonaccorso at 2023-03-20T20:43:09+01:00
Add Debian bug reference for CVE-2023-23456
- - - - -
70a7edb8 by Salvatore Bonaccorso at 2023-03-20T21:00:20+01:00
Add upstream tag information for CVE-2022-39264
In 0.8.0 there was added support to store secrets in keychain but issue
seems present before.
- - - - -
6cae764f by Salvatore Bonaccorso at 2023-03-20T21:05:04+01:00
Add upstream tag information for upstream commit for CVE-2023-1370
- - - - -
6ba6efbe by security tracker role at 2023-03-20T20:10:34+00:00
automatic update
- - - - -
d1f0fd04 by Salvatore Bonaccorso at 2023-03-20T21:19:50+01:00
Add Debian bug reference for CVE-2023-28120/rails
- - - - -
57778010 by Salvatore Bonaccorso at 2023-03-20T21:19:51+01:00
Add Debian bug reference for CVE-2023-23913/rails
- - - - -
2fd6cae3 by Moritz Muehlenhoff at 2023-03-20T21:22:05+01:00
bullseye triage
- - - - -
7b7664a2 by Moritz Muehlenhoff at 2023-03-20T21:22:46+01:00
fix reference/copy&paste error
- - - - -
0f142bc3 by Salvatore Bonaccorso at 2023-03-20T21:26:54+01:00
Add Debian bug reference for CVE-2023-27539
- - - - -
080504f2 by Salvatore Bonaccorso at 2023-03-20T21:39:14+01:00
Process some NFUs
- - - - -
f8a89ed4 by Salvatore Bonaccorso at 2023-03-20T21:54:27+01:00
Process some NFUs
- - - - -
8696f2f2 by Samuel Henrique at 2023-03-20T21:52:05+00:00
data/packages/lts-do-call-me: Message samueloph@ before working on a fix
- - - - -
fcd20a66 by Salvatore Bonaccorso at 2023-03-21T06:12:56+01:00
Drop CVE-2022-3636 listed for tiff
- - - - -
9f81daa3 by Anton Gladky at 2023-03-21T06:21:29+01:00
LTS: Add VCS for docker
- - - - -
004bec61 by Anton Gladky at 2023-03-21T06:21:29+01:00
LTS: swap FDs
- - - - -
f5a4f2c3 by Salvatore Bonaccorso at 2023-03-21T06:26:18+01:00
Add ruby-sinatra to dsa needed list
- - - - -
e1df97c1 by Anton Gladky at 2023-03-21T06:35:41+01:00
Mark 3 gpac CVEs as EOL for buster
- - - - -
e8a8f822 by Anton Gladky at 2023-03-21T06:36:40+01:00
LTS: add curl to dla-needed.txt
- - - - -
cf153774 by security tracker role at 2023-03-21T08:10:11+00:00
automatic update
- - - - -
a1166573 by Salvatore Bonaccorso at 2023-03-21T10:33:46+01:00
Process NFUs
- - - - -
79a2c1ef by Salvatore Bonaccorso at 2023-03-21T13:20:38+01:00
Add CVE-2022-42332/xen
- - - - -
00367872 by Salvatore Bonaccorso at 2023-03-21T13:30:54+01:00
Add CVE-2022-4233{3,4}/xen issues
- - - - -
ee678233 by Salvatore Bonaccorso at 2023-03-21T13:32:24+01:00
Add CVE-2022-42331/xen
- - - - -
8700d5dc by Salvatore Bonaccorso at 2023-03-21T14:20:10+01:00
Add CVE-2023-27586/cairosvg
- - - - -
2db5f73a by Salvatore Bonaccorso at 2023-03-21T14:25:16+01:00
Add CVE-2023-28425/redis
- - - - -
49588c38 by Tobias Frost at 2023-03-21T16:11:52+01:00
LTS: claim firmware-nonfree in dla-needed.txt
- - - - -
7d0dd908 by Moritz Muehlenhoff at 2023-03-21T16:37:10+01:00
NFUs
- - - - -
36906343 by Moritz Muehlenhoff at 2023-03-21T16:51:11+01:00
bullseye triage
- - - - -
3ffded61 by Salvatore Bonaccorso at 2023-03-21T20:33:57+01:00
Take cairosvg from dsa-needed list
- - - - -
5958e816 by Salvatore Bonaccorso at 2023-03-21T20:51:44+01:00
Add Debian bug reference for CVE-2023-27586/cairosvg
- - - - -
7768f7e2 by security tracker role at 2023-03-21T20:10:30+00:00
automatic update
- - - - -
7b297823 by Salvatore Bonaccorso at 2023-03-21T21:38:20+01:00
Add tracking bug for new xen issues
- - - - -
6b6aac20 by Salvatore Bonaccorso at 2023-03-21T21:41:19+01:00
Process some NFUs
- - - - -
79dd0a72 by Salvatore Bonaccorso at 2023-03-21T21:49:06+01:00
Add CVE-2023-1545/teampass
- - - - -
9cd30a49 by Salvatore Bonaccorso at 2023-03-21T21:51:02+01:00
Process some NFUs
- - - - -
764399b1 by Holger Levsen at 2023-03-22T01:08:35+01:00
LTS: claim curl
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
703b9de8 by Salvatore Bonaccorso at 2023-03-22T06:17:06+01:00
Add new chromium issues
- - - - -
c470665c by Salvatore Bonaccorso at 2023-03-22T06:39:32+01:00
Add chromium to dsa-needed list
- - - - -
17bb2f30 by Anton Gladky at 2023-03-22T07:11:00+01:00
LTS: add svgpp to dla-needed.txt
- - - - -
fe799dff by Anton Gladky at 2023-03-22T07:11:49+01:00
LTS: assign svgpp to myself (maintainer)
- - - - -
f87d8778 by Salvatore Bonaccorso at 2023-03-22T07:28:59+01:00
Add new CVEs for foreman, itp'ed
CVE-2023-0462 might be specific in combination with Red Hat Satellite
Server.
- - - - -
96550286 by Salvatore Bonaccorso at 2023-03-22T07:38:13+01:00
Add CVE-2023-1513/linux
- - - - -
433d00da by Salvatore Bonaccorso at 2023-03-22T07:39:23+01:00
Add CVE-2023-28329/moodle
- - - - -
94cfef75 by Salvatore Bonaccorso at 2023-03-22T07:40:38+01:00
Add CVE-2023-1544/qemu
- - - - -
f50e2ed1 by security tracker role at 2023-03-22T08:10:21+00:00
automatic update
- - - - -
050180af by Salvatore Bonaccorso at 2023-03-22T09:19:34+01:00
Track fixed version for various curl issues
- - - - -
ab92ab3c by Salvatore Bonaccorso at 2023-03-22T09:20:55+01:00
Process some NFUs
- - - - -
b8becc27 by Moritz Muehlenhoff at 2023-03-22T09:44:19+01:00
chromium fixed in sid
- - - - -
21cb05e0 by Salvatore Bonaccorso at 2023-03-22T10:29:05+01:00
Process one NFU
- - - - -
50179836 by Chris Lamb at 2023-03-22T09:30:59+00:00
dla-needed.txt: Remove nheko after triaging CVE-2022-39264.
- - - - -
613882bc by Moritz Muehlenhoff at 2023-03-22T16:59:56+01:00
new civicrm issue
NFUs
- - - - -
415c1406 by Salvatore Bonaccorso at 2023-03-22T17:01:29+01:00
Add CVE-2023-0464/openssl
- - - - -
fd42a2f2 by Moritz Muehlenhoff at 2023-03-22T17:18:21+01:00
NFUs
- - - - -
1a91f214 by Salvatore Bonaccorso at 2023-03-22T20:45:37+01:00
Fix temporary subject/description with leading whitespace
- - - - -
7c7ba60b by Salvatore Bonaccorso at 2023-03-22T20:49:47+01:00
Update references for CVE-2023-28115
Add upstream tag information and drop the second reference, as it is
only the merge commit for the former.
- - - - -
c621cad8 by Salvatore Bonaccorso at 2023-03-22T20:52:44+01:00
Add upstream commit references for CVE-2023-0464
- - - - -
8f25a96e by security tracker role at 2023-03-22T20:10:34+00:00
automatic update
- - - - -
9467242d by Salvatore Bonaccorso at 2023-03-22T21:17:20+01:00
Drop note from CVE-2023-26823 (duplicate of CVE-2023-0783)
- - - - -
eb92352f by Salvatore Bonaccorso at 2023-03-22T21:18:21+01:00
Remove note for CVE-2022-46464 (withdrawn)
- - - - -
2c850f26 by Salvatore Bonaccorso at 2023-03-22T21:22:03+01:00
Remove notes for CVE-2022-20444 (withdrawn)
- - - - -
31479f95 by Salvatore Bonaccorso at 2023-03-22T21:31:15+01:00
Add CVE-2023-1281/linux
- - - - -
52e01bd8 by Salvatore Bonaccorso at 2023-03-22T21:46:16+01:00
Add CVE-2023-1562/mattermost-server, itp'ed
- - - - -
a2ad73d6 by Salvatore Bonaccorso at 2023-03-22T21:47:21+01:00
Process some NFUs
- - - - -
525e5684 by Salvatore Bonaccorso at 2023-03-22T22:47:25+01:00
Add Debian bug reference for CVE-2023-28425/redis
- - - - -
19478d13 by Salvatore Bonaccorso at 2023-03-22T22:48:50+01:00
Add Debian bug reference sfor CVE-2023-28617/{org-mode,emacs}
- - - - -
ed43841f by Salvatore Bonaccorso at 2023-03-22T22:51:19+01:00
Add fixed version for CVE-2021-44960 via unstable
Explicitly not touching CVE-2019-6245 and CVE-2019-6247. The issues are
unimportant, and not fixed on source-level in svgpp. Additionally the
affected part is only used to build examples.
- - - - -
d9a4b6ef by Anton Gladky at 2023-03-23T06:35:18+01:00
LTS: add cairosvg to dla-needed.txt
- - - - -
4eb3147e by Anton Gladky at 2023-03-23T06:39:48+01:00
Mark CVE-2023-1289 as postponed for buster
- - - - -
bdff35ee by Salvatore Bonaccorso at 2023-03-23T08:01:39+01:00
Track fixed version in unstable for CVE-2022-24803
- - - - -
314de7f5 by Salvatore Bonaccorso at 2023-03-23T08:07:13+01:00
Add CVE-2022-4744/linux
- - - - -
28f64012 by Salvatore Bonaccorso at 2023-03-23T08:13:54+01:00
Add CVE-2023-0386/linux
- - - - -
674a89c0 by security tracker role at 2023-03-23T08:10:20+00:00
automatic update
- - - - -
46b3aac0 by Moritz Muehlenhoff at 2023-03-23T11:03:14+01:00
gitlab-ci-multi-runner fixed in sid
- - - - -
13a3908e by Salvatore Bonaccorso at 2023-03-23T11:08:34+01:00
Process some NFUs
- - - - -
1faaf380 by Salvatore Bonaccorso at 2023-03-23T11:29:11+01:00
Process some NFUs
- - - - -
25d6e7b7 by Moritz Muehlenhoff at 2023-03-23T16:42:30+01:00
new rust-rmp-serde issue
- - - - -
2266b7ed by Moritz Muehlenhoff at 2023-03-23T17:00:57+01:00
NFUs
- - - - -
43126be0 by Lee Garrett at 2023-03-23T17:47:51+01:00
Reclaim samba again (lee)
- - - - -
eb8e59ad by Salvatore Bonaccorso at 2023-03-23T20:27:42+01:00
Add CVE-2023-28686/dino-im
- - - - -
9013d60f by Moritz Mühlenhoff at 2023-03-23T20:58:00+01:00
chromium DSA
- - - - -
bcbf43fd by security tracker role at 2023-03-23T20:10:23+00:00
automatic update
- - - - -
a968d6a7 by Salvatore Bonaccorso at 2023-03-23T21:23:43+01:00
Add CVE-2023-28772/linux
- - - - -
b5dfe465 by Salvatore Bonaccorso at 2023-03-23T21:36:40+01:00
Process some NFUs
- - - - -
5f90c865 by Salvatore Bonaccorso at 2023-03-23T21:50:23+01:00
Process some NFUs
- - - - -
a413040c by Salvatore Bonaccorso at 2023-03-23T21:52:51+01:00
Add CVE-2023-1605/radare2
- - - - -
a5d46d08 by Salvatore Bonaccorso at 2023-03-24T06:13:09+01:00
Add CVE-2023-0160/linux
- - - - -
2539b255 by Salvatore Bonaccorso at 2023-03-24T06:30:31+01:00
Add dino-im to dsa-needed list
- - - - -
5da68905 by Salvatore Bonaccorso at 2023-03-24T06:37:27+01:00
Add upstream commit references for CVE-2023-28686
- - - - -
72b4f121 by security tracker role at 2023-03-24T08:10:12+00:00
automatic update
- - - - -
bbeb06c7 by Chris Lamb at 2023-03-24T08:24:35+00:00
data/dla-needed.txt: Claim cairosvg.
- - - - -
a63cd67b by Chris Lamb at 2023-03-24T08:25:32+00:00
Add "introduced in" commit for CVE-2023-27586/cairosvg
- - - - -
af4dcaee by Emilio Pozuelo Monfort at 2023-03-24T10:21:01+01:00
lts: take tzdata and libdatetime-timezone-perl
- - - - -
235d1b07 by Emilio Pozuelo Monfort at 2023-03-24T11:27:43+01:00
Reserve DLA-3366-1 for tzdata
- - - - -
9bd7fe87 by Emilio Pozuelo Monfort at 2023-03-24T13:14:30+01:00
Update version for tzdata in DLA-3366-1
- - - - -
77678aea by Emilio Pozuelo Monfort at 2023-03-24T13:22:01+01:00
Reserve DLA-3367-1 for libdatetime-timezone-perl
- - - - -
7b67001c by Sylvain Beucler at 2023-03-24T13:34:44+01:00
CVE-2023-27561/runc: reference superseding PR
- - - - -
010c215d by Moritz Muehlenhoff at 2023-03-24T14:22:40+01:00
aflplusplus fixed in sid
- - - - -
f21cc2cc by Moritz Muehlenhoff at 2023-03-24T14:54:32+01:00
NFUs
- - - - -
4d53dc15 by Moritz Muehlenhoff at 2023-03-24T16:31:47+01:00
NFUs
- - - - -
f2bcd41f by Moritz Mühlenhoff at 2023-03-24T20:26:20+01:00
xen DSA
- - - - -
13fd774a by security tracker role at 2023-03-24T20:10:20+00:00
automatic update
- - - - -
b0e8e51f by Salvatore Bonaccorso at 2023-03-24T21:14:59+01:00
Add CVE-2020-36691/linux
- - - - -
212c71d3 by Salvatore Bonaccorso at 2023-03-24T21:18:38+01:00
Process NFUs
- - - - -
8db99ec4 by Salvatore Bonaccorso at 2023-03-24T21:19:29+01:00
Add CVE-2023-1410/grafana
- - - - -
2ba2f789 by Salvatore Bonaccorso at 2023-03-24T21:20:58+01:00
Add new CVEs for moodle
- - - - -
0e98c840 by Salvatore Bonaccorso at 2023-03-24T21:46:12+01:00
Add CVE-2023-28708/tomcat
- - - - -
64f7fd83 by Salvatore Bonaccorso at 2023-03-24T21:53:52+01:00
Track fixed version for CVE-2023-28686/dino-im via unstable
- - - - -
b7df7df4 by Salvatore Bonaccorso at 2023-03-24T22:07:03+01:00
Track fixed version for CVE-2023-27586 via unstable
- - - - -
90d522df by Bastien Roucariès at 2023-03-24T21:25:06+00:00
Claim libreoffice (rouca)
- - - - -
1803c02c by Salvatore Bonaccorso at 2023-03-25T08:30:31+01:00
Add CVE-2021-3923/linux
- - - - -
7c7cc7af by Salvatore Bonaccorso at 2023-03-25T08:35:48+01:00
Add CVE-2023-1582/linux
- - - - -
ec2aeedd by Salvatore Bonaccorso at 2023-03-25T09:01:40+01:00
Add CVE-2023-1611/linux
- - - - -
a4eb92ef by Salvatore Bonaccorso at 2023-03-25T09:09:46+01:00
Add CVE-2023-0836/haproxy
- - - - -
622a1f1b by Salvatore Bonaccorso at 2023-03-25T09:11:02+01:00
Add CVE-2023-1584 as NFU
- - - - -
9cba1cd7 by Salvatore Bonaccorso at 2023-03-25T09:14:23+01:00
Add CVE-2023-1625/heat
- - - - -
a9bc1610 by Salvatore Bonaccorso at 2023-03-25T09:16:12+01:00
Add CVE-2023-28119/golang-github-crewjam-saml
- - - - -
7f80b038 by Salvatore Bonaccorso at 2023-03-25T09:21:56+01:00
Add CVE-2023-1583/linux
- - - - -
984b5e4d by Salvatore Bonaccorso at 2023-03-25T17:13:22+01:00
Track fixed version for CVE-2023-28425/rdis via unstable
- - - - -
7ad073f8 by Salvatore Bonaccorso at 2023-03-25T17:15:07+01:00
Fix wrong indentation for previously added linux CVE
- - - - -
95801669 by Salvatore Bonaccorso at 2023-03-25T17:18:06+01:00
Track fixed version for two ruby-rack CVEs
- - - - -
389ead18 by Salvatore Bonaccorso at 2023-03-25T17:46:51+01:00
DSA 5378-1: Sync date with advisory
- - - - -
5e1026c7 by Salvatore Bonaccorso at 2023-03-25T17:56:00+01:00
Add Debian bug reference for CVE-2023-1370/json-smart
- - - - -
089f8785 by Salvatore Bonaccorso at 2023-03-25T17:58:40+01:00
Add Debian bug reference for CVE-2023-28708/tomcat9
- - - - -
81244eb1 by security tracker role at 2023-03-25T20:10:28+00:00
automatic update
- - - - -
82ae5927 by Salvatore Bonaccorso at 2023-03-25T21:14:46+01:00
Process two NFUs
- - - - -
ca8a50e0 by Salvatore Bonaccorso at 2023-03-25T21:17:56+01:00
Process NFUs
- - - - -
6384e1cd by Salvatore Bonaccorso at 2023-03-25T21:19:55+01:00
Add several new CVEs for tensorflow
- - - - -
8453b14f by Salvatore Bonaccorso at 2023-03-25T21:22:58+01:00
Process NFUs
- - - - -
a83049d9 by Salvatore Bonaccorso at 2023-03-26T07:17:47+02:00
Track fixed version for CVE-2022-44900/py7zr via unstable
- - - - -
b305563a by Salvatore Bonaccorso at 2023-03-26T07:20:59+02:00
Track fixed version for rails issues via unstable
- - - - -
15aefd9d by Salvatore Bonaccorso at 2023-03-26T07:24:34+02:00
Track fixed version for CVE-2022-27811/ocrfeeder
- - - - -
a8adf1fe by security tracker role at 2023-03-26T08:10:16+00:00
automatic update
- - - - -
6f79de11 by Salvatore Bonaccorso at 2023-03-26T13:36:21+02:00
Make severity of CVE-2022-3704 unimportant with negligible/no security impact
- - - - -
fb01bf6c by Salvatore Bonaccorso at 2023-03-26T13:48:47+02:00
Associate CVE-2022-38745 to libreoffice
Usually libreoffice and Apache OpenOffice do not share the CVEs as the
projects are diverging. Though in this case Libreoffice project will not
do any specific advisory for the issue and solved already over a year
ago from time of this commit.
After discussion with Rene Engelhard, reference libreoffice for this
CVE.
- - - - -
8cb9da77 by Bastien Roucariès at 2023-03-26T12:15:39+00:00
Use salsa main tree for salsa
Yadd is ok to use it tree.
- - - - -
2ea09e8e by Salvatore Bonaccorso at 2023-03-26T16:56:44+02:00
Mark CVE-2023-28450 as no-dsa for bullseye
- - - - -
72727a0d by Salvatore Bonaccorso at 2023-03-26T17:03:39+02:00
Reference upstream commit for CVE-2023-27561 In release-1.1 branch
- - - - -
c7871ef7 by Salvatore Bonaccorso at 2023-03-26T17:28:45+02:00
Process some NFUs
- - - - -
f2bf2076 by Salvatore Bonaccorso at 2023-03-26T17:29:39+02:00
Add CVE-2023-27249/swftools
- - - - -
45cfe6d9 by Salvatore Bonaccorso at 2023-03-26T17:32:56+02:00
Add apache2 to dsa-needed list for regression
- - - - -
74a2c8fc by Salvatore Bonaccorso at 2023-03-26T17:42:32+02:00
Add Debian bug reference for CVE-2023-27561/runc
- - - - -
f8fb6929 by Salvatore Bonaccorso at 2023-03-26T17:44:46+02:00
Mark mariadb-10.6 as removed from unstable
- - - - -
bb9cdab5 by Salvatore Bonaccorso at 2023-03-26T17:45:45+02:00
Track mariadb-10.6 as removed in every supported suite
- - - - -
f963920f by Salvatore Bonaccorso at 2023-03-26T17:47:54+02:00
Fix typo in source package name for CVE-2021-32821
- - - - -
0d2dd714 by Salvatore Bonaccorso at 2023-03-26T17:55:06+02:00
Process NFUs
- - - - -
0a21633b by Salvatore Bonaccorso at 2023-03-26T21:13:41+02:00
Process NFU
- - - - -
0ecbed4f by Salvatore Bonaccorso at 2023-03-26T21:14:09+02:00
Add CVE-2022-40208/moodle
- - - - -
fd0fde6f by security tracker role at 2023-03-26T20:10:31+00:00
automatic update
- - - - -
44619aae by Bastien Roucariès at 2023-03-26T20:41:39+00:00
Reserve DLA-3368-1 for libreoffice
- - - - -
fc28cbbe by Thorsten Alteholz at 2023-03-26T23:27:22+02:00
update notes
- - - - -
b483632b by Anton Gladky at 2023-03-27T06:01:55+02:00
LTS: add hotspot to dla-needed.txt
- - - - -
189be72a by Anton Gladky at 2023-03-27T06:01:55+02:00
LTS: add json-smart to dla-needed.txt
- - - - -
20d75842 by Anton Gladky at 2023-03-27T06:40:01+02:00
LTS: update notes for 389-ds-base
- - - - -
90a6b2ec by Salvatore Bonaccorso at 2023-03-27T08:46:07+02:00
Add CVE-2023-1637/linux
- - - - -
eb20bb95 by security tracker role at 2023-03-27T08:10:15+00:00
automatic update
- - - - -
8d306c41 by Emilio Pozuelo Monfort at 2023-03-27T10:25:23+02:00
sectracker.analyzers: check the right struct fields
- - - - -
a2c71a4e by Emilio Pozuelo Monfort at 2023-03-27T10:25:23+02:00
test_parsers: fix PackageAnnotations
This was changed in 727ff2f44 but the test was not updated.
- - - - -
1d926a70 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
test_parsers: update errors for 'bug filed' annotation
That is no longer supported, see commit 8f844bff.
- - - - -
c46bafd1 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
test_parsers: update duplicated urgency error message
- - - - -
d618fc23 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
sectracker.parsers: fix itp bug check
- - - - -
e16095fc by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
sectracker.parsers: fix reporting of invalid annotations
- - - - -
9d36be99 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
parsers: make classes mutable
The parser is not read-only but has write support, so it makes more
sense to have mutable classes so that API users can modify them
as appopriate rather than going through hoops to clone objects
in order to modify something.
- - - - -
b46022d8 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: simplify extra string notes
The notes dict is only going to contain notes for the current
CVE, so we can simply keep and pass the list.
- - - - -
33c20cbe by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: don't create a new Bug object
Replace the bug's annotations instead now that we can modify
the object.
- - - - -
7b5282a4 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: replace the annotations directly
Without creating a new object. Also since we're not creating
new objects, there's no need to recreate the data list.
- - - - -
50ddeb9a by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
remove-cve-dist-tags: don't call _replace
- - - - -
ccd6a86f by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
grab-cve-in-fix: add a bug variable
- - - - -
84507f82 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
grab-cve-in-fix: don't call _replace
We can just modify the bug instance and add it to the modified
list. The data list is modified too, bug we don't do anything
else with it.
- - - - -
44872491 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
update-vuln: _add_annotation_to_cve: use a bug variable
- - - - -
bff5b300 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
update-vuln: _add_annotation_to_cve: don't create a new Bug
We can just modify the existing object now.
- - - - -
204d1de1 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
update-vuln: mark_not_affected: add a bug variable
- - - - -
69712f5a by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
update-vuln: don't use _replace
- - - - -
c60cc24e by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
sectracker.parsers: make cvelist et al return a list of Bugs
- - - - -
d2c8ae0a by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: don't return the modified list
We no longer get a tuple, so there's no need to convert it to
a list and return it. The method just merges the annotation into
the received annotations.
- - - - -
ae600b80 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: simplify merge_notes
It's just appending the new string annotations to the current
annotations, with special care not to add them if they are
already there (probably needed by grab-cve-in-fix or update-vuln).
- - - - -
9e5d24db by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: further simplify merge_notes
- - - - -
0e5845dd by Salvatore Bonaccorso at 2023-03-27T10:31:20+02:00
Process some NFUs
- - - - -
db33b443 by Salvatore Bonaccorso at 2023-03-27T10:37:30+02:00
Add CVE-2023-28866/linux
- - - - -
7816c862 by Dominik George at 2023-03-27T12:59:06+02:00
Claim xrdp
- - - - -
49375e47 by Dominik George at 2023-03-27T12:59:45+02:00
Revert "Claim xrdp"
This reverts commit 7816c862df2fc979aebce9f072e3cbf3d84c253c.
- - - - -
66aa2ab9 by Dominik George at 2023-03-27T13:00:35+02:00
Claim xrdp
- - - - -
d6f9d4f3 by Dominik George at 2023-03-27T13:28:06+02:00
Mark CVE-2022-23477 as not present in buster
- - - - -
f78e09f4 by Sylvain Beucler at 2023-03-27T17:31:35+02:00
Reserve DLA-3369-1 for runc
- - - - -
5a55272e by Sylvain Beucler at 2023-03-27T17:34:33+02:00
Fix-up DLA-3369-1
- - - - -
55519123 by Chris Lamb at 2023-03-27T17:49:52+01:00
Add note for CVE-2023-28686/dino-im.
- - - - -
a0938fb2 by Chris Lamb at 2023-03-27T17:50:42+01:00
Triage CVE-2023-28686 in dino-im for buster LTS.
- - - - -
dd53905f by Chris Lamb at 2023-03-27T17:51:38+01:00
Triage CVE-2023-28450 in dnsmasq for buster LTS.
- - - - -
7c0ba429 by Chris Lamb at 2023-03-27T17:53:37+01:00
Triage CVE-2023-25564 & CVE-2023-25566 in gss-ntlmssp for buster LTS.
- - - - -
cbbed960 by Chris Lamb at 2023-03-27T17:55:33+01:00
Triage CVE-2022-43441 in node-sqlite3 for buster LTS.
- - - - -
3f14df8f by Chris Lamb at 2023-03-27T17:56:00+01:00
Triage CVE-2023-1350 in liferea for buster LTS.
- - - - -
fd282ac3 by Salvatore Bonaccorso at 2023-03-27T20:45:16+02:00
Reference libreoffice advisory for CVE-2022-38745
Libreoffice project went another route and now published an advisory.
Drop the unneeded note in favour of the advisory link.
- - - - -
abcb68e8 by Salvatore Bonaccorso at 2023-03-27T20:55:41+02:00
Add CVE-2023-2519{5,6,7} as NFUs
- - - - -
d68da6e8 by Salvatore Bonaccorso at 2023-03-27T21:15:41+02:00
Add CVE-2023-28753/netconsd
- - - - -
2c4f4a95 by Salvatore Bonaccorso at 2023-03-27T22:00:29+02:00
Reserve DSA number for dino-im update
- - - - -
19091648 by security tracker role at 2023-03-27T20:10:30+00:00
automatic update
- - - - -
fee95ad9 by Salvatore Bonaccorso at 2023-03-27T22:13:35+02:00
Process some NFUs
- - - - -
0d140606 by Salvatore Bonaccorso at 2023-03-27T22:17:42+02:00
Process some NFUs
- - - - -
4c4e8dae by Salvatore Bonaccorso at 2023-03-27T22:22:12+02:00
Remove notes from CVE-2023-1247 as it got rejected
It got rejected as further investigation by the assigning CNA showed
that there is not security issue.
- - - - -
55f7cb99 by Salvatore Bonaccorso at 2023-03-28T07:46:34+02:00
Add CVE-2023-1652/linux
- - - - -
670d95b3 by Salvatore Bonaccorso at 2023-03-28T07:47:26+02:00
Add CVE-2023-1664/Keycloak
- - - - -
93ed0e29 by Salvatore Bonaccorso at 2023-03-28T08:45:55+02:00
Add CVE-2023-28867 as NFU
- - - - -
49b3767a by security tracker role at 2023-03-28T08:10:18+00:00
automatic update
- - - - -
e5eef89c by Dominik George at 2023-03-28T10:15:54+02:00
Add a readable hint on what happens on unpickling errors
- - - - -
901b5a94 by Dominik George at 2023-03-28T10:16:15+02:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
c62e4790 by Dominik George at 2023-03-28T10:18:26+02:00
Reserve DLA-3370-1 for xrdp
- - - - -
379bf1f5 by Salvatore Bonaccorso at 2023-03-28T10:19:51+02:00
Remove notes from CVE-2021-20324
Got rejected as further investigation showed that there is no security
issue.
- - - - -
c268e171 by Salvatore Bonaccorso at 2023-03-28T11:28:18+02:00
Process NFUs
- - - - -
44cb4343 by Salvatore Bonaccorso at 2023-03-28T11:29:11+02:00
Add CVE-2023-165{4,5}/gpac
- - - - -
76191509 by Chris Lamb at 2023-03-28T12:27:29+01:00
Triage CVE-2023-1654 & CVE-2023-1655 in gpac for buster LTS.
- - - - -
af0a3cbc by Chris Lamb at 2023-03-28T12:30:05+01:00
Add commit link for CVE-2022-23480/xrdp.
- - - - -
b40139fb by Chris Lamb at 2023-03-28T12:31:24+01:00
data/dla-needed.txt: Triage xdrp for buster LTS (CVE-2022-23480, CVE-2022-23481 & CVE-2022-23482)
- - - - -
37c4fa8f by Chris Lamb at 2023-03-28T12:32:11+01:00
Triage CVE-2021-46877 in jackson-databind for buster LTS.
- - - - -
add974a5 by Chris Lamb at 2023-03-28T12:32:39+01:00
Triage CVE-2023-28154 in node-webpack for buster LTS.
- - - - -
ab91aca2 by Chris Lamb at 2023-03-28T12:33:33+01:00
Triage CVE-2023-28617 in org-mode for buster LTS.
- - - - -
ebe1f48c by Chris Lamb at 2023-03-28T12:33:55+01:00
Triage CVE-2023-26249 in knot-resolver for buster LTS.
- - - - -
d89116ef by Emilio Pozuelo Monfort at 2023-03-28T13:36:18+02:00
xpickle: re-parse the file in case of AttributeError
- - - - -
2e994587 by Emilio Pozuelo Monfort at 2023-03-28T13:36:57+02:00
lts: fix package name
- - - - -
3c187baf by Salvatore Bonaccorso at 2023-03-28T16:14:06+02:00
Add CVE-2023-046{5,6}/openssl
- - - - -
83f38c86 by Salvatore Bonaccorso at 2023-03-28T17:58:38+02:00
CVE-2023-0464: Use upstream branch names
- - - - -
9f7ddc1a by Salvatore Bonaccorso at 2023-03-28T17:59:37+02:00
Add upstream commit references for CVE-2023-046{5,6}/openssl
- - - - -
21649df2 by Salvatore Bonaccorso at 2023-03-28T20:32:45+02:00
Add CVE-2023-28464/linux
- - - - -
76e77a11 by Salvatore Bonaccorso at 2023-03-28T21:15:03+02:00
Add reference to upstream tag for CVE-2019-11939
Ongoing asessment in https://bugs.debian.org/988948
- - - - -
90a98f42 by Salvatore Bonaccorso at 2023-03-28T21:31:05+02:00
Mark CVE-2023-28326 as NFU
- - - - -
337de082 by Salvatore Bonaccorso at 2023-03-28T21:42:58+02:00
Add CVE-2023-28427/node-matrix-js-sdk
- - - - -
42768c76 by Salvatore Bonaccorso at 2023-03-28T21:54:51+02:00
Add Debian bug reference for CVE-2023-28427/node-matrix-js-sdk
- - - - -
7b5fd3fc by security tracker role at 2023-03-28T20:10:35+00:00
automatic update
- - - - -
8c4fecf6 by Salvatore Bonaccorso at 2023-03-28T22:20:04+02:00
Process one NFU
- - - - -
34a2bd3b by Salvatore Bonaccorso at 2023-03-28T22:29:15+02:00
Process some NFUs
- - - - -
75556064 by Salvatore Bonaccorso at 2023-03-28T22:29:56+02:00
Add CVE-2023-25661/tensorflow
- - - - -
905ec714 by Salvatore Bonaccorso at 2023-03-28T22:30:22+02:00
Add CVE-2023-0241/pgadmin4
- - - - -
8055f9ac by Chris Lamb at 2023-03-29T00:35:56+01:00
Triage CVE-2023-27586 in cairosvg for buster LTS.
- - - - -
594b5e9b by Chris Lamb at 2023-03-29T00:41:17+01:00
Triage CVE-2023-28427 in node-matrix-js-sdk for buster LTS.
- - - - -
5db9b2e4 by security tracker role at 2023-03-29T08:10:11+00:00
automatic update
- - - - -
b585ca5c by Chris Lamb at 2023-03-29T10:01:31+01:00
Triage CVE-2023-28100 & CVE-2023-28101 in flatpak for buster LTS.
- - - - -
08eacb79 by Chris Lamb at 2023-03-29T10:02:04+01:00
Triage CVE-2022-38745 in libreoffice for buster LTS.
- - - - -
1cbc6468 by Chris Lamb at 2023-03-29T10:02:32+01:00
Triage CVE-2023-27102 & CVE-2023-27103 in libde265 for buster LTS.
- - - - -
a56c76e7 by Salvatore Bonaccorso at 2023-03-29T12:21:53+02:00
Track fixed version for CVE-2023-27561/runc
- - - - -
787dbb66 by Salvatore Bonaccorso at 2023-03-29T12:22:55+02:00
Add upstream tag reference for CVE-2023-27561
- - - - -
81e2c07f by Salvatore Bonaccorso at 2023-03-29T12:27:05+02:00
Add CVE-2023-25809/runc
- - - - -
279f1d32 by Salvatore Bonaccorso at 2023-03-29T12:30:14+02:00
Add CVE-2023-28642/runc
- - - - -
c4013038 by Sylvain Beucler at 2023-03-29T13:38:33+02:00
CVE-2023-28642/runc: buster fixed
- - - - -
6cd04fa1 by Thorsten Alteholz at 2023-03-29T14:16:54+02:00
claim xorg-server
- - - - -
ed272279 by Salvatore Bonaccorso at 2023-03-29T14:45:44+02:00
Add CVE-2023-1393/xorg-server
- - - - -
08d0cf16 by Markus Koschany at 2023-03-29T14:46:34+02:00
Reserve DLA-3371-1 for unbound
- - - - -
20c8f280 by Salvatore Bonaccorso at 2023-03-29T14:47:27+02:00
Add reference to usptream commit for CVE-2023-1393
- - - - -
77d01abc by Salvatore Bonaccorso at 2023-03-29T14:52:53+02:00
Reserve DSA number for xorg-server update
- - - - -
f987b2b8 by Thorsten Alteholz at 2023-03-29T15:30:23+02:00
Reserve DLA-3372-1 for xorg-server
- - - - -
c8decbf1 by Salvatore Bonaccorso at 2023-03-29T16:01:49+02:00
Add fixes for CVE-2023-1393 via unstable
- - - - -
58c9f47c by Salvatore Bonaccorso at 2023-03-29T16:03:37+02:00
Add CVE-2023-28862/lemonldap-ng
- - - - -
cee36d3a by Salvatore Bonaccorso at 2023-03-29T16:04:52+02:00
Track fixes for CVE-2023-28862 via bullseye-pu
- - - - -
245fb834 by Salvatore Bonaccorso at 2023-03-29T16:42:34+02:00
Process some NFUs
- - - - -
ab8c6d40 by Salvatore Bonaccorso at 2023-03-29T17:13:19+02:00
Add CVE-2023-0614/samba
- - - - -
b152baef by Salvatore Bonaccorso at 2023-03-29T17:14:46+02:00
Add CVE-2023-0922/samba
- - - - -
3fed88de by Salvatore Bonaccorso at 2023-03-29T17:15:34+02:00
Add CVE-2023-0225/samba
- - - - -
18b7c6e7 by Salvatore Bonaccorso at 2023-03-29T21:33:47+02:00
Track fixed version for three CVEs for samba via unstable
- - - - -
063df950 by security tracker role at 2023-03-29T20:10:29+00:00
automatic update
- - - - -
2cefb2a8 by Salvatore Bonaccorso at 2023-03-29T22:14:34+02:00
Process some NFUs
- - - - -
ec239d84 by Salvatore Bonaccorso at 2023-03-29T22:14:36+02:00
Add two new python-redis CVEs
- - - - -
da1f3991 by Salvatore Bonaccorso at 2023-03-29T22:14:37+02:00
Add CVE-2023-26923/musescore
- - - - -
d553cba5 by Salvatore Bonaccorso at 2023-03-29T22:22:16+02:00
Add thunderbird for CVE-2023-28427 tracking
- - - - -
b465f724 by Salvatore Bonaccorso at 2023-03-29T22:43:51+02:00
Process two NFUs
- - - - -
e5067144 by Salvatore Bonaccorso at 2023-03-29T22:49:36+02:00
Process some NFUs
- - - - -
65b8d9b4 by Moritz Mühlenhoff at 2023-03-29T23:39:15+02:00
thunderbird postponed
- - - - -
de5c06ff by Salvatore Bonaccorso at 2023-03-30T06:41:56+02:00
Add CVE-2022-48434/ffmpeg
- - - - -
3887ee33 by Salvatore Bonaccorso at 2023-03-30T07:47:56+02:00
Add CVE-2023-1670/linux
- - - - -
d0c0c63e by Bastien Roucariès at 2023-03-30T05:55:25+00:00
Claim json-smart
- - - - -
8a7b9a9e by Emilio Pozuelo Monfort at 2023-03-30T09:56:47+02:00
lts: mark CVE-2023-28427/thunderbird as postponed on buster
- - - - -
55b6436d by security tracker role at 2023-03-30T08:10:17+00:00
automatic update
- - - - -
d6cb1cf6 by Chris Lamb at 2023-03-30T09:52:15+01:00
Triage CVE-2023-28862 in lemonldap-ng for buster LTS.
- - - - -
f5af24b3 by Chris Lamb at 2023-03-30T09:52:49+01:00
Triage CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466 in openssl for buster LTS.
- - - - -
5229c1d3 by Chris Lamb at 2023-03-30T09:53:12+01:00
Triage CVE-2023-25809 in runc for buster LTS.
- - - - -
7466475e by Chris Lamb at 2023-03-30T09:55:27+01:00
data/dla-needed.txt: Triage musescore for buster LTS (CVE-2023-26923)
- - - - -
53ed6df0 by Salvatore Bonaccorso at 2023-03-30T12:44:44+02:00
Process NFUs
- - - - -
ab60b94d by Adrian Bunk at 2023-03-30T14:41:10+03:00
hotspot is buster is not affected by CVE-2023-28144
- - - - -
a995b4c7 by Salvatore Bonaccorso at 2023-03-30T13:57:14+02:00
Mark CVE-2019-11939 as NFU:
Link: https://bugs.debian.org/988948#37
- - - - -
ab32e2bb by Adrian Bunk at 2023-03-30T15:40:30+03:00
CVE-2023-26923 is not in musescore/buster or musescore2 and Windows-only in musescore3
- - - - -
94063126 by Bastien Roucariès at 2023-03-30T15:52:06+00:00
Erlang : ask for using the VCS
- - - - -
55851823 by Bastien Roucariès at 2023-03-30T16:05:46+00:00
Claim apache2
- - - - -
a8127e66 by Helmut Grohne at 2023-03-30T19:08:19+02:00
reserve DLA-3193-2 for joblib
- - - - -
31f87460 by Bastien Roucariès at 2023-03-30T17:23:05+00:00
Reserve DLA-3373-1 for json-smart
- - - - -
d1fb3ac0 by Stefano Rivera at 2023-03-30T14:50:55-04:00
wheel vendors python-packaging
- - - - -
ab216a9d by Salvatore Bonaccorso at 2023-03-30T21:24:30+02:00
Update information for CVE-2023-26923
- - - - -
9579b0bd by Salvatore Bonaccorso at 2023-03-30T21:35:46+02:00
Add some CVEs for intellij-idea, itp'ed
- - - - -
ae41cf24 by Salvatore Bonaccorso at 2023-03-30T21:59:00+02:00
Add CVE-2023-28428/ippsample
- - - - -
040fc5cf by Salvatore Bonaccorso at 2023-03-30T22:02:20+02:00
Process some NFUs
- - - - -
c9e154d7 by Salvatore Bonaccorso at 2023-03-30T22:04:31+02:00
Add CVE-2023-2611{6,7,8}/angular.js
- - - - -
a0e0a4df by security tracker role at 2023-03-30T20:10:32+00:00
automatic update
- - - - -
f8f8cd09 by Salvatore Bonaccorso at 2023-03-30T22:16:05+02:00
Add CVE-2023-2581{7,8}/nextcloud-server
- - - - -
65f7b865 by Salvatore Bonaccorso at 2023-03-30T22:16:06+02:00
Add CVE-2023-24180/libelfin
- - - - -
cb18b359 by Salvatore Bonaccorso at 2023-03-30T22:16:08+02:00
Add CVE-2023-22288/check-mk
- - - - -
2493a6e9 by Salvatore Bonaccorso at 2023-03-30T22:16:09+02:00
Add CVE-2023-2086{0,1}/libspring-java
- - - - -
55e19e8a by Salvatore Bonaccorso at 2023-03-30T22:16:11+02:00
Add CVE-2022-443{68,69,70}/nasm
- - - - -
e78ea0ae by Salvatore Bonaccorso at 2023-03-30T22:18:40+02:00
Process two NFUs
- - - - -
4c38b786 by Salvatore Bonaccorso at 2023-03-30T22:36:12+02:00
Add CVE-2022-3116/heimdal
- - - - -
9c4f9ad8 by Salvatore Bonaccorso at 2023-03-30T22:42:57+02:00
Add CVE-2022-42432/linux
- - - - -
e88d88c0 by Thorsten Alteholz at 2023-03-30T23:17:06+02:00
Reserve DLA-3374-1 for libmicrohttpd
- - - - -
d35cd493 by Moritz Mühlenhoff at 2023-03-31T00:14:17+02:00
joblib spu
- - - - -
7682a6eb by Salvatore Bonaccorso at 2023-03-31T05:51:41+02:00
Add CVE-2023-1436/libjettison-java
- - - - -
e46a9a68 by Salvatore Bonaccorso at 2023-03-31T06:40:41+02:00
Process NFUs
- - - - -
9a2d1f70 by Salvatore Bonaccorso at 2023-03-31T06:41:21+02:00
Process some new CVEs for nextcloud-server
- - - - -
65e2e24b by Salvatore Bonaccorso at 2023-03-31T06:46:45+02:00
Add CVE-2023-25076/sniproxy
- - - - -
9278dc74 by security tracker role at 2023-03-31T08:10:13+00:00
automatic update
- - - - -
1d1e5905 by Salvatore Bonaccorso at 2023-03-31T10:30:31+02:00
Process some NFUs
- - - - -
ba4360cf by Chris Lamb at 2023-03-31T09:39:35+01:00
dla-needed.txt: Update note for xrdp.
- - - - -
8011d8bf by Chris Lamb at 2023-03-31T09:41:38+01:00
Add extra commit info for CVE-2022-23481 and CVE-2022-23482 in xrdp.
- - - - -
83fdde7a by Chris Lamb at 2023-03-31T09:43:20+01:00
data/dla-needed.txt: Claim xrdp.
- - - - -
1c97846a by Chris Lamb at 2023-03-31T12:53:30+01:00
Reserve DLA-3375-1 for xrdp
- - - - -
8a719f85 by Chris Lamb at 2023-03-31T13:43:20+01:00
Correct version number for DLA-3375-1/xrdp.
- - - - -
06325b90 by Salvatore Bonaccorso at 2023-03-31T18:11:55+02:00
Mark CVE-2023-24180 as no-dsa
- - - - -
471308e9 by Salvatore Bonaccorso at 2023-03-31T18:16:17+02:00
Add Debian bug reference for CVE-2023-24180
- - - - -
7c6864e7 by Salvatore Bonaccorso at 2023-03-31T20:41:45+02:00
Add Debian bug reference for CVE-2023-25076/sniproxy
- - - - -
747c78a1 by Salvatore Bonaccorso at 2023-03-31T20:55:07+02:00
Add Debian bug reference for CVE-2023-28858
- - - - -
8edcbc93 by Salvatore Bonaccorso at 2023-03-31T20:55:59+02:00
Add Debian bug reference for CVE-2023-28119
- - - - -
3fb2da45 by Salvatore Bonaccorso at 2023-03-31T21:08:18+02:00
Add Debian bug reference for CVE-2023-1161/wireshark
- - - - -
475ff88a by Salvatore Bonaccorso at 2023-03-31T21:09:32+02:00
Add CVE-2022-3116/heimdal
- - - - -
cb170896 by Salvatore Bonaccorso at 2023-03-31T21:15:12+02:00
Add CVE-2023-28879/ghostscript
- - - - -
32f4b363 by Salvatore Bonaccorso at 2023-03-31T21:16:20+02:00
Add ghostscript to dsa-needed list
- - - - -
0c685b94 by Salvatore Bonaccorso at 2023-03-31T21:23:34+02:00
Add Debian bug reference for CVE-2023-28879/ghostscript
- - - - -
6e99681b by Salvatore Bonaccorso at 2023-03-31T21:30:00+02:00
Add additional followup changes reference for CVE-2023-28879
- - - - -
de9e9f62 by Anton Gladky at 2023-03-31T21:36:03+02:00
Mark CVE-2019-6245 and CVE-2019-6247 as fixed in 1.3.0+dfsg1-5
- - - - -
6feb617f by Anton Gladky at 2023-03-31T21:37:10+02:00
Reserve DLA-3376-1 for svgpp
- - - - -
42df1638 by security tracker role at 2023-03-31T20:10:50+00:00
automatic update
- - - - -
330c242e by Adrian Bunk at 2023-03-31T23:53:47+03:00
Reserve DLA-3377-1 for systemd
- - - - -
2f24539e by Salvatore Bonaccorso at 2023-03-31T23:21:43+02:00
Process new CVEs for mattermost
- - - - -
2e2f288f by Salvatore Bonaccorso at 2023-03-31T23:22:12+02:00
Process NFUs
- - - - -
1c96651f by Salvatore Bonaccorso at 2023-03-31T23:23:10+02:00
Revert "Mark CVE-2019-6245 and CVE-2019-6247 as fixed in 1.3.0+dfsg1-5"
This reverts commit de9e9f62f0570a51ec50f6c799d1e3981cede0c7.
See the CVE notes and ed43841f38719e4bc2339a4b3daf89f5bf9b47a7 .
- - - - -
3865ec39 by Thorsten Alteholz at 2023-04-01T01:07:01+02:00
Reserve DLA-3378-1 for duktape
- - - - -
5b5ecb69 by Salvatore Bonaccorso at 2023-04-01T09:14:36+02:00
Try to clarify note for CVE-2023-28879
- - - - -
536a34ad by Salvatore Bonaccorso at 2023-04-01T10:00:02+02:00
Add CVE-2023-29132/irssi
- - - - -
62e27d90 by security tracker role at 2023-04-01T08:10:18+00:00
automatic update
- - - - -
587cb6ff by Salvatore Bonaccorso at 2023-04-01T10:22:39+02:00
Update information for CVE-2023-29132/irssi
- - - - -
9eb31a69 by Salvatore Bonaccorso at 2023-04-01T10:41:22+02:00
Add Debian bug reference for CVE-2023-29132/irssi
- - - - -
a962697e by Tobias Frost at 2023-04-01T10:47:53+02:00
Reserve DLA-3379-1 for intel-microcode
- - - - -
f3e37e6d by Salvatore Bonaccorso at 2023-04-01T11:07:22+02:00
Track fixed version for CVE-2023-28879/ghostscript via unstable
- - - - -
6b746486 by Chris Lamb at 2023-04-01T10:38:03+01:00
data/dla-needed.txt: Triage ghostscript for buster LTS (CVE-2023-28879)
- - - - -
28765360 by Chris Lamb at 2023-04-01T10:38:22+01:00
data/dla-needed.txt: Claim ghostscript.
- - - - -
6a4bb6ce by Chris Lamb at 2023-04-01T10:38:50+01:00
Triage CVE-2023-24180 in libelfin for buster LTS.
- - - - -
2bbfbd51 by Salvatore Bonaccorso at 2023-04-01T13:15:25+02:00
Track proposed libreoffice update via bullseye-pu
- - - - -
00181c67 by Salvatore Bonaccorso at 2023-04-01T13:18:16+02:00
Track proposed update for duktape via bullseye-pu
- - - - -
d72a419b by Salvatore Bonaccorso at 2023-04-01T13:29:37+02:00
Mark CVE-2022-36021 as no-dsa
- - - - -
c5cbadd2 by Salvatore Bonaccorso at 2023-04-01T13:38:09+02:00
Add new set of nvidia-graphics-drivers issues
- - - - -
b74b4a36 by Salvatore Bonaccorso at 2023-04-01T13:46:13+02:00
Add tracking entries for nvidia-graphics-drivers-legacy-340xx
- - - - -
27023226 by Salvatore Bonaccorso at 2023-04-01T13:48:57+02:00
Add tracking entries for nvidia-graphics-drivers-legacy-390xx
- - - - -
9ea793ba by Salvatore Bonaccorso at 2023-04-01T13:52:22+02:00
Add tracking items for nvidia-graphics-drivers-tesla-418
- - - - -
d44d595d by Salvatore Bonaccorso at 2023-04-01T13:54:46+02:00
Track CVE entries for nvidia-graphics-drivers-tesla-450
- - - - -
935455d6 by Salvatore Bonaccorso at 2023-04-01T14:00:17+02:00
Add tracking entries for nvidia-graphics-drivers-tesla-460
- - - - -
d24d7f65 by Salvatore Bonaccorso at 2023-04-01T14:03:07+02:00
Add tracking items for nvidia-graphics-drivers-tesla-470
- - - - -
1763fe91 by Salvatore Bonaccorso at 2023-04-01T14:09:06+02:00
Add tracking items for nvidia-graphics-drivers-tesla
- - - - -
0968b9f6 by Salvatore Bonaccorso at 2023-04-01T14:11:07+02:00
Track new nvidia-open-gpu-kernel-modules CVEs
- - - - -
28c0f5e8 by Tobias Frost at 2023-04-01T16:05:16+02:00
Reserve DLA-3380-1 for firmware-nonfree
- - - - -
a5be1bd9 by Salvatore Bonaccorso at 2023-04-01T16:33:55+02:00
Process CVE-2023-26269 as NFU
- - - - -
d5c39034 by security tracker role at 2023-04-01T20:10:18+00:00
automatic update
- - - - -
3c52a5c3 by Salvatore Bonaccorso at 2023-04-02T09:57:44+02:00
Process some NFUs
- - - - -
2b191418 by Salvatore Bonaccorso at 2023-04-02T09:58:24+02:00
Add CVE-2023-29141/mediawiki
- - - - -
9b2a1878 by Salvatore Bonaccorso at 2023-04-02T10:00:04+02:00
Add CVE-2023-28844/nextcloud-server
- - - - -
edb2de50 by security tracker role at 2023-04-02T08:10:19+00:00
automatic update
- - - - -
81e98ea5 by Salvatore Bonaccorso at 2023-04-02T15:22:25+02:00
Process some NFUs
- - - - -
60922111 by Salvatore Bonaccorso at 2023-04-02T20:54:49+02:00
Update information for CVE-2023-1436/libjettison-java
- - - - -
5fa2fd14 by Salvatore Bonaccorso at 2023-04-02T20:57:54+02:00
Mark CVE-2023-1436 as no-dsa for bullseye
- - - - -
348d29f4 by Salvatore Bonaccorso at 2023-04-02T21:04:17+02:00
Add Debian bug reference for CVE-2023-1436/libjettison-java
- - - - -
ba89b8ab by Salvatore Bonaccorso at 2023-04-02T21:07:32+02:00
Add Debian bug reference for CVE-2023-28144/hotspot
- - - - -
9bfebfd9 by Salvatore Bonaccorso at 2023-04-02T21:09:34+02:00
Add CVE-2023-27025 as NFU
- - - - -
8fdb192b by Salvatore Bonaccorso at 2023-04-02T21:20:11+02:00
Add CVE-2023-28755/ruby
- - - - -
c366f7cf by Salvatore Bonaccorso at 2023-04-02T21:25:34+02:00
Add CVE-2023-28756/ruby
- - - - -
8e8126b9 by security tracker role at 2023-04-02T20:10:28+00:00
automatic update
- - - - -
3b248745 by Anton Gladky at 2023-04-03T07:31:51+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
d8677d76 by Abhijith PA at 2023-04-03T11:28:26+05:30
data/dla-needed.txt: update consul note
- - - - -
86127df1 by Salvatore Bonaccorso at 2023-04-03T08:50:05+02:00
Process NFUs
- - - - -
aca8833b by security tracker role at 2023-04-03T08:10:15+00:00
automatic update
- - - - -
f7ec6111 by Salvatore Bonaccorso at 2023-04-03T11:04:49+02:00
Process some NFUs
- - - - -
eb47fb5f by Chris Lamb at 2023-04-03T11:06:33+01:00
dla-needed.txt: Updated note for ruby-loofah.
- - - - -
285112bc by Sylvain Beucler at 2023-04-03T14:54:11+02:00
CVE-2023-*/nvidia-graphics-drivers-legacy-340xx: buster ignored
- - - - -
d1e87dd7 by Sylvain Beucler at 2023-04-03T15:22:45+02:00
dla: add jruby
- - - - -
01521ba5 by Salvatore Bonaccorso at 2023-04-03T16:42:18+02:00
Clarify that the additional hardening for CVE-2023-28879 should not be applied to older versions
- - - - -
8a4d78dd by Sylvain Beucler at 2023-04-03T17:15:32+02:00
CVE-2023-0836/haproxy: buster not-affected
- - - - -
cf39b23b by Sylvain Beucler at 2023-04-03T17:33:43+02:00
CVE-2023-1436/libjettison-java: buster postponed
- - - - -
7071cbce by Daniel Leidert at 2023-04-03T17:47:38+02:00
Re-claim
The package is prepared and waiting for ruby-rails-html-sanitizer to be prepared,
which utkarsh announced to be doing.
- - - - -
d3f3e9f7 by Salvatore Bonaccorso at 2023-04-03T19:17:23+02:00
Track fixed version for xen issues fixed via unstable
- - - - -
f3a2f25e by Salvatore Bonaccorso at 2023-04-03T19:19:30+02:00
Add upstream tag information for CVE-2022-1996
- - - - -
fff04cb5 by Salvatore Bonaccorso at 2023-04-03T19:20:27+02:00
Track fixed version for CVE-2022-1996/golang-github-emicklei-go-restful
- - - - -
b921f844 by Sylvain Beucler at 2023-04-03T19:53:38+02:00
CVE-2023-1436/libjettison-java: reference introductory commit
- - - - -
705ca49b by Sylvain Beucler at 2023-04-03T20:14:08+02:00
TEMP-0000000-3A226A/rust-remove-dir-all: buster postponed
- - - - -
e01db48d by Salvatore Bonaccorso at 2023-04-03T21:41:50+02:00
Process several NFUs
- - - - -
68e5a186 by Salvatore Bonaccorso at 2023-04-03T21:53:07+02:00
Add CVE-2022-4899/libzstd
- - - - -
3f84fd6f by security tracker role at 2023-04-03T20:10:34+00:00
automatic update
- - - - -
780ed588 by Salvatore Bonaccorso at 2023-04-03T22:23:32+02:00
Process some NFUs
- - - - -
0a9fb734 by Salvatore Bonaccorso at 2023-04-03T22:30:40+02:00
Process some NFUs
- - - - -
11cfbd99 by Salvatore Bonaccorso at 2023-04-03T22:34:42+02:00
Add CVE-2023-28834/nextcloud-server, itp'ed
- - - - -
bf5d5561 by Salvatore Bonaccorso at 2023-04-03T22:35:48+02:00
Add CVE-2023-28625/libapache2-mod-auth-openidc
- - - - -
e17ffc9e by Salvatore Bonaccorso at 2023-04-03T22:51:23+02:00
Add Debian bug reference for CVE-2023-28625
- - - - -
173ef561 by Sylvain Beucler at 2023-04-04T08:39:01+02:00
CVE-2023-24532/golang-1.11: buster postponed
- - - - -
2bdabe39 by Moritz Muehlenhoff at 2023-04-04T08:58:25+02:00
new smarty issue
- - - - -
378f4a3a by security tracker role at 2023-04-04T08:10:16+00:00
automatic update
- - - - -
b4c5b40b by Salvatore Bonaccorso at 2023-04-04T10:54:06+02:00
Process one NFU
- - - - -
17787b69 by Helmut Grohne at 2023-04-04T10:58:36+02:00
claim protobuf DLA
- - - - -
6945dd63 by Moritz Muehlenhoff at 2023-04-04T12:00:34+02:00
add mediawiki reference
- - - - -
05a875a8 by Moritz Muehlenhoff at 2023-04-04T12:48:47+02:00
NFUs
- - - - -
2faf7a2a by Salvatore Bonaccorso at 2023-04-04T13:45:45+02:00
Add CVE-2023-26437/pdns-recursor
- - - - -
caeeac2c by Chris Lamb at 2023-04-04T17:17:27+01:00
Reserve DLA-3381-1 for ghostscript
- - - - -
0572e951 by Sylvain Beucler at 2023-04-04T19:59:46+02:00
dla: add libapache2-mod-auth-openidc
- - - - -
60f07ef4 by Sylvain Beucler at 2023-04-04T20:16:14+02:00
dla: salt is now sponsored
- - - - -
2feba5f6 by Sylvain Beucler at 2023-04-04T20:26:14+02:00
dla: add udisks2
- - - - -
cf310014 by Salvatore Bonaccorso at 2023-04-04T20:33:23+02:00
Directly reference upstream commits for CVE-2023-28447
- - - - -
02339e2e by Sylvain Beucler at 2023-04-04T20:34:38+02:00
dla: libapache2-mod-auth-openidc: one more CVE to fix
- - - - -
d2caf3e4 by Sylvain Beucler at 2023-04-04T20:44:09+02:00
dla: add grunt
- - - - -
71277a22 by Sylvain Beucler at 2023-04-04T20:50:53+02:00
dla: add keepalived
- - - - -
c32b94b3 by Salvatore Bonaccorso at 2023-04-04T21:09:47+02:00
Add CVE-2023-24537/go
- - - - -
e9694ada by Salvatore Bonaccorso at 2023-04-04T21:13:56+02:00
Add as well tracking for golang 1.15 and 1.11 for CVE-2023-24537
- - - - -
fe780cf9 by Salvatore Bonaccorso at 2023-04-04T21:19:46+02:00
Add CVE-2023-24538/go
- - - - -
426d85e0 by Salvatore Bonaccorso at 2023-04-04T21:28:52+02:00
Add CVE-2023-24534/go
- - - - -
45e3e761 by Salvatore Bonaccorso at 2023-04-04T21:36:41+02:00
Add CVE-2023-24536/go
- - - - -
c442101f by security tracker role at 2023-04-04T20:10:30+00:00
automatic update
- - - - -
53ba671a by Salvatore Bonaccorso at 2023-04-04T22:21:42+02:00
Process one NFU
- - - - -
1dd4192f by Salvatore Bonaccorso at 2023-04-04T22:29:06+02:00
Process some NFUs
- - - - -
69557513 by Salvatore Bonaccorso at 2023-04-04T22:29:49+02:00
Process some new nextcloud-desktop issues
- - - - -
560e92f2 by Salvatore Bonaccorso at 2023-04-04T22:34:42+02:00
Process some NFUs
- - - - -
7b85aa07 by Salvatore Bonaccorso at 2023-04-04T22:36:18+02:00
Add new envoyproxy issues, itp'ed
- - - - -
0d35c1d5 by Salvatore Bonaccorso at 2023-04-04T22:37:14+02:00
Add CVE-2023-26991/swftools
- - - - -
e0c2220f by Salvatore Bonaccorso at 2023-04-04T22:39:08+02:00
Process CVE-2023-20941 as NFU
- - - - -
02b23786 by Markus Koschany at 2023-04-04T22:41:50+02:00
CVE-2022-41981,openimageio: Link to fixing commits
We also have to backport the safe_strlen function in order to fix this issue.
- - - - -
3b0b9efa by Markus Koschany at 2023-04-04T23:21:58+02:00
CVE-2022-43593,openimageio: Link to fixing commit
- - - - -
b9b6f1a3 by Markus Koschany at 2023-04-04T23:59:08+02:00
CVE-2022-43602,openimageio: Link to fixing commit
- - - - -
c69291f9 by Markus Koschany at 2023-04-05T00:01:28+02:00
Claim openimageio in dsa-needed.txt
- - - - -
cdf76f76 by Markus Koschany at 2023-04-05T00:52:38+02:00
Reserve DLA-3382-1 for openimageio
- - - - -
e5b0afee by Markus Koschany at 2023-04-05T02:05:37+02:00
Claim trafficserver in dla-needed.txt
- - - - -
4c54889c by Markus Koschany at 2023-04-05T02:07:36+02:00
Claim keepalived in dla-needed.txt
- - - - -
f34ca38b by Salvatore Bonaccorso at 2023-04-05T07:42:37+02:00
Replace name with uid
- - - - -
7dd22273 by Salvatore Bonaccorso at 2023-04-05T07:47:04+02:00
CVE-2022-41981 reference the merged commit in the repository
- - - - -
a2c6b350 by Salvatore Bonaccorso at 2023-04-05T08:02:06+02:00
Add Debian bug references for smarty issues
- - - - -
6aafaf2b by Salvatore Bonaccorso at 2023-04-05T09:47:03+02:00
Add CVE-2023-1838/linux
- - - - -
09dbcfe3 by security tracker role at 2023-04-05T08:10:17+00:00
automatic update
- - - - -
57c0b23b by Moritz Mühlenhoff at 2023-04-05T10:12:26+02:00
NFUs
- - - - -
e45b4df6 by Salvatore Bonaccorso at 2023-04-05T10:27:01+02:00
Process some NFUs
- - - - -
1649353b by Salvatore Bonaccorso at 2023-04-05T10:29:21+02:00
Add chromium to dsa-needed list
- - - - -
66b45845 by Salvatore Bonaccorso at 2023-04-05T10:31:46+02:00
Add new chromium issues
- - - - -
63ab8d74 by Salvatore Bonaccorso at 2023-04-05T10:32:48+02:00
Track fixed version for chromium CVEs fixed via unstable
- - - - -
3839c34d by Chris Lamb at 2023-04-05T10:03:54+01:00
data/dla-needed.txt: Claim grunt.
- - - - -
ca3f5556 by Sylvain Beucler at 2023-04-05T12:53:29+02:00
dla: php-cas: clarification
- - - - -
6d9ed3ea by Moritz Mühlenhoff at 2023-04-05T18:01:55+02:00
NFUs
- - - - -
989ac170 by Markus Koschany at 2023-04-05T18:28:24+02:00
CVE-2022-45143,tomcat9: buster is not affected
- - - - -
e36a2bd6 by Chris Lamb at 2023-04-05T18:06:31+01:00
Reserve DLA-3383-1 for grunt
- - - - -
8a6c651b by Moritz Mühlenhoff at 2023-04-05T19:17:31+02:00
new opensmtpd issue
- - - - -
9a78684a by Tobias Frost at 2023-04-05T19:25:00+02:00
LTS: claim udisks2 in dla-needed.txt
- - - - -
9d1461ca by Scarlett Moore at 2023-04-05T10:51:21-07:00
Claim ruby-rack ( with utkarsh as mentor )
- - - - -
0040624c by Sylvain Beucler at 2023-04-05T20:03:01+02:00
dla: re-add grunt
- - - - -
d98084e9 by Salvatore Bonaccorso at 2023-04-05T20:56:55+02:00
Mark cgimer as removed from the archive
- - - - -
79eeb566 by Salvatore Bonaccorso at 2023-04-05T20:58:12+02:00
Mark cgminer as removed from all supported suites
- - - - -
91e03c81 by Salvatore Bonaccorso at 2023-04-05T21:14:55+02:00
Remove unrelated URL from CVE-2023-20941
- - - - -
743234c3 by Markus Koschany at 2023-04-05T21:42:21+02:00
Reserve DLA-3384-1 for tomcat9
- - - - -
baa5071f by Markus Koschany at 2023-04-05T21:50:16+02:00
Reserve DSA-5381-1 for tomcat9
- - - - -
437b70e9 by Salvatore Bonaccorso at 2023-04-05T22:07:29+02:00
Reserve DSA number for cairosvg update
- - - - -
f0315a05 by security tracker role at 2023-04-05T20:10:29+00:00
automatic update
- - - - -
60d8e1d8 by Salvatore Bonaccorso at 2023-04-05T22:14:15+02:00
Process some NFUs
- - - - -
af947b0a by Salvatore Bonaccorso at 2023-04-05T22:15:22+02:00
Remove notes for CVE-2023-1103
The CVE was rejected as it is a duplicate of CVE-2022-4821.
- - - - -
6ddd284f by Salvatore Bonaccorso at 2023-04-05T22:18:53+02:00
Remove notes for CVE-2023-25587 and CVE-2023-22608
Withdrawn as they were no security issues.
- - - - -
18a68156 by Moritz Mühlenhoff at 2023-04-05T22:21:38+02:00
fix reference
- - - - -
89139661 by Salvatore Bonaccorso at 2023-04-05T22:28:46+02:00
Process some NFUs
- - - - -
eb2b6397 by Salvatore Bonaccorso at 2023-04-05T22:40:53+02:00
Reserve DSA number for ghostscript update
- - - - -
a640576c by Salvatore Bonaccorso at 2023-04-05T22:59:42+02:00
Process some NFUs
- - - - -
37314e97 by Markus Koschany at 2023-04-05T23:58:12+02:00
Reserve DLA-3385-1 for trafficserver
- - - - -
ee3e090a by Salvatore Bonaccorso at 2023-04-06T06:37:41+02:00
Track fixed version for CVE-2023-26437/pdns-recursor
- - - - -
7b882291 by Salvatore Bonaccorso at 2023-04-06T06:45:47+02:00
Add initial tracking for CVE-2023-2884{0,1,2}/docker.io
- - - - -
d2557726 by Salvatore Bonaccorso at 2023-04-06T08:47:02+02:00
Add CVE-2023-1855/linux
- - - - -
7994cad3 by Salvatore Bonaccorso at 2023-04-06T08:51:28+02:00
Add CVE-2023-1859/linux
- - - - -
128bae81 by Salvatore Bonaccorso at 2023-04-06T08:59:30+02:00
Add CVE-2023-26916/libyang2
- - - - -
b637c6c6 by Salvatore Bonaccorso at 2023-04-06T09:02:47+02:00
Add CVE-2023-27493/envoyproxy
- - - - -
49feb6a6 by Salvatore Bonaccorso at 2023-04-06T09:03:42+02:00
Add CVE-2023-27496/envoyproxy
- - - - -
a50733c5 by security tracker role at 2023-04-06T08:10:20+00:00
automatic update
- - - - -
1f4b0602 by Chris Lamb at 2023-04-06T09:28:29+01:00
data/dla-needed.txt: Claim grunt.
- - - - -
ba4db50f by Salvatore Bonaccorso at 2023-04-06T10:33:16+02:00
Add CVE-2023-29421/bzip3
- - - - -
3203b758 by Markus Koschany at 2023-04-06T10:34:55+02:00
LTS: add openimageio to dla-needed.txt
- - - - -
32c7162b by Markus Koschany at 2023-04-06T10:34:55+02:00
Readd openimageio to dla-needed.txt
There are still four open CVE. The initial patch was incomplete and caused
regressions. Let's investigate this further.
- - - - -
58490eb5 by Salvatore Bonaccorso at 2023-04-06T10:37:47+02:00
Add three more bzip3 issues: CVE-2023-294{18,19,20}
- - - - -
a3a28eec by Salvatore Bonaccorso at 2023-04-06T10:57:37+02:00
Add CVE-2023-2941{5,6,,7}/bzip3
- - - - -
05804264 by Salvatore Bonaccorso at 2023-04-06T11:38:52+02:00
Track fixes for nvidia-graphics-drivers-tesla-450 via unstable
- - - - -
a71638a8 by Chris Lamb at 2023-04-06T10:42:40+01:00
Reserve DLA-3386-1 for grunt
- - - - -
8f6c6e61 by Helmut Grohne at 2023-04-06T12:46:24+02:00
identify actual fixes for two protobuf issues
- - - - -
836324fa by Moritz Mühlenhoff at 2023-04-06T13:13:45+02:00
new rust-spin issue
- - - - -
bd929e22 by Sylvain Beucler at 2023-04-06T13:15:52+02:00
CVE-2023-24536: tidy version tag
- - - - -
472cc4fb by Sylvain Beucler at 2023-04-06T13:15:54+02:00
CVE-2023-24537/golang-1.*: reference introductory commit
- - - - -
2366a70a by Moritz Mühlenhoff at 2023-04-06T17:42:29+02:00
new ruby-sidekiq issue
- - - - -
a2de236c by Moritz Mühlenhoff at 2023-04-06T17:44:58+02:00
NFUs
- - - - -
200ce118 by Moritz Mühlenhoff at 2023-04-06T17:54:53+02:00
new gitlab issues
- - - - -
6f516959 by Moritz Mühlenhoff at 2023-04-06T17:57:16+02:00
new glpi issues
- - - - -
d234d764 by Moritz Mühlenhoff at 2023-04-06T17:59:18+02:00
nomad n/a
- - - - -
55fde9fb by Moritz Mühlenhoff at 2023-04-06T18:10:27+02:00
NFUs
- - - - -
ea605466 by Moritz Mühlenhoff at 2023-04-06T18:21:01+02:00
new gitlab issues
- - - - -
471d0162 by Moritz Mühlenhoff at 2023-04-06T18:25:11+02:00
NFUs
- - - - -
c55c4975 by Moritz Mühlenhoff at 2023-04-06T18:55:10+02:00
nvidia-graphics-drivers-tesla-450, unbound spus
- - - - -
7b32eb56 by Salvatore Bonaccorso at 2023-04-06T21:24:22+02:00
Update reference for CVE-2022-1941
- - - - -
43dd0a3e by Salvatore Bonaccorso at 2023-04-06T21:25:35+02:00
Expand reference for CVE-2021-22570
- - - - -
8f1e785e by Salvatore Bonaccorso at 2023-04-06T21:30:53+02:00
Reference upstream tag information for CVE-2023-1892
- - - - -
3808c9b7 by Salvatore Bonaccorso at 2023-04-06T21:35:47+02:00
Update information for CVE-2023-1892/ruby-sidekiq
- - - - -
79154c9f by Salvatore Bonaccorso at 2023-04-06T21:38:49+02:00
Make some some older glpi entries consistent with unimportant severity
Fundamentally this is not a real problem, as glpi is not supported in
any suite tracked by the security-tracker, it is only a comsmetic and
consistency change.
- - - - -
3bc9f7a8 by security tracker role at 2023-04-06T20:10:33+00:00
automatic update
- - - - -
3de7ceb0 by Salvatore Bonaccorso at 2023-04-06T22:25:23+02:00
Process one NFU
- - - - -
0824c4ce by Salvatore Bonaccorso at 2023-04-06T22:37:46+02:00
Process NFUs
- - - - -
63f2eb1e by Salvatore Bonaccorso at 2023-04-06T22:41:49+02:00
Add CVE-2023-26112/configobj
- - - - -
42e7ae22 by Salvatore Bonaccorso at 2023-04-06T23:13:32+02:00
Drop apache2 from dsa-needed for regression update
Will be handled via bullseye-pu update.
- - - - -
efaba166 by Salvatore Bonaccorso at 2023-04-07T07:53:51+02:00
Add CVE-2023-1668/openvswitch
- - - - -
63480761 by Salvatore Bonaccorso at 2023-04-07T08:03:27+02:00
Add CVE-2023-1916/tiff
- - - - -
dbeb461f by Salvatore Bonaccorso at 2023-04-07T09:05:57+02:00
Process one NFU
- - - - -
0c1e73ce by Salvatore Bonaccorso at 2023-04-07T09:06:54+02:00
Add Debian bug reference for CVE-2023-1668/openvswitch
- - - - -
236194d3 by Salvatore Bonaccorso at 2023-04-07T09:07:27+02:00
Add CVE-2023-1579/binutils
- - - - -
4de4b811 by Salvatore Bonaccorso at 2023-04-07T09:18:57+02:00
Add CVE-2023-0842/node-xml2js
- - - - -
6603d50e by Salvatore Bonaccorso at 2023-04-07T09:19:48+02:00
Process several NFUs
- - - - -
2d04d8fc by Salvatore Bonaccorso at 2023-04-07T09:27:44+02:00
Remove notes from CVE-2023-1648
- - - - -
9e8d5dfc by security tracker role at 2023-04-07T08:10:27+00:00
automatic update
- - - - -
49992412 by Sylvain Beucler at 2023-04-07T20:55:10+02:00
CVE-2022-4899/libzstd: buster not-affected
- - - - -
1dd085d6 by Sylvain Beucler at 2023-04-07T21:06:04+02:00
CVE-2023-28858/redis-py: buster not-affected
- - - - -
f351f69b by Sylvain Beucler at 2023-04-07T22:06:03+02:00
CVE-2023-24813/php-dompdf: buster not-affected
- - - - -
6e9250f4 by security tracker role at 2023-04-07T20:10:17+00:00
automatic update
- - - - -
3af32118 by Salvatore Bonaccorso at 2023-04-07T22:21:12+02:00
Process some NFUs
- - - - -
5050da30 by Sylvain Beucler at 2023-04-07T22:29:46+02:00
CVE-2023-0842/node-xml2js: reference upstream issue
- - - - -
6f234607 by Tobias Frost at 2023-04-07T22:33:09+02:00
Reserve DLA-3387-1 for udisks2
- - - - -
f5e77644 by Salvatore Bonaccorso at 2023-04-07T22:37:53+02:00
Track fixed version for CVE-2023-2630{2,3}/markdown-it-py via unstable
- - - - -
cc98109d by Salvatore Bonaccorso at 2023-04-07T22:48:09+02:00
Process some NFUs
- - - - -
ab8871ad by Adrian Bunk at 2023-04-07T23:56:27+03:00
dla: take libapache2-mod-auth-openidc
- - - - -
8cb7a7fe by Tobias Frost at 2023-04-08T08:43:03+02:00
LTS: claim zabbix in dla-needed.txt
- - - - -
6d5ff59c by Salvatore Bonaccorso at 2023-04-08T09:25:31+02:00
Mark CVE-2022-4899/libzstd as no-dsa
- - - - -
d404af7d by Salvatore Bonaccorso at 2023-04-08T09:29:00+02:00
Add upstream tag information for CVE-2023-24813
- - - - -
90cc2474 by Salvatore Bonaccorso at 2023-04-08T09:30:06+02:00
Remove todo for CVE-2023-0842
- - - - -
26ed105b by security tracker role at 2023-04-08T08:10:19+00:00
automatic update
- - - - -
b7a3e42b by Salvatore Bonaccorso at 2023-04-08T11:35:13+02:00
Process NFUs
- - - - -
dc2597f7 by Salvatore Bonaccorso at 2023-04-08T11:35:50+02:00
Add CVE-2023-1801/tcpdump
- - - - -
0a68ee24 by Salvatore Bonaccorso at 2023-04-08T11:40:45+02:00
Add CVE-2023-24626/screen
- - - - -
0b4dd8b6 by Salvatore Bonaccorso at 2023-04-08T17:44:27+02:00
Track fixed version for linux CVEs fixed via unstable upload
- - - - -
396fbe06 by Sylvain Beucler at 2023-04-08T19:44:03+02:00
Typo
- - - - -
2807a546 by Sylvain Beucler at 2023-04-08T20:05:51+02:00
dla: add lldpd
- - - - -
48bea0c3 by Salvatore Bonaccorso at 2023-04-08T20:49:58+02:00
Track libpod fixes via bullseye-pu
Though choosed explicitly 3.0.1+dfsg1-3+deb11u2 as it got accepted,
shortly after superseeded with 3.0.1+dfsg1-3+deb11u3.
- - - - -
df7a740e by Salvatore Bonaccorso at 2023-04-08T21:34:17+02:00
Add Debian bug reference for CVE-2023-1801
- - - - -
d2c6ce1f by security tracker role at 2023-04-08T20:10:24+00:00
automatic update
- - - - -
fbce2f6c by Salvatore Bonaccorso at 2023-04-09T09:03:10+02:00
Update information for CVE-2023-1801
- - - - -
71f34042 by Salvatore Bonaccorso at 2023-04-09T09:09:40+02:00
Process some NFUs
- - - - -
abae5729 by security tracker role at 2023-04-09T08:10:17+00:00
automatic update
- - - - -
df0a35de by Tobias Frost at 2023-04-09T18:20:53+02:00
CVE-2022-23134 is not affecting buster and bullseye:
Upstream comment [1] in upstream ticket ZBX-20384:
4.0 and 5.0 branches were excluded because those were not affected by the
issue (the session data was not stored in cookies and therefore was not exposed
to users).
[1] https://support.zabbix.com/browse/ZBX-20384?focusedCommentId=648239&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-648239
- - - - -
f07b6284 by Tobias Frost at 2023-04-09T18:39:25+02:00
CVE-2022-24918 is not affecting buster.
The vulnerable code -- session handling by cookies -- is not present
in 4.0.x. (patch part [0])
Upstream says in issue [1]:
Affected versions Frontend (v. 5.0.0-5.0.20, 5.4.0-5.4.10, 6.0)
[0] https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/763ff68f0e5ddd1c84770059f2a634fd4577fcb5#frontends/php/include/func.inc.php
[1] https://support.zabbix.com/browse/ZBX-20680
- - - - -
1a03fca3 by Tobias Frost at 2023-04-09T19:11:24+02:00
Triage CVE-2019-17382 for buster: Same situation as for stretch/jessie, elaborate reason.
The problem is "sane-default", which affects only new installations, where a guest user
would be enabled by default. Later releases of zabbix changes that, but new installations
are kind of out of scope for LTS, I guess…
- - - - -
2931ba7d by Salvatore Bonaccorso at 2023-04-09T20:51:09+02:00
Update notes for CVE-2022-23134
- - - - -
a4ce929f by Salvatore Bonaccorso at 2023-04-09T21:17:36+02:00
Update information on CVE-2023-1194
- - - - -
beee3957 by Salvatore Bonaccorso at 2023-04-09T21:28:43+02:00
Add CVE-2023-24473 and CVE-2023-22845
- - - - -
428d3e62 by Salvatore Bonaccorso at 2023-04-09T21:30:49+02:00
Add CVE-2023-24472/openimageio
- - - - -
6c419249 by security tracker role at 2023-04-09T20:10:26+00:00
automatic update
- - - - -
4d7dfcec by Markus Koschany at 2023-04-09T22:51:43+02:00
CVE-2022-38143,openimageio: Bullseye is not affected.
- - - - -
9e1df939 by Salvatore Bonaccorso at 2023-04-10T08:02:00+02:00
Process NFUs
- - - - -
98709b0c by Salvatore Bonaccorso at 2023-04-10T09:36:12+02:00
Track fixed version for CVE-2021-21897/cloudcompare
- - - - -
5ffb4c6f by Salvatore Bonaccorso at 2023-04-10T09:38:15+02:00
Track fixed version for various nvidia-graphics-drivers-tesla-470 CVEs via unstable
- - - - -
cd236c59 by security tracker role at 2023-04-10T08:10:18+00:00
automatic update
- - - - -
4577bd1f by Salvatore Bonaccorso at 2023-04-10T10:15:18+02:00
Add CVE-2023-30456/linux
- - - - -
3fe4043d by Markus Koschany at 2023-04-10T11:11:54+02:00
Reserve DSA-5384-1 for openimageio
- - - - -
b8e7bfe8 by Salvatore Bonaccorso at 2023-04-10T11:30:38+02:00
external-check: Handle vendor entries with additional vendor security prefix
Additionally to the vendored entries addressed in d8b81d2818b3
("external-check: Handle vendor prefixed entries") some entries might be
of the form "UBUNTU:Ubuntu security $CVE", and the external check update
will bail out as:
[...]
<td>UBUNTU:Ubuntu Security CVE-2020-11935</td>
UBUNTU.list contains garbage (see above), aborting
Allow the expression to contain additionall an additional text beweend
the vendor prefix and the CVE. Maybe we should simply match anything
beween a opening HTML tag, the CVE and a closing tag, filtering out the
CVE as better solution.
The idea behind this change is to really poinpoint any vendor entry in
the respective source-$vendor.html list.
Link: https://lists.debian.org/debian-security-tracker/2023/04/msg00003.html
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
05c65f6b by Tobias Frost at 2023-04-10T11:37:50+02:00
Reserve DLA-3387-2 for udisks2
- - - - -
187cf038 by Salvatore Bonaccorso at 2023-04-10T09:58:49+00:00
Merge branch 'check-external-vendor-update' into 'master'
external-check: Handle vendor entries with additional vendor security prefix
See merge request security-tracker-team/security-tracker!130
- - - - -
101b5768 by Chris Lamb at 2023-04-10T11:47:12+01:00
data/dla-needed.txt: Claim lldpd.
- - - - -
ac65735a by Salvatore Bonaccorso at 2023-04-10T13:26:31+02:00
Track fixed version for golang-1.19 issues via unstable
- - - - -
52e91855 by Moritz Mühlenhoff at 2023-04-10T13:43:36+02:00
NFUs
- - - - -
98bbb895 by Salvatore Bonaccorso at 2023-04-10T14:00:58+02:00
Add fixed version via unstable for CVE-2022-25927
- - - - -
02cb1e76 by Salvatore Bonaccorso at 2023-04-10T14:10:29+02:00
Add references to upstream fix for CVE-2023-0842/node-xml2js
- - - - -
8f22923d by Moritz Muehlenhoff at 2023-04-10T14:16:43+02:00
NFUs
- - - - -
5af691c4 by Salvatore Bonaccorso at 2023-04-10T14:21:38+02:00
Add Debian bug reference for CVE-2023-0842/node-xml2js
- - - - -
818195f8 by Salvatore Bonaccorso at 2023-04-10T14:31:15+02:00
Add Debian bug references for CVE-2023-2447{2,3} and CVE-2023-22845
- - - - -
5b8dd88d by Salvatore Bonaccorso at 2023-04-10T14:34:08+02:00
Add Debian bug reference for CVE-2023-26112/configobj
- - - - -
d95861a6 by Salvatore Bonaccorso at 2023-04-10T14:38:39+02:00
Add Debian bug reference for CVE-2023-26916/libyang2
- - - - -
f4fe2b71 by Salvatore Bonaccorso at 2023-04-10T14:45:59+02:00
Add CVE-2022-36440/frr
- - - - -
b2d47ed6 by Moritz Muehlenhoff at 2023-04-10T14:54:33+02:00
new otrs issues
- - - - -
d1acaef6 by Moritz Muehlenhoff at 2023-04-10T14:56:45+02:00
new llvm non issue
- - - - -
eeb00eca by Salvatore Bonaccorso at 2023-04-10T14:57:26+02:00
Add Debian bug reference for CVE-2023-28428/ippsample
- - - - -
fd7db7e9 by Moritz Muehlenhoff at 2023-04-10T15:01:13+02:00
new netatalk issue
- - - - -
875ef7ef by Salvatore Bonaccorso at 2023-04-10T15:14:31+02:00
Adjust upstream commit reference according to pull request and commit for netatalk
- - - - -
903f9de3 by Salvatore Bonaccorso at 2023-04-10T15:15:35+02:00
Add commit reference for CVE-2022-45188
- - - - -
d37db5ed by Salvatore Bonaccorso at 2023-04-10T15:55:09+02:00
Add haproxy to dsa-needed list
- - - - -
30f8383b by Tobias Frost at 2023-04-10T16:04:12+02:00
CVE-2022-23132 is not affecting buster.
- - - - -
f5c1b989 by Salvatore Bonaccorso at 2023-04-10T16:27:14+02:00
Track nvidia-graphics-drivers fixes via bullseye-pu
- - - - -
cd9c051a by Salvatore Bonaccorso at 2023-04-10T16:29:10+02:00
Track nvidia-graphics-drivers-tesla-470 fixes via bullseye-pu
- - - - -
bf957a88 by Anton Gladky at 2023-04-10T16:39:45+02:00
LTS: WIP two packages
- - - - -
261cacf9 by Anton Gladky at 2023-04-10T16:40:41+02:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Anton Gladky <gladk at debian.org>
- - - - -
10a900d6 by Moritz Muehlenhoff at 2023-04-10T17:21:32+02:00
bookworm triage
- - - - -
53539005 by Tobias Frost at 2023-04-10T17:30:54+02:00
CVE-2022-40626/zabbix not affecting buster.
very likely introduced by commit https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/e4000620f1f427cc8df02914125b3b985ad797dc
resp. https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/56d8343c34c83ac727ab6250c7eb9e6d682b5b1c
- - - - -
e610a463 by Tobias Frost at 2023-04-10T17:34:46+02:00
ignore CVE-2022-43515/zabbix for buster, as it is ignored on all other releases as well.
- - - - -
ca530a19 by Tobias Frost at 2023-04-10T17:44:12+02:00
CVE-2022-46768/zabbix does not affect bullseye and buster, vulnerable feature introduced in 5.4.0 only.
Vulnerable feature ticket: https://support.zabbix.com/browse/ZBXNEXT-6478
- - - - -
480f3f17 by Moritz Muehlenhoff at 2023-04-10T17:50:51+02:00
new cmark-gfm issues
- - - - -
b7f29b3f by Moritz Muehlenhoff at 2023-04-10T18:16:57+02:00
bookworm triage
- - - - -
b0ebdd14 by Moritz Muehlenhoff at 2023-04-10T18:24:34+02:00
add one commit reference for bzip3
- - - - -
94342456 by Moritz Muehlenhoff at 2023-04-10T18:28:17+02:00
bugnums
- - - - -
1fe65e04 by Moritz Muehlenhoff at 2023-04-10T19:37:30+02:00
tiff non issue
- - - - -
c6e1434c by Moritz Muehlenhoff at 2023-04-10T19:51:03+02:00
bugnums
- - - - -
09a4835b by Moritz Muehlenhoff at 2023-04-10T19:51:48+02:00
guestfs-tools fixed
- - - - -
7c04442c by Moritz Muehlenhoff at 2023-04-10T19:53:01+02:00
bookworm triage
- - - - -
a2f46d09 by Markus Koschany at 2023-04-10T19:58:11+02:00
Reserve DLA-3388-1 for keepalived
- - - - -
3374acc4 by Markus Koschany at 2023-04-10T20:19:23+02:00
Claim curl in dla-needed.txt
- - - - -
6cb0bd4a by Guilhem Moulin at 2023-04-10T20:26:56+02:00
LTS: reclaim wordpress in dla-needed.txt
- - - - -
bf074276 by Salvatore Bonaccorso at 2023-04-10T20:38:22+02:00
Drop suffix dots
- - - - -
bc78bfa5 by Salvatore Bonaccorso at 2023-04-10T20:40:59+02:00
Add upstream tag information for upstream commits for CVE-2023-26485 and CVE-2023-24824
- - - - -
c65fb347 by Salvatore Bonaccorso at 2023-04-10T20:43:06+02:00
Add upstream tag information for CVE-2023-29415
- - - - -
71bb1652 by Salvatore Bonaccorso at 2023-04-10T21:01:17+02:00
Adjust metadata on experimental version for CVE-2023-27476/owslib
- - - - -
c2850496 by Salvatore Bonaccorso at 2023-04-10T21:01:55+02:00
Add upstream tag information for CVE-2023-27476
- - - - -
5fca3c35 by Salvatore Bonaccorso at 2023-04-10T21:03:12+02:00
Revert "Adjust metadata on experimental version for CVE-2023-27476/owslib"
This reverts commit 71bb1652b165e50da945157cae1d13b2b4457f4f.
0.28.1 upstream fixed the issue as well, we had already correct metadata
on this CVE.
- - - - -
d7a3dada by Salvatore Bonaccorso at 2023-04-10T21:07:18+02:00
Add additional information for CVE-2023-27476
- - - - -
79489b85 by Salvatore Bonaccorso at 2023-04-10T21:15:21+02:00
Track source-wise fixes for CVE-2023-1801 in experimental
- - - - -
e0ce7815 by Salvatore Bonaccorso at 2023-04-10T21:33:12+02:00
Process some NFUs
- - - - -
a89d4e16 by Salvatore Bonaccorso at 2023-04-10T21:33:38+02:00
Add new centreon-web issues, itp'ed
- - - - -
0494c337 by Salvatore Bonaccorso at 2023-04-10T21:34:15+02:00
Add new upx-ucl issues
Note for reviewers, the actuall unfixed status and the assessment on
severity needs still to be done.
- - - - -
4e61e940 by security tracker role at 2023-04-10T20:10:22+00:00
automatic update
- - - - -
78fecab7 by Salvatore Bonaccorso at 2023-04-11T09:27:54+02:00
Process NFUs
- - - - -
532c982b by Salvatore Bonaccorso at 2023-04-11T09:32:57+02:00
Process some more NFUs
- - - - -
2eff06c1 by security tracker role at 2023-04-11T08:10:18+00:00
automatic update
- - - - -
e180492a by Salvatore Bonaccorso at 2023-04-11T12:28:10+02:00
Process some NFUs
- - - - -
6c904e37 by Moritz Muehlenhoff at 2023-04-11T13:30:16+02:00
heat fixed in sid
- - - - -
56edb262 by Moritz Muehlenhoff at 2023-04-11T15:10:01+02:00
libpod fixed in sid
- - - - -
e18a76b3 by Daniel Leidert at 2023-04-11T16:23:15+02:00
Claim cairosvg
- - - - -
6db4c19a by Thorsten Alteholz at 2023-04-11T19:34:28+02:00
claim ring
- - - - -
8eca3fe5 by Salvatore Bonaccorso at 2023-04-11T20:39:30+02:00
Add src:firefox issues from mfsa2023-13
- - - - -
5a1cb8db by Salvatore Bonaccorso at 2023-04-11T20:47:07+02:00
Add src:firefox-esr issues from mfsa2023-14
- - - - -
c4c4a8e7 by Salvatore Bonaccorso at 2023-04-11T20:47:57+02:00
Correct assessment for CVE-2023-29542/firefox
- - - - -
d92f0e8a by Salvatore Bonaccorso at 2023-04-11T20:49:20+02:00
Assign firefox-esr and thunderbird to jmm
- - - - -
6a29c3c8 by Salvatore Bonaccorso at 2023-04-11T20:55:13+02:00
Add src:thunderbird issues from mfsa2023-15
- - - - -
37e77d38 by Salvatore Bonaccorso at 2023-04-11T20:57:29+02:00
Adjust some Firefox ESR related not-affected comments
- - - - -
eca34c3f by Salvatore Bonaccorso at 2023-04-11T21:53:32+02:00
Process some NFUs
- - - - -
76c74720 by Salvatore Bonaccorso at 2023-04-11T21:54:04+02:00
Add CVE-2023-29005/flask-appbuilder
- - - - -
e1c1bd39 by security tracker role at 2023-04-11T20:10:30+00:00
automatic update
- - - - -
85c3bf65 by Salvatore Bonaccorso at 2023-04-11T22:25:53+02:00
Add CVE-2023-25950/haproxy
- - - - -
35665d27 by Salvatore Bonaccorso at 2023-04-11T22:31:55+02:00
Process NFUs
- - - - -
771d8f9c by Salvatore Bonaccorso at 2023-04-12T06:19:54+02:00
Track fixed version for firefox issues in mfsa2023-13
- - - - -
ea15656f by Salvatore Bonaccorso at 2023-04-12T06:24:23+02:00
Track fixed version for firefox-esr for mfsa2023-14 issues
- - - - -
481dc564 by Salvatore Bonaccorso at 2023-04-12T08:26:56+02:00
Process some NFUs
- - - - -
b9b23c9c by Helmut Grohne at 2023-04-12T08:30:15+02:00
classify protobuf-java CPU DoS CVEs as unimportant
- - - - -
dfeb6abc by Helmut Grohne at 2023-04-12T09:09:42+02:00
fixup protobuf-java triage: tag all fixed versions unimportant
- - - - -
dd090247 by Moritz Muehlenhoff at 2023-04-12T09:42:31+02:00
NFUs
- - - - -
62616857 by security tracker role at 2023-04-12T08:10:20+00:00
automatic update
- - - - -
d3d0edc1 by Chris Lamb at 2023-04-12T09:14:31+01:00
Reserve DLA-3389-1 for lldpd
My previous reservation of DLA-3388-1 didn't successfully push to salsa, so I
now need to clean up my collisions with DLA-3388-1 (keepalived). :/
- - - - -
2d0c3ee0 by Salvatore Bonaccorso at 2023-04-12T11:16:08+02:00
Process NFUs
- - - - -
a22e47d7 by Salvatore Bonaccorso at 2023-04-12T11:16:41+02:00
Add CVE-2022-48437/libressl
- - - - -
ffb94e20 by Salvatore Bonaccorso at 2023-04-12T11:26:45+02:00
Add CVE-2023-1989/linux
- - - - -
9f55d707 by Emilio Pozuelo Monfort at 2023-04-12T11:34:11+02:00
lts: take firefox-esr and thunderbird
- - - - -
14973751 by Moritz Muehlenhoff at 2023-04-12T13:01:46+02:00
NFUs
- - - - -
29f7d181 by Salvatore Bonaccorso at 2023-04-12T13:12:05+02:00
Revert change for not-affected on CVE-2022-41722/go
It affects people cross compile windows binary on Debian.
Thanks: Shengjing Zhu
- - - - -
e9519d27 by Salvatore Bonaccorso at 2023-04-12T13:26:38+02:00
Add CVE-2023-1829/linux
- - - - -
f8f995af by Salvatore Bonaccorso at 2023-04-12T13:27:21+02:00
Add additional reference for CVE-2023-1281
- - - - -
1b632974 by Salvatore Bonaccorso at 2023-04-12T13:36:27+02:00
Update information for CVE-2023-1829/linux
- - - - -
312f67b1 by Tobias Frost at 2023-04-12T15:29:16+02:00
Reserve DLA-3390-1 for zabbix
- - - - -
41c9f1ad by Moritz Muehlenhoff at 2023-04-12T15:52:48+02:00
new imagemagick issue
NFU
- - - - -
61b6c090 by Moritz Muehlenhoff at 2023-04-12T15:54:47+02:00
NFU
- - - - -
0ff806a0 by Moritz Muehlenhoff at 2023-04-12T17:16:59+02:00
NFUs
- - - - -
f484ac16 by Salvatore Bonaccorso at 2023-04-12T17:21:17+02:00
Add CVE-2023-1998/linux
- - - - -
d28a63fc by Moritz Mühlenhoff at 2023-04-12T18:33:51+02:00
chromium, firefox-esr DSAs
- - - - -
5d444e1e by Moritz Muehlenhoff at 2023-04-12T19:49:46+02:00
NFUs
- - - - -
dc55d79d by Emilio Pozuelo Monfort at 2023-04-12T20:01:55+02:00
Reserve DLA-3391-1 for firefox-esr
- - - - -
1a6eb8b4 by Moritz Muehlenhoff at 2023-04-12T20:17:24+02:00
new flintqs non issue
- - - - -
872d5a0f by Moritz Muehlenhoff at 2023-04-12T20:23:25+02:00
new asterisk/ring issue
new libyang issue
- - - - -
87d5d2d3 by Salvatore Bonaccorso at 2023-04-12T20:40:24+02:00
Add explicity references to pull requests
- - - - -
cffba4a3 by Salvatore Bonaccorso at 2023-04-12T20:41:58+02:00
Add CVE-2023-26551/ntp
- - - - -
a8592d1a by Salvatore Bonaccorso at 2023-04-12T20:43:13+02:00
Add CVE-2023-26552/ntp
- - - - -
c0648372 by Salvatore Bonaccorso at 2023-04-12T20:44:38+02:00
Add CVE-2023-26553/ntp
- - - - -
2c3d9dd3 by Salvatore Bonaccorso at 2023-04-12T20:48:51+02:00
Add CVE-2023-26554/ntp
- - - - -
28c841d7 by Salvatore Bonaccorso at 2023-04-12T20:53:49+02:00
Add CVE-2023-26555/ntp
- - - - -
3d05078d by Salvatore Bonaccorso at 2023-04-12T21:28:01+02:00
Add openvswitch to dsa-needed list
- - - - -
cb655c75 by Salvatore Bonaccorso at 2023-04-12T21:32:48+02:00
Add additional references for CVE-2023-28879/ghostscript
- - - - -
f780200a by Salvatore Bonaccorso at 2023-04-12T21:38:35+02:00
Mark CVE-2023-2655{1,2,3,4}/ntp as unimportant
- - - - -
aab9bd9c by Salvatore Bonaccorso at 2023-04-12T21:42:08+02:00
Revert "fixup protobuf-java triage: tag all fixed versions unimportant"
This reverts commit dfeb6abc4fb18a270d8f32e5ff3c4cf737abdcaf.
- - - - -
cdf95a85 by Salvatore Bonaccorso at 2023-04-12T21:49:40+02:00
Mark CVE-2023-26555/ntp as no-dsa
- - - - -
b20b7326 by Salvatore Bonaccorso at 2023-04-12T22:01:57+02:00
Add references for CVE-2023-29465
- - - - -
80e1bd2f by Salvatore Bonaccorso at 2023-04-12T22:06:15+02:00
Add upstream references for CVE-2023-2691{6,7}/libyang2
- - - - -
c52fc587 by security tracker role at 2023-04-12T20:10:39+00:00
automatic update
- - - - -
aa12c176 by Salvatore Bonaccorso at 2023-04-12T22:13:58+02:00
Add CVE-2023-27585/pjproject
- - - - -
071bfc0e by Salvatore Bonaccorso at 2023-04-12T22:15:42+02:00
Process one NFU
- - - - -
55736a61 by Salvatore Bonaccorso at 2023-04-12T22:32:54+02:00
Add CVE-2023-1872/linux
- - - - -
fa172b55 by Sylvain Beucler at 2023-04-12T22:33:43+02:00
dla: claim golang-1.11
- - - - -
6b78e493 by Salvatore Bonaccorso at 2023-04-12T22:35:55+02:00
Add CVE-2023-2958{0,1}/yasm
- - - - -
41b07f22 by Salvatore Bonaccorso at 2023-04-12T22:44:57+02:00
Process one NFU
- - - - -
006d4d80 by Salvatore Bonaccorso at 2023-04-12T22:58:23+02:00
Add CVE-2023-28488/connman
- - - - -
68dfd1e7 by Salvatore Bonaccorso at 2023-04-12T23:01:55+02:00
Process some NFUs
- - - - -
6a158fa6 by Salvatore Bonaccorso at 2023-04-13T07:03:55+02:00
Update status for CVE-2022-396{4,5}/ffmpeg
- - - - -
2fce7a30 by Salvatore Bonaccorso at 2023-04-13T08:44:48+02:00
Add CVE-2023-1990/linux
- - - - -
d03b72fe by Moritz Muehlenhoff at 2023-04-13T11:01:10+02:00
new ncurses issue
- - - - -
22557faa by Moritz Muehlenhoff at 2023-04-13T11:35:00+02:00
NFUs
- - - - -
f530ed3b by Moritz Muehlenhoff at 2023-04-13T15:26:31+02:00
mark protobuf as ignored
we use unimportant for issues with negligble impact or non issue, here
there is some impact, but we can't meaningfully address it with a
backport, so mark as <ignored>
- - - - -
765695dc by Moritz Muehlenhoff at 2023-04-13T16:09:55+02:00
bullseye triage
- - - - -
b46dd2a4 by Moritz Mühlenhoff at 2023-04-13T20:42:02+02:00
openvswitch DSA
- - - - -
ae04ed3a by Moritz Muehlenhoff at 2023-04-13T21:00:53+02:00
bullseye triage
- - - - -
73a6c318 by Moritz Muehlenhoff at 2023-04-13T21:02:41+02:00
bugnums
- - - - -
c6c9871a by Salvatore Bonaccorso at 2023-04-13T22:06:17+02:00
Reserve DSA number for haproxy update
- - - - -
0ac84dbf by security tracker role at 2023-04-13T20:10:23+00:00
automatic update
- - - - -
c283fdfa by Salvatore Bonaccorso at 2023-04-14T06:04:50+02:00
Track fixed version for rust-spin issue fixed via unstable
- - - - -
d04a648f by Salvatore Bonaccorso at 2023-04-14T09:28:59+02:00
Add Debian bug reference for CVE-2023-28488
- - - - -
27e1419b by Shengjing Zhu at 2023-04-14T15:31:49+08:00
CVE-2022-41717 affects golang-golang-x-net as well
- - - - -
7a17025f by Shengjing Zhu at 2023-04-14T15:31:50+08:00
CVE-2022-41720/go affects cross compile for Windows binary
See 29f7d181bd88e363de11541667af407043579f00 as well
- - - - -
b1f2e10e by Shengjing Zhu at 2023-04-14T15:34:00+08:00
Fix syntax
- - - - -
5af0245d by Moritz Muehlenhoff at 2023-04-14T09:47:05+02:00
"new" sqlite3 issue
- - - - -
2c27ef9d by Moritz Muehlenhoff at 2023-04-14T09:49:34+02:00
new binutils issue, concludes external check
- - - - -
8d19b3cf by Moritz Muehlenhoff at 2023-04-14T10:07:17+02:00
NFUs
- - - - -
4c25b593 by Moritz Muehlenhoff at 2023-04-14T10:13:08+02:00
new rust-h2 issue
- - - - -
36b23ee2 by Moritz Muehlenhoff at 2023-04-14T10:16:35+02:00
new ckeditor issue
- - - - -
bd5c75d8 by Moritz Muehlenhoff at 2023-04-14T10:20:48+02:00
new gitlab issue
tightvnc n/a
- - - - -
4368a220 by Salvatore Bonaccorso at 2023-04-14T11:45:32+02:00
Track fixed version for CVE-2023-29132/irssi via unstable
- - - - -
8f71d72e by Shengjing Zhu at 2023-04-14T17:46:30+08:00
CVE-2022-41716/go affects cross compile for Windows binary
See 29f7d181bd88e363de11541667af407043579f00 as well
- - - - -
0886e400 by Shengjing Zhu at 2023-04-14T17:46:31+08:00
CVE-2022-27664 affects golang-golang-x-net as well
- - - - -
dd8c0e1a by Moritz Muehlenhoff at 2023-04-14T12:14:52+02:00
NFUs
- - - - -
fb0c9868 by Sylvain Beucler at 2023-04-14T14:45:32+02:00
python2.7: associate past python3.x CVEs to python2.7 + buster triage
See https://lists.debian.org/debian-lts/2023/04/msg00019.html for context
- - - - -
00db5cf7 by Moritz Muehlenhoff at 2023-04-14T15:13:28+02:00
sync python2.7 status for bullseye
- - - - -
d8e1ee5b by Moritz Muehlenhoff at 2023-04-14T15:17:20+02:00
new jpeg-xl issue
- - - - -
20e01376 by Moritz Muehlenhoff at 2023-04-14T15:21:08+02:00
connman fixed in sid
- - - - -
4ccc1dbc by Aron Xu at 2023-04-15T00:39:42+08:00
reserve DSA for rails update
- - - - -
73c1ea7c by Salvatore Bonaccorso at 2023-04-14T20:59:21+02:00
Add upstream reference for CVE-2023-29491/ncurses
Adding both is sort of redundant but gives us references to two
currently active locations to look for the ncurses patch level changes.
Keep both for now.
- - - - -
08b81e67 by Salvatore Bonaccorso at 2023-04-14T21:07:10+02:00
Add upstream tag information for CVE-2022-41717
- - - - -
a1e848a7 by Salvatore Bonaccorso at 2023-04-14T21:47:42+02:00
Add upstream tag reference for CVE-2022-27664
- - - - -
59994f03 by security tracker role at 2023-04-14T20:10:35+00:00
automatic update
- - - - -
b229f6c4 by Salvatore Bonaccorso at 2023-04-14T22:17:28+02:00
Remove note for CVE-2023-1876
Was withdrawn by the assigning CNA as found to not be a security issue.
- - - - -
a2b302f4 by Salvatore Bonaccorso at 2023-04-14T22:19:34+02:00
Add tempoary item for another set of sgt-puzzles issues
- - - - -
e2e7213f by Salvatore Bonaccorso at 2023-04-14T22:24:26+02:00
Process some NFUs
- - - - -
576bc875 by Salvatore Bonaccorso at 2023-04-14T22:36:06+02:00
Process some NFUs
- - - - -
624c0c2a by Salvatore Bonaccorso at 2023-04-14T22:37:22+02:00
Add CVE-2023-30630/dmidecode
- - - - -
ae11ac07 by Salvatore Bonaccorso at 2023-04-14T22:50:50+02:00
Add CVE-2022-48468/protobuf-c
- - - - -
38c5b55b by Salvatore Bonaccorso at 2023-04-14T22:57:42+02:00
Add CVE-2023-2033/chromium
- - - - -
21dfd55a by Salvatore Bonaccorso at 2023-04-14T23:02:15+02:00
Add chromium to dsa-needed list
- - - - -
5377be2b by Salvatore Bonaccorso at 2023-04-14T23:03:46+02:00
Add CVE-2023-2034/froxlor
- - - - -
d0874a41 by Salvatore Bonaccorso at 2023-04-14T23:05:08+02:00
Process some NFUs
- - - - -
28ad218c by Salvatore Bonaccorso at 2023-04-14T23:05:49+02:00
Add CVE-2023-2021/teampass
- - - - -
9229a377 by Salvatore Bonaccorso at 2023-04-14T23:06:19+02:00
Add CVE-2023-199{2,3,4}/wireshark
- - - - -
59ccb3a7 by Sylvain Beucler at 2023-04-14T23:40:03+02:00
CVE-2020-28367/golang: reference patch and regression fix
- - - - -
5c03b02c by Salvatore Bonaccorso at 2023-04-15T10:04:38+02:00
Add CVE-2023-2004/freetype
- - - - -
18e5b398 by security tracker role at 2023-04-15T08:10:13+00:00
automatic update
- - - - -
77345c1e by Salvatore Bonaccorso at 2023-04-15T10:20:20+02:00
Add CVE-2023-2008/linux
- - - - -
80602134 by Salvatore Bonaccorso at 2023-04-15T10:27:51+02:00
Add CVE-2023-29383/shadow
- - - - -
48f4c926 by Salvatore Bonaccorso at 2023-04-15T10:32:43+02:00
Add CVE-2023-28484 and CVE-2023-29469
- - - - -
370005c7 by Salvatore Bonaccorso at 2023-04-15T10:45:34+02:00
Add CVE-2021-45985/lua5.4
- - - - -
b6732554 by Salvatore Bonaccorso at 2023-04-15T10:56:27+02:00
Add CVE-2021-46880/libressl
- - - - -
f60b2a27 by Salvatore Bonaccorso at 2023-04-15T10:57:38+02:00
Process NFUs
- - - - -
929ba8f9 by Salvatore Bonaccorso at 2023-04-15T10:58:23+02:00
Add CVE-2023-29013/traefik
- - - - -
85fa7d78 by Salvatore Bonaccorso at 2023-04-15T11:20:06+02:00
Add libxml2 to dsa-needed list
- - - - -
1a0603d2 by Salvatore Bonaccorso at 2023-04-15T11:22:06+02:00
Track fixed version for nvidia-graphics-drivers issues via unstable
- - - - -
c02bddb8 by Salvatore Bonaccorso at 2023-04-15T11:25:57+02:00
Add Debian bug references for libxml2 issues
- - - - -
68ecea4f by Sylvain Beucler at 2023-04-15T12:28:56+02:00
python2.7: associate past python3.x CVEs to python2.7 (2)
Follow-up to fb0c9868f5bb6a7c5457f397cdfb603d629ef0c3
Compare with python3.7/buster in addition to python3.9/bullseye.
CVE-2020-14422 also affect the py2 backport in python-ipaddress.
- - - - -
a90bd3d6 by Salvatore Bonaccorso at 2023-04-15T16:08:16+02:00
Change commit order accordingly how applied upstream
- - - - -
52674ac7 by Salvatore Bonaccorso at 2023-04-15T16:10:11+02:00
Clarify notes for libxml2 CVEs
- - - - -
f915581f by Salvatore Bonaccorso at 2023-04-15T20:54:10+02:00
Track fixed version for CVE-2023-2033/chromium via unstable
- - - - -
0ecd2d6a by security tracker role at 2023-04-15T20:10:37+00:00
automatic update
- - - - -
bb069e04 by Salvatore Bonaccorso at 2023-04-16T06:10:39+02:00
Process some NFUs
- - - - -
9456a010 by Salvatore Bonaccorso at 2023-04-16T06:13:15+02:00
Move some NFUs for calibre-web to an itp'ed entry
- - - - -
d4adf810 by Salvatore Bonaccorso at 2023-04-16T06:21:46+02:00
Add references for CVE-2023-26437/pdns-recursor
- - - - -
098d060b by Salvatore Bonaccorso at 2023-04-16T06:24:44+02:00
Mark CVE-2023-26437/pdns-recursor as no-dsa
- - - - -
bfc85311 by Salvatore Bonaccorso at 2023-04-16T06:47:25+02:00
Add CVE-2023-22946/apache-spark
- - - - -
0474f207 by Salvatore Bonaccorso at 2023-04-16T06:47:57+02:00
Move CVE-2022-31777 to itp'ed entry for apache-spark
- - - - -
680ba647 by Salvatore Bonaccorso at 2023-04-16T06:59:19+02:00
Track fixed version for nvidia-graphics-drivers-tesla issues
- - - - -
9fe81949 by Salvatore Bonaccorso at 2023-04-16T08:53:55+02:00
Add CVE-2023-30772/linux
- - - - -
7a05456b by security tracker role at 2023-04-16T08:10:16+00:00
automatic update
- - - - -
a0db913d by Salvatore Bonaccorso at 2023-04-16T13:50:36+02:00
Process some NFUs
- - - - -
03726b7d by Salvatore Bonaccorso at 2023-04-16T14:05:13+02:00
Add CVE-2023-2002/linux
- - - - -
8a1b7c9f by Tobias Frost at 2023-04-16T14:36:58+02:00
Reserve DLA-3392-1 for syslog-ng
- - - - -
806e2cde by Tobias Frost at 2023-04-16T14:38:59+02:00
Revert "Reserve DLA-3392-1 for syslog-ng"
This reverts commit 8a1b7c9fe564aeaad9de70672bc1f6c3f544eaec.
- - - - -
ee87fd23 by Salvatore Bonaccorso at 2023-04-16T14:51:19+02:00
Process two NFUs
- - - - -
c9199a56 by Salvatore Bonaccorso at 2023-04-16T15:42:31+02:00
CVE-2023-28439: Add reference to upstream commit
- - - - -
702c9f87 by Salvatore Bonaccorso at 2023-04-16T16:08:09+02:00
Add Debian bug reference for CVE-2023-28439/ckeditor
- - - - -
27cf94b5 by Salvatore Bonaccorso at 2023-04-16T16:16:08+02:00
Add Debian bug reference for CVE-2023-30630/dmidecode
- - - - -
e66895fa by Salvatore Bonaccorso at 2023-04-16T16:17:25+02:00
Add Debian bug reference for CVE-2023-29383/shadow
- - - - -
00a22c7a by Moritz Mühlenhoff at 2023-04-16T19:20:09+02:00
chromium DSA
- - - - -
32f18fa8 by Helmut Grohne at 2023-04-16T20:21:28+02:00
ignore protobuf CVEs in buster that are ignored in bullseye
- - - - -
c385c99a by Salvatore Bonaccorso at 2023-04-16T20:45:09+02:00
Track fixes via experimental for sgt-puzzles's #1034190
- - - - -
8f6e5604 by Salvatore Bonaccorso at 2023-04-16T20:48:07+02:00
Process one NFU
- - - - -
1cc6b5e7 by security tracker role at 2023-04-16T20:10:31+00:00
automatic update
- - - - -
d336af8c by Markus Koschany at 2023-04-16T23:59:39+02:00
LTS: add configobj to dla-needed.txt
- - - - -
adfdfed3 by Markus Koschany at 2023-04-16T23:59:40+02:00
CVE-2023-30630,dmidecode: Buster is no-dsa
Minor issue
- - - - -
c4f84a15 by Markus Koschany at 2023-04-16T23:59:42+02:00
CVE-2023-2004,freetype: Buster is postponed
Minor issue. Can be fixed later.
- - - - -
643484fc by Markus Koschany at 2023-04-16T23:59:42+02:00
LTS: add heimdal to dla-needed.txt
- - - - -
0be4c5da by Markus Koschany at 2023-04-16T23:59:42+02:00
LTS: add libxml2 to dla-needed.txt
- - - - -
35e1a85d by Markus Koschany at 2023-04-16T23:59:42+02:00
LTS: add asterisk to dla-needed.txt
- - - - -
13f2c762 by Markus Koschany at 2023-04-16T23:59:43+02:00
CVE-2022-48468,protobuf-c: Buster is no-dsa
Minor issue
- - - - -
22df26e1 by Markus Koschany at 2023-04-16T23:59:43+02:00
LTS: add python2.7 to dla-needed.txt
- - - - -
d0686f73 by Markus Koschany at 2023-04-17T00:08:33+02:00
CVE-2023-29383,shadow: Buster is no-dsa
Minor issue
- - - - -
f4dddb00 by Markus Koschany at 2023-04-17T00:48:02+02:00
CVE-2023-26555,ntp: Buster is no-dsa
Minor issue
- - - - -
ced44e69 by Markus Koschany at 2023-04-17T00:49:01+02:00
CVE-2022-48434,ffmpeg: Buster is postponed
- - - - -
85af2f26 by Markus Koschany at 2023-04-17T00:50:19+02:00
CVE-2023-28439,ckeditor3: Buster is EOL
- - - - -
92833122 by Markus Koschany at 2023-04-17T00:53:01+02:00
Triage cmark-gfm for Buster
- - - - -
abb9885e by Markus Koschany at 2023-04-17T00:57:47+02:00
Triage python-cmarkgfm for Buster
- - - - -
fc0be3b3 by Salvatore Bonaccorso at 2023-04-17T06:28:17+02:00
Track fixed version for sgt-puzzles via unstable
- - - - -
92d1660c by security tracker role at 2023-04-17T08:10:14+00:00
automatic update
- - - - -
fff1d3d9 by Chris Lamb at 2023-04-17T09:10:35+01:00
data/dla-needed.txt: Claim asterisk.
- - - - -
7adce74f by Chris Lamb at 2023-04-17T09:10:39+01:00
data/dla-needed.txt: Claim libxml2.
- - - - -
88fd55ad by Chris Lamb at 2023-04-17T09:11:56+01:00
dla-needed.txt: Add note for configobj in buster LTS.
- - - - -
a3d83363 by Chris Lamb at 2023-04-17T10:18:36+01:00
data/dla-needed.txt: Claim configobj.
- - - - -
a17b8718 by Salvatore Bonaccorso at 2023-04-17T11:38:27+02:00
Process NFUs
- - - - -
99013142 by Salvatore Bonaccorso at 2023-04-17T14:56:32+02:00
Update information for CVE-2022-3116/heimdal
- - - - -
03a216fa by Scarlett Moore at 2023-04-17T06:28:46-07:00
Reserve DLA-3392-1 for ruby-rack
- - - - -
c926261b by Moritz Muehlenhoff at 2023-04-17T16:08:08+02:00
openvswitch fixed in sid
- - - - -
e6decb0f by Moritz Muehlenhoff at 2023-04-17T16:24:37+02:00
NFUs
- - - - -
93d9c01e by Moritz Muehlenhoff at 2023-04-17T16:35:24+02:00
NFUs
- - - - -
c6957f3b by Moritz Muehlenhoff at 2023-04-17T17:00:04+02:00
xpdf n/a
- - - - -
4abd9b4f by Moritz Muehlenhoff at 2023-04-17T17:03:21+02:00
one more nvidia CVE
- - - - -
d3db3bbc by Moritz Muehlenhoff at 2023-04-17T17:17:00+02:00
NFU
- - - - -
1a5675f8 by Salvatore Bonaccorso at 2023-04-17T17:33:29+02:00
Track nvidia-graphics-drivers fixes pending via bullseye-pu
- - - - -
f5471ef6 by Roberto C. Sánchez at 2023-04-17T11:46:33-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
1c2b0037 by Moritz Muehlenhoff at 2023-04-17T17:55:33+02:00
new libspring-java issue
- - - - -
19590a56 by Salvatore Bonaccorso at 2023-04-17T17:59:43+02:00
Track fixed version for libxml2 issues
- - - - -
6114a666 by Roberto C. Sánchez at 2023-04-17T12:01:06-04:00
LTS: dispatch FD for second half of 2023
- - - - -
025ddb2f by Salvatore Bonaccorso at 2023-04-17T18:03:05+02:00
Drop one duplicate source package entry for nvidia-graphics-drivers-tesla
- - - - -
40e84789 by Moritz Muehlenhoff at 2023-04-17T18:04:13+02:00
new pev issue
- - - - -
8b43f175 by Moritz Muehlenhoff at 2023-04-17T18:14:11+02:00
new dogecoin issue
- - - - -
a3d35295 by Moritz Muehlenhoff at 2023-04-17T18:21:26+02:00
"new" kamailio issue
- - - - -
38c93e36 by Moritz Muehlenhoff at 2023-04-17T18:24:01+02:00
"new" nbconvert issue
- - - - -
a4f40a27 by Tobias Frost at 2023-04-17T18:45:01+02:00
libxml2: Fixing links from old git.gnome.org to gitlab.gnome.org.
(Migrate URLs from old https://git.gnome.org/browse/libxml2/commit/?id= to https://gitlab.gnome.org/GNOME/libxml2/-/commit/)
- - - - -
e349b559 by Moritz Mühlenhoff at 2023-04-17T20:46:39+02:00
protobuf spu
- - - - -
11d22a02 by Salvatore Bonaccorso at 2023-04-17T21:22:34+02:00
Update information on CVE-2021-32862/nbconvert
- - - - -
45e0e6fc by Salvatore Bonaccorso at 2023-04-17T21:45:40+02:00
Track fixed version for nvidia-open-gpu-kernel-modules issues
- - - - -
813799c0 by security tracker role at 2023-04-17T20:10:29+00:00
automatic update
- - - - -
57917e90 by Salvatore Bonaccorso at 2023-04-17T22:12:44+02:00
Process NFUs
- - - - -
505adad3 by Salvatore Bonaccorso at 2023-04-17T22:21:01+02:00
Process NFUs
- - - - -
0065d704 by Salvatore Bonaccorso at 2023-04-17T22:21:40+02:00
Add CVE-2023-1831/mattermost-server
- - - - -
3717c119 by Ola Lundqvist at 2023-04-17T22:22:49+02:00
Concluded that sqlite3 was already in fixed upstream for the buster version.
- - - - -
ce36d41e by Ola Lundqvist at 2023-04-17T22:26:59+02:00
LTS: add openvswtich to dla-needed.txt
- - - - -
0f3b8073 by Ola Lundqvist at 2023-04-17T22:43:17+02:00
Marked mediawiki CVE-2023-29141 as no-dsa also for buster following decision for bullseye.
- - - - -
b2f6a325 by Ola Lundqvist at 2023-04-17T22:47:18+02:00
Marked node-xml2js CVE-2023-0842 as no-dsa also for buster following decision for bullseye.
- - - - -
4579ff84 by Ola Lundqvist at 2023-04-17T22:49:03+02:00
Marked pdns-recursor CVE-2023-26437 as no-dsa also for buster following decision for bullseye.
- - - - -
adf349e8 by Ola Lundqvist at 2023-04-17T22:50:02+02:00
Marked python-future CVE-2022-40899 as no-dsa also for buster following decision for bullseye.
- - - - -
58cd1a34 by Ola Lundqvist at 2023-04-17T22:51:46+02:00
Marked qemu CVE-2023-1544 as no-dsa also for buster following decision for bullseye.
- - - - -
b57eb6ea by Ola Lundqvist at 2023-04-17T22:54:22+02:00
Marked ruby-commonmarker CVEs as no-dsa also for buster following decision for bullseye.
- - - - -
f1fa974a by Salvatore Bonaccorso at 2023-04-18T06:13:13+02:00
Add fixing reference for CVE-2020-24736 in 3.27.y
- - - - -
5a6f29fa by Salvatore Bonaccorso at 2023-04-18T06:13:55+02:00
Revert "Concluded that sqlite3 was already in fixed upstream for the buster version."
This reverts commit 3717c119e445bcdfc74a75bf3f741946d0a7de3d.
- - - - -
2c43adc9 by Salvatore Bonaccorso at 2023-04-18T06:14:17+02:00
Track fixing version for CVE-2020-24736/sqlite3 via unstable
- - - - -
9bd23c48 by Salvatore Bonaccorso at 2023-04-18T08:18:37+02:00
Add CVE-2023-1981/avahi
- - - - -
d9979b69 by Salvatore Bonaccorso at 2023-04-18T08:21:34+02:00
Add CVE-2023-3077{4,5}/tiff
- - - - -
9f482b94 by Salvatore Bonaccorso at 2023-04-18T08:31:02+02:00
Update information on CVE-2023-3077{4,5}/tiff
- - - - -
a0f19053 by Salvatore Bonaccorso at 2023-04-18T08:57:34+02:00
Add CVE-2023-294{79,80}/rnp
- - - - -
ad65f979 by Helmut Grohne at 2023-04-18T09:03:41+02:00
Reserve DLA-3393-1 for protobuf
- - - - -
05acdd6f by Salvatore Bonaccorso at 2023-04-18T09:26:25+02:00
Add CVE-2023-28856/redis
- - - - -
678afd9f by Salvatore Bonaccorso at 2023-04-18T09:30:18+02:00
Add additional reference for CVE-2023-28856/redis
- - - - -
15779fa0 by Chris Lamb at 2023-04-18T09:07:53+01:00
dla-needed.txt: Correct name of openvswitch package.
- - - - -
e527d6ed by security tracker role at 2023-04-18T08:10:27+00:00
automatic update
- - - - -
c30545da by Salvatore Bonaccorso at 2023-04-18T11:55:46+02:00
Process two NFUs
- - - - -
2dbcf002 by Salvatore Bonaccorso at 2023-04-18T11:56:37+02:00
Add Debian bug references for CVE-2023-294{79,80}/rnp
- - - - -
7d6b7615 by Emilio Pozuelo Monfort at 2023-04-18T14:41:21+02:00
lts: add link to vcs for openvswitch
- - - - -
d1314235 by Moritz Muehlenhoff at 2023-04-18T16:13:23+02:00
owslib fixed in sid
- - - - -
3dd091ab by Chris Lamb at 2023-04-18T18:21:44+01:00
Triage CVE-2023-27585 in asterisk for buster LTS.
- - - - -
deed6cae by Salvatore Bonaccorso at 2023-04-18T20:35:03+02:00
Add CVE-2023-045{8,9}/linux
- - - - -
20d8b5cf by security tracker role at 2023-04-18T20:10:22+00:00
automatic update
- - - - -
5383ce48 by Salvatore Bonaccorso at 2023-04-18T22:27:41+02:00
Process NFUs
- - - - -
69e35a37 by Salvatore Bonaccorso at 2023-04-18T22:28:15+02:00
Add CVE-2023-30539/nextcloud-server
- - - - -
4597ba98 by Salvatore Bonaccorso at 2023-04-18T22:35:07+02:00
Add CVE-2023-29197/php-guzzlehttp-psr7
- - - - -
e743fb4f by Salvatore Bonaccorso at 2023-04-18T22:38:40+02:00
Add CVE-2023-30536/php-slim-psr7
- - - - -
ec479a33 by Markus Koschany at 2023-04-18T22:40:56+02:00
CVE-2023-27585,asterisk: Buster is affected
The vulnerable code is shipped in debian/pjproject_2.12.1~dfsg.orig.tar.bz2 and
applied at build time. In the past the pjproject library has been packaged
separately. Debian's maintainer chose to embed it later.
- - - - -
1b52d3ba by Markus Koschany at 2023-04-18T22:40:56+02:00
LTS: add asterisk to dla-needed.txt
- - - - -
480c118b by Markus Koschany at 2023-04-18T22:40:56+02:00
Claim asterisk in dla-needed.txt
- - - - -
0f8f4753 by Ola Lundqvist at 2023-04-18T23:16:31+02:00
Concluded that CVE-2023-1625 do not require a DLA for buster. It is an information leak vulnerability to authenticated users with low impact.
- - - - -
45a167ff by Salvatore Bonaccorso at 2023-04-18T23:18:51+02:00
Add Debian bug reference for CVE-2023-30536/php-slim-psr7
- - - - -
249ee9b4 by Salvatore Bonaccorso at 2023-04-18T23:23:47+02:00
Add Debian bug reference for CVE-2023-29197/php-guzzlehttp-psr7
- - - - -
c525e9f5 by Ola Lundqvist at 2023-04-18T23:31:24+02:00
LTS: add avahi to dla-needed.txt
- - - - -
be6fa10b by Ola Lundqvist at 2023-04-18T23:35:19+02:00
LTS: add connman to dla-needed.txt
- - - - -
fc98b78d by Ola Lundqvist at 2023-04-18T23:43:31+02:00
Concluded that frr package does not need an update for buster. The vilnerability at hand is clearly less problematic than many other open vulnerabilities to this package. Remote code execution + DoS is more problematic than just a DoS problem.
- - - - -
e53f4701 by Markus Koschany at 2023-04-19T00:11:26+02:00
Reserve DLA-3394-1 for asterisk
- - - - -
aed53b23 by Salvatore Bonaccorso at 2023-04-19T06:40:47+02:00
Add Debian bug reference for CVE-2023-1981/avahi
- - - - -
4d0d4bd4 by Anton Gladky at 2023-04-19T06:45:22+02:00
CVE-2022-1949 mark as ignored for buster
- - - - -
7476a059 by Salvatore Bonaccorso at 2023-04-19T08:08:16+02:00
Track fixes for thunderbird via unstable
- - - - -
21e83138 by Salvatore Bonaccorso at 2023-04-19T08:36:35+02:00
Add php-nyholm-psr7 for CVE-2023-29197
- - - - -
b3716c2d by Chris Lamb at 2023-04-19T07:43:26+01:00
data/dla-needed.txt: Claim connman.
- - - - -
b551ec79 by Salvatore Bonaccorso at 2023-04-19T08:45:56+02:00
Add references for CVE-2023-29197
- - - - -
40ba312f by Chris Lamb at 2023-04-19T07:47:32+01:00
data/dla-needed.txt: Claim avahi.
- - - - -
a131af39 by Moritz Muehlenhoff at 2023-04-19T09:08:52+02:00
bullseye triage
- - - - -
46027c28 by Chris Lamb at 2023-04-19T08:17:09+01:00
dla-needed.txt: Drop claim of libxml2 to harmonise claims across LTS and ELTS.
- - - - -
5f18ee8a by Salvatore Bonaccorso at 2023-04-19T09:23:28+02:00
Add CVE-2023-2162/linux
- - - - -
ce6b9691 by Salvatore Bonaccorso at 2023-04-19T09:30:16+02:00
Add CVE-2023-2166/linux
- - - - -
769ad1be by Salvatore Bonaccorso at 2023-04-19T09:44:01+02:00
Add new chromium issues
- - - - -
8dc0f533 by Salvatore Bonaccorso at 2023-04-19T09:44:37+02:00
Add chromium to dsa-needed list
- - - - -
aacf588f by security tracker role at 2023-04-19T08:10:24+00:00
automatic update
- - - - -
a4f2b81b by Salvatore Bonaccorso at 2023-04-19T11:44:11+02:00
Process some NFUs
- - - - -
6e486752 by Salvatore Bonaccorso at 2023-04-19T11:46:17+02:00
Add CVE-2023-2020/check-mk
- - - - -
235d00c3 by Moritz Muehlenhoff at 2023-04-19T12:01:00+02:00
php-slim-psr7 fixed in sid
- - - - -
3991c3f5 by Moritz Muehlenhoff at 2023-04-19T12:13:28+02:00
NFUs
- - - - -
4a61374d by Sylvain Beucler at 2023-04-19T13:32:10+02:00
CVE-2022-23773/golang-1.11: buster ignored
- - - - -
33821ccf by Salvatore Bonaccorso at 2023-04-19T13:40:03+02:00
Add CVE-2023-27525
- - - - -
a2449628 by Salvatore Bonaccorso at 2023-04-19T13:44:45+02:00
Add CVE-2023-2124/linux
- - - - -
cf04c43b by Sylvain Beucler at 2023-04-19T13:48:49+02:00
golang-1.11: postpone open CVEs unfixed in bullseye
- - - - -
263122bd by Salvatore Bonaccorso at 2023-04-19T14:08:31+02:00
Process two NFUs
- - - - -
88d91f4b by Salvatore Bonaccorso at 2023-04-19T14:24:15+02:00
Track fixed version for CVE-2023-1981/avahi via unstable
- - - - -
e66909c3 by Moritz Muehlenhoff at 2023-04-19T15:10:09+02:00
new dogecoin issue
- - - - -
39dc5885 by Moritz Muehlenhoff at 2023-04-19T15:12:30+02:00
new sqlparse issue
- - - - -
d1fb2746 by Salvatore Bonaccorso at 2023-04-19T15:37:05+02:00
Update status for CVE-2023-045{8,9}/linux
- - - - -
49f7b18a by Salvatore Bonaccorso at 2023-04-19T15:48:03+02:00
Track introducing commit for CVE-2023-30608
- - - - -
f823e512 by Moritz Muehlenhoff at 2023-04-19T16:35:16+02:00
NFUs
- - - - -
3d6c8d99 by Moritz Muehlenhoff at 2023-04-19T16:43:51+02:00
new Java issues
- - - - -
017c8e3f by Moritz Muehlenhoff at 2023-04-19T16:47:25+02:00
new virtualbox issues
- - - - -
f2af766f by Moritz Muehlenhoff at 2023-04-19T16:55:39+02:00
new mysql issues
- - - - -
689ceebd by Moritz Muehlenhoff at 2023-04-19T17:24:05+02:00
NFUs
- - - - -
df4f6128 by Sylvain Beucler at 2023-04-19T17:47:48+02:00
Reserve DLA-3395-1 for golang-1.11
- - - - -
c7917e49 by Salvatore Bonaccorso at 2023-04-19T20:45:33+02:00
Update information for CVE-2020-16155
- - - - -
38a2be03 by Salvatore Bonaccorso at 2023-04-19T20:57:17+02:00
CVE-2023-29491: Add reference to oss-security post
- - - - -
6a8719e0 by Ola Lundqvist at 2023-04-19T21:36:28+02:00
LTS: add openjdk-11 to dla-needed.txt
- - - - -
aee3f9c6 by Ola Lundqvist at 2023-04-19T21:40:39+02:00
Marked tiff CVE-2023-30774 as no-dsa also for buster following decision for bullseye.
- - - - -
957879af by Salvatore Bonaccorso at 2023-04-19T21:46:46+02:00
Add Debian bug reference for CVE-2023-30608/sqlparse
- - - - -
073d744a by Salvatore Bonaccorso at 2023-04-19T21:46:47+02:00
Add Debian bug reference for CVE-2023-2004/freetype
- - - - -
9d95b8ab by Salvatore Bonaccorso at 2023-04-19T21:46:49+02:00
Add Debian bug reference for CVE-2023-28856/redis
- - - - -
6c3ce7ff by security tracker role at 2023-04-19T20:10:34+00:00
automatic update
- - - - -
e64bf4b0 by Salvatore Bonaccorso at 2023-04-19T22:18:07+02:00
Add upstream issue reference for CVE-2023-29469/libxml2
- - - - -
a54e0c4b by Salvatore Bonaccorso at 2023-04-19T22:20:18+02:00
Process NFUs
- - - - -
755399ce by Salvatore Bonaccorso at 2023-04-19T22:26:39+02:00
Process some NFUs
- - - - -
44494ed4 by Salvatore Bonaccorso at 2023-04-19T22:35:05+02:00
Add CVE-2023-27043/python
- - - - -
1a84b20b by Sylvain Beucler at 2023-04-19T23:43:24+02:00
DLA-3395-1/golang-1.11: drop fix for CVE-2022-23772
- - - - -
e7c09917 by Moritz Muehlenhoff at 2023-04-20T08:25:25+02:00
new linux issues (concludes external check)
- - - - -
91261677 by Chris Lamb at 2023-04-20T07:40:09+01:00
Add note for CVE-2023-28856/redis.
- - - - -
9adc0d39 by security tracker role at 2023-04-20T08:10:20+00:00
automatic update
- - - - -
ef01e322 by Emilio Pozuelo Monfort at 2023-04-20T10:20:08+02:00
lts: take openjdk-11
- - - - -
fd21c2e7 by Moritz Muehlenhoff at 2023-04-20T11:48:24+02:00
NFUs
- - - - -
57ee9817 by Moritz Muehlenhoff at 2023-04-20T12:01:37+02:00
new jetty issues
- - - - -
c646c4e3 by Salvatore Bonaccorso at 2023-04-20T12:44:14+02:00
Update information for CVE-2023-217{6,7}/linux
- - - - -
388b847a by Moritz Muehlenhoff at 2023-04-20T12:50:38+02:00
chromium fixed in sid
redis fixed in sid
- - - - -
d9590944 by Moritz Muehlenhoff at 2023-04-20T15:42:42+02:00
NFU
- - - - -
fc9a5910 by Moritz Muehlenhoff at 2023-04-20T15:57:20+02:00
new mujs issue
NFU
- - - - -
ddad954e by Salvatore Bonaccorso at 2023-04-20T20:57:40+02:00
Add CVE-2023-1255/openssl
- - - - -
277bc306 by Ola Lundqvist at 2023-04-20T22:05:18+02:00
LTS: add wireshark to dla-needed.txt
- - - - -
0d550a4e by security tracker role at 2023-04-20T20:10:25+00:00
automatic update
- - - - -
b4ca2e51 by Ola Lundqvist at 2023-04-20T22:12:33+02:00
LTS: add redis to dla-needed.txt
- - - - -
dd8485f3 by Salvatore Bonaccorso at 2023-04-20T22:21:14+02:00
Add CVE-2023-2193/mattermost-server
- - - - -
6371ee77 by Salvatore Bonaccorso at 2023-04-20T22:22:20+02:00
Process NFUs
- - - - -
67baa851 by Salvatore Bonaccorso at 2023-04-20T22:23:47+02:00
Add two new CVEs for check-mk
- - - - -
3247a7a2 by Sylvain Beucler at 2023-04-20T22:38:20+02:00
Reserve DLA-3395-2 for golang-1.11
- - - - -
ab8d8a21 by Salvatore Bonaccorso at 2023-04-20T22:39:51+02:00
Reserve DSA number for libxml2 update
- - - - -
e530aaab by Bastien Roucariès at 2023-04-20T20:57:28+00:00
Add NOTE for apache
- - - - -
0dcb6184 by Salvatore Bonaccorso at 2023-04-20T23:09:15+02:00
Remove github.com prefixes from URLs
- - - - -
c4f158aa by Salvatore Bonaccorso at 2023-04-20T23:25:03+02:00
Add CVE-2021-28235/etcd
- - - - -
033d29d5 by Salvatore Bonaccorso at 2023-04-20T23:35:32+02:00
Add CVE-2020-10650/jackson-databind
- - - - -
31addcc0 by Salvatore Bonaccorso at 2023-04-20T23:36:45+02:00
Process one NFU
- - - - -
abdfd8c4 by Adrian Bunk at 2023-04-21T00:48:53+03:00
dla: take wireshark
- - - - -
728a6c79 by Salvatore Bonaccorso at 2023-04-21T06:26:27+02:00
Track libsignal-protocol-c as well for CVE-2022-48468
- - - - -
80be135f by Salvatore Bonaccorso at 2023-04-21T06:27:26+02:00
Track fixed version for CVE-2023-28617/emacs via unstable
- - - - -
d0b52ea4 by Salvatore Bonaccorso at 2023-04-21T06:31:19+02:00
Add CVE-2022-36788/slic3r
- - - - -
d1d13493 by Anton Gladky at 2023-04-21T06:34:25+02:00
Add link to github issue of CVE-2019-14824
- - - - -
333ffeb4 by Salvatore Bonaccorso at 2023-04-21T06:44:41+02:00
Indent noe via tab for CVE-2019-14824
- - - - -
1a09a9ed by Salvatore Bonaccorso at 2023-04-21T06:52:34+02:00
Add CVE-2023-2194/linux
- - - - -
00693533 by security tracker role at 2023-04-21T08:10:11+00:00
automatic update
- - - - -
422c1c5e by Chris Lamb at 2023-04-21T09:50:15+01:00
data/dla-needed.txt: Claim redis.
- - - - -
f6581cf3 by Chris Lamb at 2023-04-21T12:20:46+01:00
dla-needed.txt: Update note for configobj.
- - - - -
c086d738 by Chris Lamb at 2023-04-21T12:44:14+01:00
Reserve DLA-3396-1 for redis
- - - - -
dfe66ac3 by Salvatore Bonaccorso at 2023-04-21T13:45:20+02:00
Process NFUs
- - - - -
83024faf by Salvatore Bonaccorso at 2023-04-21T13:46:50+02:00
Track linux CVEs pending for bullseye-pu
- - - - -
59c74140 by Chris Lamb at 2023-04-21T13:04:38+01:00
Reserve DLA-3397-1 for connman
- - - - -
b07d32ff by Salvatore Bonaccorso at 2023-04-21T14:26:59+02:00
Mark CVE-2023-28856/redis as no-dsa
- - - - -
8eb4a055 by Salvatore Bonaccorso at 2023-04-21T18:19:49+02:00
Track fixed version for CVE-2023-0842/node-xml2js
- - - - -
53ce837e by Salvatore Bonaccorso at 2023-04-21T18:22:09+02:00
Track fixed version for python-werkzeug issues
- - - - -
8c268dc5 by Salvatore Bonaccorso at 2023-04-21T21:29:20+02:00
Process NFUs
- - - - -
37dff768 by Markus Koschany at 2023-04-21T21:57:38+02:00
CVE-2023-27534,curl: buster is no-dsa
Minor issue
- - - - -
1bcf7220 by Markus Koschany at 2023-04-21T21:58:32+02:00
Reserve DLA-3398-1 for curl
- - - - -
48662dac by Markus Koschany at 2023-04-21T22:09:14+02:00
Remove ceph from dla-needed.txt
Currently there are no open issues in Buster. Everything else are no-dsa, minor
issues.
- - - - -
33de4ef6 by Markus Koschany at 2023-04-21T22:10:45+02:00
Claim heimdal in dla-needed.txt
- - - - -
ea923509 by Markus Koschany at 2023-04-21T23:00:32+02:00
Remove heimdal from dla-needed.txt
Nothing to do anymore
- - - - -
a4a238aa by Abhijith PA at 2023-04-22T08:28:55+05:30
data/dla-needed.txt: work on consul
- - - - -
4e3a032e by Salvatore Bonaccorso at 2023-04-22T09:15:16+02:00
Add CVE-2023-1729/libraw
- - - - -
acc786bc by Salvatore Bonaccorso at 2023-04-22T09:16:24+02:00
Add CVE-2022-3874/foreman
- - - - -
70070070 by Salvatore Bonaccorso at 2023-04-22T09:19:24+02:00
Add CVE-2023-163{3,6}/barbican
- - - - -
58d922e9 by security tracker role at 2023-04-22T08:10:17+00:00
automatic update
- - - - -
66426e80 by Salvatore Bonaccorso at 2023-04-22T14:49:55+02:00
Add fixed version for CVE-2023-29197/php-nyholm-psr7 via unstable
- - - - -
4fd7965c by Salvatore Bonaccorso at 2023-04-22T14:51:46+02:00
Track fixed version for CVE-2023-29197/php-guzzlehttp-psr7 via unstable
- - - - -
f3c11711 by Salvatore Bonaccorso at 2023-04-22T14:59:31+02:00
Add CVE-2023-26876/piwigo
- - - - -
f395d3b6 by Salvatore Bonaccorso at 2023-04-22T15:00:22+02:00
Process some NFUs
- - - - -
24e01c2c by Salvatore Bonaccorso at 2023-04-22T15:28:58+02:00
Track proposed node-xml2js update via bullseye-pu
- - - - -
f33cd3a0 by Salvatore Bonaccorso at 2023-04-22T15:31:27+02:00
Mark CVE-2023-29197 as no-dsa for bullseye
- - - - -
ea3ad74a by Salvatore Bonaccorso at 2023-04-22T15:33:07+02:00
Track proposed update for CVE-2023-29197/php-guzzlehttp-psr7
- - - - -
b76a2628 by Salvatore Bonaccorso at 2023-04-22T15:34:01+02:00
Track proposed update for php-nyholm-psr7 via bullseye-pu
- - - - -
bc634839 by Salvatore Bonaccorso at 2023-04-22T16:42:07+02:00
Mark CVE-2022-45801 as NFU
- - - - -
184baae0 by Salvatore Bonaccorso at 2023-04-22T16:43:54+02:00
Process two more NFUs
- - - - -
18563380 by Salvatore Bonaccorso at 2023-04-22T16:55:03+02:00
Track issues from WSA-2023-0003
- - - - -
56e65e94 by Moritz Mühlenhoff at 2023-04-22T18:02:46+02:00
chromium, thunderbird DSAs
- - - - -
099151aa by Moritz Muehlenhoff at 2023-04-22T18:16:34+02:00
update lua status
- - - - -
b7b544b6 by Moritz Muehlenhoff at 2023-04-22T19:37:50+02:00
bugnums
- - - - -
c71c0f6a by Salvatore Bonaccorso at 2023-04-22T21:07:51+02:00
Track fixes for linux upload via unstable
- - - - -
8163efde by security tracker role at 2023-04-22T20:10:31+00:00
automatic update
- - - - -
de54eacd by Ola Lundqvist at 2023-04-22T22:26:23+02:00
Marked CVE-2023-29197 as no-dsa for buster. It is postponed for bullseye but it does not need to be fixed in buster.
- - - - -
7bc9131a by Ola Lundqvist at 2023-04-22T22:26:24+02:00
Marked CVE as no-dsa for buster for packate gtz-puzzles.
- - - - -
3f6a3175 by Ola Lundqvist at 2023-04-22T22:41:24+02:00
LTS: add jackson-databind to dla-needed.txt
- - - - -
4effb362 by Moritz Muehlenhoff at 2023-04-22T23:11:08+02:00
pev fixed in sid
- - - - -
a6de3d91 by Salvatore Bonaccorso at 2023-04-23T07:44:03+02:00
Process NFUs
- - - - -
3a6f6d08 by security tracker role at 2023-04-23T08:10:15+00:00
automatic update
- - - - -
679f6d83 by Chris Lamb at 2023-04-23T09:43:51+01:00
data/DLA/list: Correct src:connman version number for DLA-3397-1.
Another update not committed to the LTS git repo..
- - - - -
f2259fb6 by Ola Lundqvist at 2023-04-23T10:46:45+02:00
Marked CVE-2021-28235 as no-dsa for package etcd in buster since the issue only occur with debug enabled.
- - - - -
b38954ed by Ola Lundqvist at 2023-04-23T14:21:52+02:00
CVE-2021-32921 marked as no-dsa for buster since the impact is low. Upstream has considered the impact too low to fix it.
- - - - -
1b17c99b by Ola Lundqvist at 2023-04-23T14:28:32+02:00
LTS: add nbconvert to dla-needed.txt
- - - - -
720c07a5 by Salvatore Bonaccorso at 2023-04-23T19:15:33+02:00
Track fixed version via unstable for CVE-2023-26964/rust-h2
- - - - -
983c92a2 by Salvatore Bonaccorso at 2023-04-23T21:23:09+02:00
Remove notes from CVE-2023-24787
CVE got rejected as duplicate.
- - - - -
cef56e87 by Salvatore Bonaccorso at 2023-04-23T21:24:41+02:00
Remove note from CVE-2023-24367
CVE got withdrawn as further investigation showed that there is no
security issue.
- - - - -
9bc68de9 by Salvatore Bonaccorso at 2023-04-23T21:29:30+02:00
Remove notes from CVE-2021-41259
Rejected by the assigning CNA.
- - - - -
8408670a by security tracker role at 2023-04-23T20:10:21+00:00
automatic update
- - - - -
d13ba436 by Ola Lundqvist at 2023-04-23T22:22:24+02:00
After source code analysis it is clear that CVE-2023-298997 through CVE-2023-29000 applies to pre 3.0 version even though the text tells something else. In any case the severity is similar to many other issues in nextcloud-desktop and they were marked as no-dsa with motivation minor issue. Doing the same for these CVEs as well.
- - - - -
6ba5e905 by Ola Lundqvist at 2023-04-23T22:27:04+02:00
Marked imagemagick CVE-2023-1906 as no-dsa for buster since it is a denial of service vulnerability and this follows the practice for other vulnerabilities of this kind for this package.
- - - - -
48278e1c by Ola Lundqvist at 2023-04-23T22:34:40+02:00
Marked slic3r CVE-2022-36788 as no-dsa for buster.
- - - - -
34c3291e by Ola Lundqvist at 2023-04-23T22:42:39+02:00
LTS: add sniproxy to dla-needed.txt
- - - - -
ad382ea0 by Ola Lundqvist at 2023-04-23T22:56:28+02:00
LTS: add epiphany-browser to dla-needed.txt
- - - - -
392faaf2 by Thorsten Alteholz at 2023-04-23T23:14:45+02:00
update note
- - - - -
a3e660ee by Thorsten Alteholz at 2023-04-23T23:15:26+02:00
claim libxml2
- - - - -
fdd07710 by Thorsten Alteholz at 2023-04-23T23:15:59+02:00
claim sniproxy
- - - - -
fd21b526 by Ben Hutchings at 2023-04-24T00:39:48+02:00
Fill in details of the CVE IDs assigned for sgt-puzzles
7 CVE IDs have been assigned, but not published, for issues covered by
Debian bug #1028986. Use my own summaries for these.
No CVE IDs were requested for the issues covered by Debian
bug #1034190.
- - - - -
b660147b by Anton Gladky at 2023-04-24T06:28:47+02:00
Reserve DLA-3399-1 for 389-ds-base
- - - - -
ae250c31 by Anton Gladky at 2023-04-24T06:45:30+02:00
LTS: take sssd
- - - - -
aa52fed0 by Anton Gladky at 2023-04-24T06:51:20+02:00
LTS: update notes on docker
- - - - -
71689fd1 by Salvatore Bonaccorso at 2023-04-24T06:59:16+02:00
Remove notes from CVE-2023-289{97,98,99}, VE-2023-29000
- - - - -
f69de693 by Salvatore Bonaccorso at 2023-04-24T07:01:52+02:00
Make temporary descriptions stable until CVEs published
- - - - -
50ddda23 by security tracker role at 2023-04-24T08:10:11+00:00
automatic update
- - - - -
affb3e76 by Salvatore Bonaccorso at 2023-04-24T10:44:27+02:00
Add CVE-2023-31081/linux
- - - - -
1f34aea1 by Salvatore Bonaccorso at 2023-04-24T10:48:25+02:00
Add CVE-2023-31082/linux
- - - - -
f92638de by Emilio Pozuelo Monfort at 2023-04-24T10:51:47+02:00
Reserve DLA-3400-1 for thunderbird
- - - - -
21e70cc8 by Salvatore Bonaccorso at 2023-04-24T11:07:28+02:00
Add CVE-2023-3108{3,4,5}/linux
- - - - -
de0fe18a by Salvatore Bonaccorso at 2023-04-24T12:56:34+02:00
Track wireshark fixes via experimental
- - - - -
2a0ff9aa by Moritz Muehlenhoff at 2023-04-24T13:06:04+02:00
NFUs
- - - - -
6407d2f5 by Moritz Muehlenhoff at 2023-04-24T14:05:53+02:00
new libpodofo issue
- - - - -
88028fda by Moritz Muehlenhoff at 2023-04-24T14:34:58+02:00
new starlette issue
- - - - -
05f299b5 by Guilhem Moulin at 2023-04-24T15:10:13+02:00
Triage CVE-2022-43504/wordpress
- - - - -
cd20d498 by Guilhem Moulin at 2023-04-24T15:10:15+02:00
Triage CVE-2022-{43497,43500,XXXXX}/wordpress
WordPress 6.0.3 release notes have many (>3) XSS vulnerability fixes;
not clear exactly which ones CVE-2022-{43497,43500,XXXXX} refer to, but
I checked that all security fixes coming with 6.0.3 were also backported
in 5.0.18's https://core.trac.wordpress.org/changeset/54571 . (Except
{search, feature image, RSS, widget} block XSS fixes, as the code is not
present in 5.0.)
- - - - -
752b9f78 by Guilhem Moulin at 2023-04-24T15:43:07+02:00
Triage wordpress for buster
Unclear which issue the CVE refers to exactly, but the security fixes
from 6.0.2 have been backported to 5.0.17 already:
https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/
https://core.trac.wordpress.org/changeset/53973
- - - - -
796ac4ef by Moritz Muehlenhoff at 2023-04-24T15:59:20+02:00
new nvidia-cuda-toolkit issues
- - - - -
9b5ded4a by Guilhem Moulin at 2023-04-24T17:07:25+02:00
Remove wordpress from dla-needed.txt.
- - - - -
c42f7214 by Salvatore Bonaccorso at 2023-04-24T20:25:25+02:00
Add Debian bug reference for nvidia-cuda-toolkit issues
- - - - -
bf3f60d9 by Salvatore Bonaccorso at 2023-04-24T21:13:44+02:00
Process one NFU
- - - - -
6b07be93 by security tracker role at 2023-04-24T20:10:35+00:00
automatic update
- - - - -
aa718d59 by Salvatore Bonaccorso at 2023-04-24T22:14:18+02:00
Process some NFUs
- - - - -
f0a2610b by Salvatore Bonaccorso at 2023-04-24T22:20:10+02:00
Process some NFUs
- - - - -
ad181e86 by Salvatore Bonaccorso at 2023-04-24T22:22:13+02:00
Add CVE-2023-31045/backdrop
- - - - -
c8a61500 by Moritz Muehlenhoff at 2023-04-24T22:49:59+02:00
associate CVE-2021-33589 with src:rnp
- - - - -
19fcbd79 by Moritz Muehlenhoff at 2023-04-24T23:02:30+02:00
mark gnupg1 as unimportant
- - - - -
75533781 by Bastien Roucariès at 2023-04-24T21:06:32+00:00
Reserve DLA-3401-1 for apache2
- - - - -
7b4821a7 by Moritz Muehlenhoff at 2023-04-24T23:09:45+02:00
old bitcoin issue fixed
- - - - -
f3c8a49b by Moritz Muehlenhoff at 2023-04-24T23:12:48+02:00
bugnums
- - - - -
3abc0b73 by Roberto C. Sánchez at 2023-04-24T21:04:46-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
abd35b4c by Guilhem Moulin at 2023-04-25T09:54:35+02:00
Triage one more buster issue for buster.
WordPress 5.0.16 includes the updated jQuery where the vulnerability
lies, see https://core.trac.wordpress.org/changeset/52856 .
- - - - -
e2b85f43 by security tracker role at 2023-04-25T08:10:14+00:00
automatic update
- - - - -
d898e605 by Salvatore Bonaccorso at 2023-04-25T10:26:13+02:00
Process two NFUs
- - - - -
e70e47d0 by Salvatore Bonaccorso at 2023-04-25T10:33:37+02:00
Add CVE-2023-2019/linux
- - - - -
fe56ca22 by Salvatore Bonaccorso at 2023-04-25T11:49:39+02:00
Add CVE-2023-200{6,7}/linux
- - - - -
28bbdbfe by Guilhem Moulin at 2023-04-25T13:03:23+02:00
LTS: claim openvswitch in dla-needed.txt
- - - - -
b0ed296d by Moritz Muehlenhoff at 2023-04-25T15:13:38+02:00
update fixed version for node-xml2js
- - - - -
7ba95e7b by Moritz Muehlenhoff at 2023-04-25T15:18:14+02:00
wpewebkit fixed in sid
- - - - -
99c7175b by Salvatore Bonaccorso at 2023-04-25T15:47:18+02:00
Add CVE-2022-42335/xen
- - - - -
3b97d047 by Moritz Muehlenhoff at 2023-04-25T16:27:13+02:00
new apache-jena issue
- - - - -
9ddcc4d6 by Moritz Muehlenhoff at 2023-04-25T20:11:52+02:00
take ffmpeg
- - - - -
650a70b2 by Salvatore Bonaccorso at 2023-04-25T20:20:11+02:00
Correct upstream commit references for tiff issues
Fixes: 9f482b94d64a ("Update information on CVE-2023-3077{4,5}/tiff")
Thanks: Emilio Pozuelo Monfort
- - - - -
121e2d5c by Salvatore Bonaccorso at 2023-04-25T20:27:02+02:00
Add new git issues: CVE-2023-25652, CVE-2023-25815 and CVE-2023-29007
- - - - -
73433307 by Salvatore Bonaccorso at 2023-04-25T20:34:16+02:00
Track fixed version for git issues
- - - - -
038542d1 by Salvatore Bonaccorso at 2023-04-25T20:47:19+02:00
Mark git issues as no-dsa
- - - - -
d82f8e5e by Salvatore Bonaccorso at 2023-04-25T20:59:36+02:00
Add Debian bug reference for CVE-2022-42335/xen
- - - - -
6b2ad6fb by Moritz Mühlenhoff at 2023-04-25T21:02:32+02:00
bugnums
- - - - -
a521722e by Salvatore Bonaccorso at 2023-04-25T21:06:25+02:00
Add Debian bug references for git issues
- - - - -
a45144d0 by Salvatore Bonaccorso at 2023-04-25T21:08:16+02:00
Add additional bug references for hdf5 issues
- - - - -
fa90a05a by Salvatore Bonaccorso at 2023-04-25T21:18:04+02:00
Correct one ancient version for proftpd-dfsg
1.3.3a-6squeeze5 was not installed into the archive but rejected, as the
patch backporting the changes was defective. 1.3.3a-6squeeze6 was then
installed.
- - - - -
bdd86fd4 by Salvatore Bonaccorso at 2023-04-25T21:22:58+02:00
Add metadata for DSA-2203-1/nss
- - - - -
ec7b8237 by Salvatore Bonaccorso at 2023-04-25T21:30:16+02:00
Add metadata for DSA-2199-1 and DSA-2200-1
- - - - -
7099dc44 by Salvatore Bonaccorso at 2023-04-25T22:00:08+02:00
Add CVE-2023-30626/jellyfin
- - - - -
dd2d33f3 by Salvatore Bonaccorso at 2023-04-25T22:01:27+02:00
Associate CVE-2023-27161 with jellyfin, itp'ed entry
- - - - -
68734f12 by Salvatore Bonaccorso at 2023-04-25T22:09:24+02:00
Process NFUs
- - - - -
a822a108 by security tracker role at 2023-04-25T20:10:21+00:00
automatic update
- - - - -
57abcc8c by Salvatore Bonaccorso at 2023-04-25T22:13:05+02:00
Add CVE-2023-2251/node-yaml
- - - - -
b65e2310 by Salvatore Bonaccorso at 2023-04-25T22:25:29+02:00
Process some NFUs
- - - - -
a863425a by Salvatore Bonaccorso at 2023-04-25T22:26:04+02:00
Add CVE-2023-2281/mattermost-server
- - - - -
90ce6209 by Salvatore Bonaccorso at 2023-04-25T22:26:54+02:00
Add CVE-2023-30402/yasm
- - - - -
7c4ba186 by Salvatore Bonaccorso at 2023-04-25T22:27:53+02:00
Add three more yasm issues
- - - - -
ddcb5c31 by Salvatore Bonaccorso at 2023-04-25T22:28:28+02:00
Add CVE-2023-28847/nextcloud-server
- - - - -
2b5dacdd by Salvatore Bonaccorso at 2023-04-26T09:00:37+02:00
Add CVE-2023-2269/linux
- - - - -
91fb2bc3 by Moritz Muehlenhoff at 2023-04-26T09:03:15+02:00
golang-github-go-macaron-i18n removed
- - - - -
b68a2c3e by Moritz Muehlenhoff at 2023-04-26T09:06:47+02:00
NFUs, concludes external check
- - - - -
4f29bdb2 by Salvatore Bonaccorso at 2023-04-26T09:19:43+02:00
Process four NFUs
- - - - -
27c4a130 by Salvatore Bonaccorso at 2023-04-26T09:28:35+02:00
Add CVE-2023-30549
- - - - -
46aaaff6 by Salvatore Bonaccorso at 2023-04-26T09:41:26+02:00
Add CVE-2023-30609
- - - - -
d6fe19af by security tracker role at 2023-04-26T08:10:26+00:00
automatic update
- - - - -
26b0cc91 by Salvatore Bonaccorso at 2023-04-26T10:26:15+02:00
Process two NFUs
- - - - -
26d3d52d by Salvatore Bonaccorso at 2023-04-26T10:37:33+02:00
Process NFUs
- - - - -
062d2fac by Aron Xu at 2023-04-26T18:16:08+08:00
triage two nodejs CVEs
- - - - -
0de8762c by Salvatore Bonaccorso at 2023-04-26T12:23:21+02:00
Sort suites top-down
- - - - -
e59814ae by Moritz Muehlenhoff at 2023-04-26T12:24:05+02:00
NFUs
- - - - -
93722bea by Moritz Muehlenhoff at 2023-04-26T12:39:08+02:00
new iotjs issues
- - - - -
63bbda92 by Moritz Muehlenhoff at 2023-04-26T12:58:47+02:00
NFU
- - - - -
9393312f by Emilio Pozuelo Monfort at 2023-04-26T13:10:36+02:00
lts: CVE-2022-3590/wordpress postponed on buster
- - - - -
25640d1f by Emilio Pozuelo Monfort at 2023-04-26T13:15:38+02:00
lts: CVE-2023-2241/podofo no-dsa on buster
- - - - -
63be24e3 by Emilio Pozuelo Monfort at 2023-04-26T13:19:07+02:00
lts: CVE-2023-25815/git no-dsa on buster
- - - - -
05ba0863 by Emilio Pozuelo Monfort at 2023-04-26T13:37:36+02:00
Add fixing commits for CVE-2023-29007/git
- - - - -
bea6c569 by Emilio Pozuelo Monfort at 2023-04-26T13:44:36+02:00
Add fixing commit for CVE-2023-25652/git
- - - - -
8948fcfa by Emilio Pozuelo Monfort at 2023-04-26T13:46:24+02:00
Add fixing commit for CVE-2023-25815/git
- - - - -
5c1ab25e by Moritz Muehlenhoff at 2023-04-26T16:00:04+02:00
TODO is resolved
- - - - -
2523fd1e by Moritz Muehlenhoff at 2023-04-26T19:45:15+02:00
bugnums
- - - - -
11ec34cf by Moritz Muehlenhoff at 2023-04-26T19:46:17+02:00
bugnums
- - - - -
e9f85ccf by Salvatore Bonaccorso at 2023-04-26T21:22:55+02:00
Add upstream reference for CVE-2023-30406
- - - - -
706d30e8 by Salvatore Bonaccorso at 2023-04-26T21:24:31+02:00
Add upstream reference for CVE-2023-30408
- - - - -
2aa8c2e1 by Salvatore Bonaccorso at 2023-04-26T21:26:19+02:00
Add upstream issue reference for CVE-2023-30410
- - - - -
bfd7192f by Salvatore Bonaccorso at 2023-04-26T21:28:53+02:00
Add upstream issue reference for CVE-2023-30414
- - - - -
aeba6697 by Salvatore Bonaccorso at 2023-04-26T21:35:30+02:00
Expand one todo with question in upstream issue reference
- - - - -
86991868 by Salvatore Bonaccorso at 2023-04-26T21:39:49+02:00
Add upstream tag information for CVE-2023-29007
- - - - -
9dd59492 by Salvatore Bonaccorso at 2023-04-26T21:41:26+02:00
Add upstream tag information for CVE-2023-25652
- - - - -
459997be by Salvatore Bonaccorso at 2023-04-26T21:43:31+02:00
Directly refernce upstream commit for CVE-2023-25815
- - - - -
d7d1d167 by security tracker role at 2023-04-26T20:10:33+00:00
automatic update
- - - - -
dac7848f by Salvatore Bonaccorso at 2023-04-26T22:14:54+02:00
Process some NFUs
- - - - -
5b5aefce by Salvatore Bonaccorso at 2023-04-26T22:36:57+02:00
Process some Drupal core issues
- - - - -
f3da1a22 by Salvatore Bonaccorso at 2023-04-26T22:38:07+02:00
Process some NFUs
- - - - -
cda55d20 by Salvatore Bonaccorso at 2023-04-26T22:38:55+02:00
Add CVE-2023-1387/grafana
- - - - -
c84e5023 by Salvatore Bonaccorso at 2023-04-26T22:39:37+02:00
Add CVE-2022-44232/ming
- - - - -
82c9b724 by Utkarsh Gupta at 2023-04-27T00:18:03+02:00
Take ruby-rails-html-sanitizer
- - - - -
5d13c6b8 by security tracker role at 2023-04-27T08:10:14+00:00
automatic update
- - - - -
a147772e by Salvatore Bonaccorso at 2023-04-27T10:26:38+02:00
Process NFUs
- - - - -
4af4f287 by Salvatore Bonaccorso at 2023-04-27T10:30:55+02:00
Add CVE-2023-1786/cloud-init
- - - - -
da35af90 by Moritz Muehlenhoff at 2023-04-27T10:43:58+02:00
NFUs
- - - - -
3800e37a by Emilio Pozuelo Monfort at 2023-04-27T11:19:32+02:00
update-xrefs: new script to update data/CVE/list Xrefs
This partly replaces bin/updatelist.
- - - - -
a4c51f41 by Emilio Pozuelo Monfort at 2023-04-27T11:19:32+02:00
process-cve-records: new script to parse MITRE CVE 5.0 records
This replaces the other part of bin/updatelist, but using the
new CVE JSON 5.0 format.
Closes #17, #18.
- - - - -
cbff1159 by Moritz Muehlenhoff at 2023-04-27T15:04:34+02:00
golang-github-go-macaron-csrf removed
- - - - -
5f25be6a by Moritz Muehlenhoff at 2023-04-27T15:06:06+02:00
rust-ncurses removed
- - - - -
2284cc11 by Moritz Muehlenhoff at 2023-04-27T15:52:50+02:00
freetype fixed in sid
- - - - -
59f9aaf6 by Moritz Muehlenhoff at 2023-04-27T16:12:34+02:00
mark CVE-2022-37708 as non issue
- - - - -
325afb9a by Moritz Muehlenhoff at 2023-04-27T16:53:06+02:00
bullseye/bookworm triage
- - - - -
5daeba57 by Moritz Mühlenhoff at 2023-04-27T17:18:55+02:00
NFU
- - - - -
8e8f4a93 by Salvatore Bonaccorso at 2023-04-27T21:21:11+02:00
Track rust-ncurses as removed from everywhere
- - - - -
db59eefd by Salvatore Bonaccorso at 2023-04-27T21:31:22+02:00
Mark CVE-2023-1786/cloud-init as no-dsa
Cloud environments where cloud-init regularly operate (GCE, Azure, AWS)
do not use vendor-data and are not exposed to the issue.
- - - - -
a6e9278d by Salvatore Bonaccorso at 2023-04-27T21:34:00+02:00
Add Debian bug reference for CVE-2023-1786/cloud-init
- - - - -
3e9cdb99 by Salvatore Bonaccorso at 2023-04-27T22:10:51+02:00
Add Debian bug reference for CVE-2023-30549/singularity-container
- - - - -
c5fd1906 by Sébastien Delafond at 2023-04-28T05:24:01+02:00
Odoo triage
- - - - -
bf1b3d24 by Salvatore Bonaccorso at 2023-04-28T06:04:32+02:00
Update information for CVE-2023-26735
- - - - -
a35dc6c9 by Sébastien Delafond at 2023-04-28T06:12:12+02:00
CVE-2021-44465: mark as "<not-affected> initial upload" rather than fixed in the corresponding version
- - - - -
3d862291 by Sébastien Delafond at 2023-04-28T06:20:47+02:00
CVE-2021-44460: mark as "<not-affected> initial upload" rather than fixed in the corresponding version
- - - - -
b237e703 by Salvatore Bonaccorso at 2023-04-28T06:39:40+02:00
Review list of bullseye-pu pending uploads for 11.7
Shuffle the list and put on top the one accepted already.
- - - - -
429168ec by Salvatore Bonaccorso at 2023-04-28T07:09:40+02:00
Add CVE-2023-31436/linux
- - - - -
af62c18b by Moritz Muehlenhoff at 2023-04-28T09:53:56+02:00
buster/bookworm triage
- - - - -
2fce7230 by Moritz Muehlenhoff at 2023-04-28T09:57:32+02:00
rust-enumflags2 n/a
- - - - -
38081c76 by Moritz Muehlenhoff at 2023-04-28T11:49:07+02:00
add reference
- - - - -
b13ee03b by Moritz Muehlenhoff at 2023-04-28T11:50:40+02:00
mark libbson as removed
- - - - -
9d0f59bc by Emilio Pozuelo Monfort at 2023-04-28T12:59:49+02:00
process-cve-records: add --work-dir argument
And switch to argparse for argument processing.
- - - - -
51bf1a60 by Emilio Pozuelo Monfort at 2023-04-28T12:59:49+02:00
update-xrefs: add --work-dir argument
- - - - -
bc6cc75a by Emilio Pozuelo Monfort at 2023-04-28T13:01:30+02:00
Fix indentation in CVE list notes
- - - - -
5865cc7a by Emilio Pozuelo Monfort at 2023-04-28T13:02:24+02:00
List CVE xrefs first
bin/update-xrefs will write them this way, as it keeps CVE xrefs
and then adds any advisory refs afterwards.
- - - - -
48a11b1e by Emilio Pozuelo Monfort at 2023-04-28T13:39:53+02:00
process-cve-records: update descriptions
Don't only add them when we don't have one, but always update them
in case the description has changed.
- - - - -
d5e7585e by Emilio Pozuelo Monfort at 2023-04-28T13:41:40+02:00
process-cve-records: fix detection of empty CVEs
If a CVE has a PackageAnnotation, it shouldn't get a TODO: check
note.
- - - - -
8c5f053f by Emilio Pozuelo Monfort at 2023-04-28T13:45:16+02:00
process-cve-records: clear descriptions for reserved or rejected CVEs
- - - - -
68c7d91c by Emilio Pozuelo Monfort at 2023-04-28T13:45:41+02:00
process-cve-records: process all CVEs, not just new ones
- - - - -
0dad6284 by Emilio Pozuelo Monfort at 2023-04-28T14:34:35+02:00
process-cve-records: improve description parsing
- - - - -
a583e270 by Emilio Pozuelo Monfort at 2023-04-28T15:36:12+02:00
process-cve-records: don't remove our own descriptions
Only the ones that came from MITRE.
- - - - -
93e048b5 by Sylvain Beucler at 2023-04-28T16:14:48+02:00
dla: claim python2.7
- - - - -
38dd80c8 by Moritz Muehlenhoff at 2023-04-28T19:33:07+02:00
rust-kamadak-exif n/a
- - - - -
be564990 by Salvatore Bonaccorso at 2023-04-28T21:15:27+02:00
Mark libbson now as removed everywhere supported
- - - - -
11b5adc5 by Salvatore Bonaccorso at 2023-04-28T21:22:01+02:00
Track proposed updte for pev via bullseye-pu
- - - - -
95028b53 by Salvatore Bonaccorso at 2023-04-28T21:43:01+02:00
Drop bullseye entries for python-matrix-nio (removed from bullseye)
- - - - -
f06bc39d by Salvatore Bonaccorso at 2023-04-28T21:43:02+02:00
Merge linux changes for bullseye 11.7
- - - - -
ecb07b37 by Salvatore Bonaccorso at 2023-04-28T21:43:04+02:00
Merge changes for updates via bullseye 11.7
- - - - -
30d45675 by Salvatore Bonaccorso at 2023-04-28T21:53:29+02:00
Update information on two bind-dyndb-ldap issues
- - - - -
465a8b58 by security tracker role at 2023-04-28T20:11:59+00:00
automatic update
- - - - -
564f7cfb by Salvatore Bonaccorso at 2023-04-28T23:02:42+02:00
process-cve-records: Workaround descriptions with non-ascii characters
This restores previous storing of the truncated descriptions in our
CVE list files until we know we can handle all non-ascii characters.
Particular care might be needed on webservice side.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
415a2c24 by Salvatore Bonaccorso at 2023-04-28T23:06:57+02:00
Process list once manually with process-cve-records
- - - - -
7225765b by security tracker role at 2023-04-28T21:12:05+00:00
automatic update
- - - - -
329512c9 by Salvatore Bonaccorso at 2023-04-28T23:13:59+02:00
Process some NFUs
- - - - -
863c77b4 by Salvatore Bonaccorso at 2023-04-28T23:18:59+02:00
Process several NFUs
- - - - -
af50e100 by Salvatore Bonaccorso at 2023-04-28T23:20:09+02:00
Remove notes from CVE-2023-30842
CVE got rejected as it is a duplicate of CVE-2023-25313
- - - - -
732dcbe3 by Salvatore Bonaccorso at 2023-04-28T23:26:24+02:00
Drop some wokarounded entries which were added due to bugs in the downcoverted CVE JSON v4 feeds
- - - - -
8e78f500 by Salvatore Bonaccorso at 2023-04-28T23:29:45+02:00
Drop more now properly rejected CVEs
Mostly all of those are from issues in the downconverted feed now
resolved with the CVE JSON 5 format. Those were withdrawn eitehr because
no security issue present or they were duplicates.
- - - - -
2b9d5749 by Salvatore Bonaccorso at 2023-04-28T23:59:06+02:00
Process several NFUs
- - - - -
abf41a5e by Adrian Bunk at 2023-04-29T02:48:35+03:00
dla: take epiphany-browser
- - - - -
ab77aa42 by Adrian Bunk at 2023-04-29T02:49:06+03:00
dla: take libapache2-mod-auth-openidc
- - - - -
cbb533e4 by Salvatore Bonaccorso at 2023-04-29T08:22:33+02:00
Add CVE-2023-1999/libwebp
- - - - -
ca9cae7e by Salvatore Bonaccorso at 2023-04-29T08:29:32+02:00
Add CVE-2023-28882/modsecurity
- - - - -
9fd3c340 by Salvatore Bonaccorso at 2023-04-29T08:39:43+02:00
Add CVE-2023-31486/libhttp-tiny-perl
- - - - -
73985306 by Salvatore Bonaccorso at 2023-04-29T09:44:10+02:00
Add two additional references for CVE-2023-31486
- - - - -
034b5e4b by security tracker role at 2023-04-29T08:12:12+00:00
automatic update
- - - - -
6cbfd60e by Salvatore Bonaccorso at 2023-04-29T10:20:52+02:00
Add Debian bug reference for CVE-2023-28882/modsecurity
- - - - -
9565c55e by Salvatore Bonaccorso at 2023-04-29T10:25:12+02:00
Process NFUs
- - - - -
0c22b01a by Salvatore Bonaccorso at 2023-04-29T10:28:30+02:00
Track as well perl for CVE-2023-31486
- - - - -
22a61e7b by Salvatore Bonaccorso at 2023-04-29T10:30:04+02:00
Add CVE-2023-31485/libgitlab-api-v4-perl
- - - - -
0cbd728e by Salvatore Bonaccorso at 2023-04-29T10:37:48+02:00
Add CVE-2023-31484/perl
- - - - -
297f349e by Salvatore Bonaccorso at 2023-04-29T10:42:15+02:00
Process some NFUs
- - - - -
5fa9ab06 by Salvatore Bonaccorso at 2023-04-29T08:44:15+00:00
Merge branch 'bullseye-11.7' into 'master'
Merge changes accepted for bullseye 11.7 release
See merge request security-tracker-team/security-tracker!133
- - - - -
20fade1e by Moritz Muehlenhoff at 2023-04-29T12:55:45+02:00
bookworm triage
- - - - -
73c6f529 by Salvatore Bonaccorso at 2023-04-29T13:41:36+02:00
Remove three no-dsa tagged entries which got an update
- - - - -
21de68d9 by Salvatore Bonaccorso at 2023-04-29T13:44:40+02:00
Mark CVE-2022-1227/libpod addressed as well in bullseye
- - - - -
914683d9 by Salvatore Bonaccorso at 2023-04-29T13:47:37+02:00
Track fixed version for CVE-2022-47015 in bullseye
- - - - -
a48b9387 by Salvatore Bonaccorso at 2023-04-29T13:53:01+02:00
Correct tracking for mariadb-10.5 issues in bullseye
- - - - -
89f642d7 by Salvatore Bonaccorso at 2023-04-29T14:29:37+02:00
Process NFUs
- - - - -
5c96b5bf by Salvatore Bonaccorso at 2023-04-29T14:36:45+02:00
Add CVE-2023-30847/h2o
- - - - -
a6b3043b by Salvatore Bonaccorso at 2023-04-29T14:43:41+02:00
Add upstream commit reference for CVE-2023-2002
- - - - -
a813710a by Salvatore Bonaccorso at 2023-04-29T15:21:43+02:00
Mark libsignal-protocol-c as no-dsa for bullseye
- - - - -
4bd92754 by Salvatore Bonaccorso at 2023-04-29T15:34:45+02:00
DSA-2044-1: Make version without epoch
The fix was before the epoch bump.
- - - - -
ef6eeb6e by Salvatore Bonaccorso at 2023-04-29T15:50:07+02:00
Update information for CVE-2023-31485/libgitlab-api-v4-perl
- - - - -
5b6ea307 by Salvatore Bonaccorso at 2023-04-29T15:53:01+02:00
Update information for CVE-2023-31484/perl
- - - - -
75c06504 by Salvatore Bonaccorso at 2023-04-29T17:17:39+02:00
Remove two manual overrides in ancient entry and note
The reason was maybe that back then there was not automatic
cross-referencing from the DSAs. Drop those as the information was
recorded in the DSA list already.
Not touching any older entries further, but this one was asked by a
Debian user on discrepancy in version data.
- - - - -
afc2c368 by Sylvain Beucler at 2023-04-29T18:45:13+02:00
sqlite: associate past sqlite3 CVEs to sqlite + buster triage (open + 2020-2022)
See https://lists.debian.org/debian-lts/2023/04/msg00027.html for context
- - - - -
08610bfb by Moritz Muehlenhoff at 2023-04-29T19:30:25+02:00
ffmpeg updates, some n/a, remove one postponed entry for issue fixed in 4.3.6
- - - - -
92d458ca by Adrian Bunk at 2023-04-29T21:49:50+03:00
CVE-2023-1161: Note that it only partially affects <= bullseye
- - - - -
e18158d9 by Adrian Bunk at 2023-04-29T21:51:33+03:00
Reserve DLA-3402-1 for wireshark
- - - - -
da701d71 by Salvatore Bonaccorso at 2023-04-29T21:14:56+02:00
Process NFUs
- - - - -
9b166b09 by Salvatore Bonaccorso at 2023-04-29T21:15:24+02:00
Add CVE-2023-29950/swftools
- - - - -
ab4fe165 by Adrian Bunk at 2023-04-29T22:23:57+03:00
dla: take jruby
- - - - -
f52e1fd0 by security tracker role at 2023-04-29T20:12:22+00:00
automatic update
- - - - -
532e5515 by Salvatore Bonaccorso at 2023-04-29T22:14:42+02:00
Move #954089 association to correct CVE
- - - - -
dfa74652 by Salvatore Bonaccorso at 2023-04-29T22:26:11+02:00
Add Debian bug reference for CVE-2023-31484/perl
- - - - -
493de603 by Salvatore Bonaccorso at 2023-04-29T22:31:04+02:00
Process one NFU
- - - - -
41eb9f95 by Ben Hutchings at 2023-04-29T22:41:54+02:00
Reserve DLA-3403-1 and DLA-3404-1 for linux and linux-5.10
- - - - -
ab84e45a by Adrian Bunk at 2023-04-30T02:02:44+03:00
dla: take jackson-databind
- - - - -
abafe136 by Adrian Bunk at 2023-04-30T03:08:14+03:00
CVE-2021-46877 does not affect buster
- - - - -
fea605be by security tracker role at 2023-04-30T08:12:06+00:00
automatic update
- - - - -
73465c41 by Salvatore Bonaccorso at 2023-04-30T12:45:09+02:00
Add CVE-2023-2426/vim
- - - - -
bc31877b by Salvatore Bonaccorso at 2023-04-30T12:45:51+02:00
Process NFUs
- - - - -
be73fac9 by Thorsten Alteholz at 2023-04-30T12:58:41+02:00
Reserve DLA-3405-1 for libxml2
- - - - -
2999af4a by Thorsten Alteholz at 2023-04-30T13:02:25+02:00
Reserve DLA-3406-1 for sniproxy
- - - - -
acfb6606 by Abhijith PA at 2023-04-30T18:41:40+05:30
CVE-2021-37219: Add upstream commit reference.
CVE-2020-7955: Mark as not-affected, func AgentHealthServiceByID
introduced later.
- - - - -
6fbe0b90 by Adrian Bunk at 2023-04-30T19:30:58+03:00
Reserve DLA-3407-1 for jackson-databind
- - - - -
1781413a by Moritz Mühlenhoff at 2023-04-30T21:03:51+02:00
ffmpeg DSA
- - - - -
cda1ef61 by Salvatore Bonaccorso at 2023-04-30T21:25:42+02:00
Additionally track libfastjson for CVE-2020-12762
- - - - -
7b857c5e by Salvatore Bonaccorso at 2023-04-30T21:54:56+02:00
Track fixed version for CVE-2023-28882/modsecurity
- - - - -
ab7fd46b by security tracker role at 2023-04-30T20:12:12+00:00
automatic update
- - - - -
99bcda02 by Adrian Bunk at 2023-04-30T23:50:03+03:00
Reserve DLA-3408-1 for jruby
- - - - -
b62cd5ef by Adrian Bunk at 2023-04-30T23:58:35+03:00
Reserve DLA-3409-1 for libapache2-mod-auth-openidc
- - - - -
b33e3b9f by Salvatore Bonaccorso at 2023-04-30T23:04:32+02:00
Add Debian bug reference for CVE-2023-2426/vim
- - - - -
f9c17a67 by Anton Gladky at 2023-04-30T23:21:17+02:00
LTS: take openimageio
- - - - -
632f7522 by Guilhem Moulin at 2023-05-01T02:09:48+02:00
Reserve DLA-3410-1 for openvswitch
- - - - -
c7d637d8 by Stefano Rivera at 2023-04-30T21:44:23-04:00
Reserve DLA-3411-1 for distro-info-data
- - - - -
86c319b7 by Salvatore Bonaccorso at 2023-05-01T08:39:02+02:00
Add CVE-2023-2430/linux
- - - - -
540519a2 by security tracker role at 2023-05-01T08:12:03+00:00
automatic update
- - - - -
fa087277 by Abhijith PA at 2023-05-01T18:33:01+05:30
Add upstream fix commit for CVE-2022-40716, CVE-2022-29153
- - - - -
1aa5e0dd by Salvatore Bonaccorso at 2023-05-01T18:13:25+02:00
Process NFUs
- - - - -
2ef46457 by Salvatore Bonaccorso at 2023-05-01T21:02:49+02:00
Add CVE-2023-2235/linux
- - - - -
04b2e890 by Salvatore Bonaccorso at 2023-05-01T21:07:42+02:00
Add CVE-2023-2236/linux
- - - - -
933996a1 by Salvatore Bonaccorso at 2023-05-01T21:19:19+02:00
Add information for CVE-2023-31436 and CVE-2023-2248
- - - - -
c3dfbae1 by security tracker role at 2023-05-01T20:12:14+00:00
automatic update
- - - - -
9101184b by Salvatore Bonaccorso at 2023-05-01T22:21:00+02:00
Process several NFUs
- - - - -
8590de4f by security tracker role at 2023-05-02T08:11:30+00:00
automatic update
- - - - -
f5d5cf9e by Salvatore Bonaccorso at 2023-05-02T10:17:29+02:00
Process some NFUs
- - - - -
ef47317a by Salvatore Bonaccorso at 2023-05-02T10:18:18+02:00
Add Debian bug reference for CVE-2023-1999/libwebp
- - - - -
4a993036 by Salvatore Bonaccorso at 2023-05-02T10:21:14+02:00
Process NFUs
- - - - -
a0ab1827 by Salvatore Bonaccorso at 2023-05-02T11:40:21+02:00
Process NFUs
- - - - -
890b336d by Emilio Pozuelo Monfort at 2023-05-02T11:45:27+02:00
lts: take tzdata and libdatetime-timezone-perl
- - - - -
6cefc169 by Salvatore Bonaccorso at 2023-05-02T13:30:14+02:00
Track fixed version for CVE-2023-28625/libapache2-mod-auth-openidc
- - - - -
ed6e72f1 by Sébastien Delafond at 2023-05-02T14:35:19+02:00
dsa-needed: add odoo
- - - - -
31e54204 by Emilio Pozuelo Monfort at 2023-05-02T14:53:38+02:00
Reserve DLA-3412-1 for tzdata
- - - - -
037bd570 by Emilio Pozuelo Monfort at 2023-05-02T14:57:32+02:00
Reserve DLA-3413-1 for libdatetime-timezone-perl
- - - - -
8c06fed2 by Moritz Muehlenhoff at 2023-05-02T15:08:27+02:00
bullseye triage
- - - - -
401eb627 by Aron Xu at 2023-05-02T21:42:52+08:00
Reserve DSA-5395-1 for nodejs
- - - - -
e61fa19b by Chris Lamb at 2023-05-02T11:01:06-07:00
Reserve DLA-3414-1 for avahi
- - - - -
d0725e0d by Abhijith PA at 2023-05-03T00:21:26+05:30
add upstream commit ref
- - - - -
ac67140c by Salvatore Bonaccorso at 2023-05-02T21:06:08+02:00
CVE-2021-41803: Reference commit from release/1.11.x branch
- - - - -
f84b2046 by Salvatore Bonaccorso at 2023-05-02T21:07:27+02:00
Prefix two upstream tags
- - - - -
5137ab2b by Chris Lamb at 2023-05-02T12:16:33-07:00
Bump comment date for configobj.
- - - - -
6d3326bf by security tracker role at 2023-05-02T20:12:22+00:00
automatic update
- - - - -
82bb5580 by Abhijith PA at 2023-05-03T01:44:06+05:30
Mark CVE-2021-38698, CVE-2021-41803, CVE-2022-24687 and
CVE-2022-40716 as not affected.
Add commit reference for CVE-2022-24687 with upstream tag.
- - - - -
3b440ed5 by Salvatore Bonaccorso at 2023-05-02T23:19:24+02:00
Add CVE-2023-32007/apache-spark
- - - - -
9bacd814 by Salvatore Bonaccorso at 2023-05-02T23:20:11+02:00
Process some NFUs
- - - - -
1e0fb9f6 by Salvatore Bonaccorso at 2023-05-02T23:21:39+02:00
Add CVE-2023-31207/check-mk
- - - - -
2840a651 by Salvatore Bonaccorso at 2023-05-02T23:22:21+02:00
Add two new moodle issues
- - - - -
26580c6f by Salvatore Bonaccorso at 2023-05-02T23:22:44+02:00
Add CVE-2023-2986{7,8}/zammad
- - - - -
43f60d4a by Salvatore Bonaccorso at 2023-05-02T23:27:07+02:00
Process some NFUs
- - - - -
45a17e2a by Salvatore Bonaccorso at 2023-05-02T23:29:57+02:00
Add CVE-2023-30861/flask
- - - - -
335f7ab9 by Markus Koschany at 2023-05-03T03:31:07+02:00
Claim r-cran-commonmark,tinymce,pluxml in dla-needed.txt
- - - - -
93466578 by Salvatore Bonaccorso at 2023-05-03T07:05:34+02:00
Add CVE-2023-2483/linux
- - - - -
0665b39a by Salvatore Bonaccorso at 2023-05-03T07:11:13+02:00
Add new chromium CVEs
- - - - -
f8a251c7 by Salvatore Bonaccorso at 2023-05-03T07:14:45+02:00
Add chromium to dsa-needed list
- - - - -
5af05277 by Salvatore Bonaccorso at 2023-05-03T09:13:20+02:00
Track fixes for chromium via unstable
- - - - -
ea8b81b5 by security tracker role at 2023-05-03T08:12:01+00:00
automatic update
- - - - -
a30cb400 by Alberto Garcia at 2023-05-03T10:58:28+02:00
webkit2gtk DSA-5396-1 and wpewebkit DSA-5397-1
- - - - -
c2233129 by Moritz Muehlenhoff at 2023-05-03T13:18:42+02:00
libfastjson fixed in sid
- - - - -
accb1cf6 by Ben Hutchings at 2023-05-03T14:03:24+02:00
Add another issue tto DLA-3404-1
- - - - -
c6f55cc4 by Moritz Muehlenhoff at 2023-05-03T15:25:34+02:00
new go issues
- - - - -
4bce0306 by Moritz Muehlenhoff at 2023-05-03T16:00:25+02:00
NFUs
- - - - -
bcd5fc8e by Moritz Mühlenhoff at 2023-05-03T17:12:03+02:00
sgt-puzzles spu
- - - - -
2a508833 by Salvatore Bonaccorso at 2023-05-03T17:29:32+02:00
Add CVE-2023-31047/python-django
- - - - -
fb623e11 by Salvatore Bonaccorso at 2023-05-03T17:46:55+02:00
Add additional references for CVE-2023-24539, CVE-2023-24540 and CVE-2023-29400
- - - - -
dc3d075e by Salvatore Bonaccorso at 2023-05-03T18:14:26+02:00
Add Debian bug reference for CVE-2023-31047/python-django
- - - - -
749a4beb by Sylvain Beucler at 2023-05-03T20:14:06+02:00
sqlite: associate past sqlite3 CVEs to sqlite + buster triage (2013-2019)
Follow-up to afc2c3682db83440621c28005b856e21ebb51907
- - - - -
288c9c23 by Sylvain Beucler at 2023-05-03T20:38:43+02:00
CVE-2015-20107/python2.7: fix misleading triage
stretch is not supported anymore but the comment is erroneous and may lead to confusion, as the invoked reason only applied to >=bullseye
- - - - -
05f68457 by Salvatore Bonaccorso at 2023-05-03T21:44:06+02:00
Add CVE-2023-29839/hoteldruid
- - - - -
18223558 by security tracker role at 2023-05-03T20:12:24+00:00
automatic update
- - - - -
c8503209 by Salvatore Bonaccorso at 2023-05-03T22:14:05+02:00
Update information for CVE-2022-45188/netatalk
- - - - -
7a2f8081 by Salvatore Bonaccorso at 2023-05-03T22:14:44+02:00
Process some NFUs
- - - - -
2f919e9a by Salvatore Bonaccorso at 2023-05-03T22:17:46+02:00
Process some NFUs
- - - - -
184eb848 by Thorsten Alteholz at 2023-05-03T23:37:38+02:00
mark CVE-2023-0841 as EOL for Buster
- - - - -
f0318ae0 by Thorsten Alteholz at 2023-05-03T23:39:16+02:00
follow sec team and mark CVE-2023-1786 as no-dsa for Buster
- - - - -
654e64a1 by Thorsten Alteholz at 2023-05-03T23:44:35+02:00
add webkit2gtk
- - - - -
a5da3ee5 by Salvatore Bonaccorso at 2023-05-04T08:44:53+02:00
Track fixed version via unstable for CVE-2023-31047/python-django
- - - - -
c87b34e0 by Salvatore Bonaccorso at 2023-05-04T08:47:06+02:00
Update status for CVE-2022-43634/netatalk
- - - - -
26f55adc by Moritz Muehlenhoff at 2023-05-04T09:21:55+02:00
NFUs
- - - - -
f9e580c7 by Salvatore Bonaccorso at 2023-05-04T09:52:14+02:00
Sync information for CVE-2023-21102 with kernel-sec
- - - - -
ae5052bd by Salvatore Bonaccorso at 2023-05-04T09:57:23+02:00
Add CVE-2023-21106/linux
- - - - -
4a72884d by Emilio Pozuelo Monfort at 2023-05-04T10:05:08+02:00
lts: take webkit2gtk
- - - - -
602c8dd4 by security tracker role at 2023-05-04T08:12:33+00:00
automatic update
- - - - -
7b48e10d by Salvatore Bonaccorso at 2023-05-04T10:18:10+02:00
Process one NFU
- - - - -
f1a2d81a by Salvatore Bonaccorso at 2023-05-04T10:22:39+02:00
Process some NFUs
- - - - -
631c1b8d by Salvatore Bonaccorso at 2023-05-04T10:23:03+02:00
Add CVE-2023-30300/wabt
- - - - -
593b80ad by Salvatore Bonaccorso at 2023-05-04T10:40:18+02:00
Process NFUs
- - - - -
a0e6d9cb by Salvatore Bonaccorso at 2023-05-04T10:40:42+02:00
Add CVE-2023-26125/golang-github-gin-gonic-gin
- - - - -
523adb8a by Salvatore Bonaccorso at 2023-05-04T11:02:16+02:00
Add Debian bug reference for CVE-2023-26125
- - - - -
d1d4d1ef by Abhijith PA at 2023-05-04T19:28:00+05:30
data/dla-needed.txt: claim fusiondirectory
- - - - -
0fb19973 by Scarlett Moore at 2023-05-04T10:43:53-07:00
Process NFUs
- - - - -
e22eb939 by Thorsten Alteholz at 2023-05-04T20:29:47+02:00
add python-django
- - - - -
d471b326 by Salvatore Bonaccorso at 2023-05-04T20:57:02+02:00
Process some NFUs
- - - - -
36eb1d9a by Salvatore Bonaccorso at 2023-05-04T21:00:37+02:00
Prefix upstream tag information
- - - - -
c11862ba by Moritz Mühlenhoff at 2023-05-04T21:33:01+02:00
chromium DSA
- - - - -
350ccf28 by Chris Lamb at 2023-05-04T12:51:04-07:00
data/dla-needed.txt: Correct ordering
- - - - -
1e017f6b by security tracker role at 2023-05-04T20:12:24+00:00
automatic update
- - - - -
09c83aa6 by Salvatore Bonaccorso at 2023-05-04T23:07:53+02:00
Process two NFUs
- - - - -
ac9d301c by Salvatore Bonaccorso at 2023-05-04T23:11:16+02:00
Process some NFUs
- - - - -
91b83559 by Salvatore Bonaccorso at 2023-05-05T07:33:02+02:00
Add CVE-2023-2513/linux
- - - - -
880e4597 by Salvatore Bonaccorso at 2023-05-05T08:18:07+02:00
Add CVE-2023-30570/libreswan
- - - - -
bd7a4ae4 by Salvatore Bonaccorso at 2023-05-05T08:21:14+02:00
Track fixed version for CVE-2023-2426/vim
- - - - -
61261161 by Salvatore Bonaccorso at 2023-05-05T08:24:03+02:00
Add CVE-2023-1894/puppet
- - - - -
767e1ac9 by Moritz Muehlenhoff at 2023-05-05T09:35:53+02:00
add references for puppetserver issue (and drop initial Red Hat entry, which has little info)
- - - - -
269f03c6 by Salvatore Bonaccorso at 2023-05-05T09:38:59+02:00
Process NFUs
- - - - -
0f98c257 by Salvatore Bonaccorso at 2023-05-05T09:45:16+02:00
Add CVE-2023-29827/node-ejs
- - - - -
2d26e9ed by Salvatore Bonaccorso at 2023-05-05T09:49:37+02:00
Process NFUs
- - - - -
d6cc767d by security tracker role at 2023-05-05T08:12:18+00:00
automatic update
- - - - -
97bada63 by Salvatore Bonaccorso at 2023-05-05T10:14:50+02:00
Add references for CVE-2023-30570/libreswan
- - - - -
16b8cee2 by Salvatore Bonaccorso at 2023-05-05T10:16:03+02:00
Process one NFU
- - - - -
d44c36aa by Salvatore Bonaccorso at 2023-05-05T10:22:27+02:00
Process two CVEs for kibana, itp'ed
- - - - -
259e3bfc by Salvatore Bonaccorso at 2023-05-05T10:23:06+02:00
Process NFUs
- - - - -
07472560 by Moritz Muehlenhoff at 2023-05-05T10:23:58+02:00
puppetserver bugnum
- - - - -
2e053461 by Salvatore Bonaccorso at 2023-05-05T10:25:05+02:00
Add Debian bug reference for CVE-2023-30570/libreswan
- - - - -
ba482b7e by Moritz Muehlenhoff at 2023-05-05T10:25:53+02:00
NFUs
- - - - -
d4062c1f by Salvatore Bonaccorso at 2023-05-05T11:17:12+02:00
Process one NFU
- - - - -
31dafbc7 by Salvatore Bonaccorso at 2023-05-05T11:17:45+02:00
Process batch of gitlab issues
Temporarily all gitlab CVEs are still considered to be part of unstable,
as maintainer plan to reintroduce it after the bookworm release. Only
separate those as not-affeced which are EE specific.
- - - - -
9fa6133b by Salvatore Bonaccorso at 2023-05-05T11:24:27+02:00
Add initial tracking for three frr issues
- - - - -
4f5df83f by Sébastien Delafond at 2023-05-05T13:36:39+02:00
Reserve DSA-5399-1 for odoo
- - - - -
bef7bf5d by Sylvain Beucler at 2023-05-05T14:08:22+02:00
CVE-2015-20107/python: drop superseded/unmerged pull request reference
- - - - -
e7decb43 by Salvatore Bonaccorso at 2023-05-05T17:18:12+02:00
Update information for CVE-2023-2241
- - - - -
fbf7ed27 by Salvatore Bonaccorso at 2023-05-05T21:25:11+02:00
Update information for CVE-2023-2251/node-yaml
- - - - -
81765c5d by Salvatore Bonaccorso at 2023-05-05T21:39:55+02:00
Add CVE-2023-32269/linux
- - - - -
4da39973 by Salvatore Bonaccorso at 2023-05-05T21:47:01+02:00
Add Debian bug reference for CVE-2023-2251/node-yaml
- - - - -
d8595da1 by security tracker role at 2023-05-05T20:12:29+00:00
automatic update
- - - - -
89c485de by Chris Lamb at 2023-05-05T13:20:56-07:00
Reserve DLA-3415-1 for python-django
- - - - -
1f8dda2f by Markus Koschany at 2023-05-06T00:14:57+02:00
Mark pluxml CVE in buster EOL
pluxml has been removed from Debian. Last upstream activity was in August 2022.
Currently there is no sign that any CVE will be addressed in the near future.
pluxml is almost not used by any Debian user according to popcon.
- - - - -
9a0db038 by Markus Koschany at 2023-05-06T00:20:56+02:00
CVE-2022-23494,tinymce: Mark buster no-dsa
This is a minor issue. Only citadel-webcit in Buster might be affected by this issue.
I don't think a XSS issue like that warrants a DLA.
NOTE: tinymce has been removed from Debian.
- - - - -
a95b624e by Markus Koschany at 2023-05-06T00:24:19+02:00
Remove tinymce and pluxml from dla-needed.txt
- - - - -
1610beb5 by Markus Koschany at 2023-05-06T00:49:33+02:00
Triage CVE-2022-47015,mariadb-10.3 as postponed for Buster
Null pointer dereference. Wait for next point release.
- - - - -
a2dab2f2 by Markus Koschany at 2023-05-06T00:51:28+02:00
Claim emacs in dla-needed.txt
- - - - -
67b38a85 by Salvatore Bonaccorso at 2023-05-06T08:58:50+02:00
Process some NFUs
- - - - -
a4891b54 by Salvatore Bonaccorso at 2023-05-06T09:09:44+02:00
Add CVE-2023-2156/linux
- - - - -
b2e6ecd2 by Salvatore Bonaccorso at 2023-05-06T09:24:17+02:00
Process NFUs
- - - - -
19756e1e by Salvatore Bonaccorso at 2023-05-06T09:30:20+02:00
Add CVE-2023-2516/teampass, itp'ed
- - - - -
84aa7cf1 by Salvatore Bonaccorso at 2023-05-06T09:35:53+02:00
Add CVE-2023-29659/libheif
- - - - -
a15b15df by Salvatore Bonaccorso at 2023-05-06T09:57:19+02:00
Add Debian bug reference for CVE-2023-29659/libheif
- - - - -
c9bff024 by security tracker role at 2023-05-06T08:12:06+00:00
automatic update
- - - - -
35f4ad1c by Salvatore Bonaccorso at 2023-05-06T10:30:18+02:00
Process NFUs
- - - - -
3fb4b510 by Salvatore Bonaccorso at 2023-05-06T10:35:24+02:00
Process NFUs
- - - - -
5035183f by Salvatore Bonaccorso at 2023-05-06T11:37:36+02:00
Process one NFU
- - - - -
4464f09a by Salvatore Bonaccorso at 2023-05-06T12:08:54+02:00
Add some new llvm project CVEs and classify them to unimportant
- - - - -
df41dacc by Salvatore Bonaccorso at 2023-05-06T13:52:39+02:00
Process two NFUs
- - - - -
d5a88857 by Tobias Frost at 2023-05-06T16:18:46+02:00
Triaging hdf5 -- fixed versions and upstream references.
- - - - -
02e08710 by Tobias Frost at 2023-05-06T16:46:20+02:00
Triaging hdf5 for buster.
- - - - -
9b720cba by Salvatore Bonaccorso at 2023-05-06T20:52:57+02:00
Adjust version with first 1.10.8 based version hitting unstable
- - - - -
84eec608 by Salvatore Bonaccorso at 2023-05-06T20:58:28+02:00
Correct hdf5 version for issues which were fixed in 1.10.7 upstream
Note please pinpoint the first version in unstable which contains a fix.
This was 1.10.7+repack-1 for the 1.10.7 version upstream.
- - - - -
7b8d61f6 by Salvatore Bonaccorso at 2023-05-06T21:01:17+02:00
Update information for CVE-2018-11206
- - - - -
4868a515 by Salvatore Bonaccorso at 2023-05-06T21:02:37+02:00
Mark CVE-2018-11206 as no-dsa for bullseye
- - - - -
fbab6aea by Salvatore Bonaccorso at 2023-05-06T21:10:38+02:00
Add additional references for CVE-2021-45830
- - - - -
da952117 by Salvatore Bonaccorso at 2023-05-06T21:19:34+02:00
Add references for CVE-2021-4624{2,4}
- - - - -
59a3fc6d by Salvatore Bonaccorso at 2023-05-06T21:21:25+02:00
Update information for CVE-2021-45833
- - - - -
12779243 by Salvatore Bonaccorso at 2023-05-06T21:26:17+02:00
Add one additional reference for CVE-2021-46244
- - - - -
a0ef9411 by Salvatore Bonaccorso at 2023-05-06T21:31:33+02:00
Track fixed bzip3 issues via unstable via cherry-picked fixes
- - - - -
44e23f0f by Salvatore Bonaccorso at 2023-05-06T21:43:49+02:00
Update information for CVE-2023-2295 and CVE-2023-30570
- - - - -
23f4fb8c by Salvatore Bonaccorso at 2023-05-06T21:52:04+02:00
Mark CVE-2023-2319 as NFU
- - - - -
86392fce by security tracker role at 2023-05-06T20:12:36+00:00
automatic update
- - - - -
047e869e by Salvatore Bonaccorso at 2023-05-06T22:20:09+02:00
Process one NFU
- - - - -
8b0631c5 by Salvatore Bonaccorso at 2023-05-06T22:28:09+02:00
Clarify intention of one libreswan commit
- - - - -
6fa17816 by Thorsten Alteholz at 2023-05-07T00:54:35+02:00
mark CVE-2023-25652 as no-dsa for Buster
- - - - -
218bd853 by Thorsten Alteholz at 2023-05-07T00:55:07+02:00
mark CVE-2023-29007 as no-dsa for Buster
- - - - -
ecef4e62 by Thorsten Alteholz at 2023-05-07T01:01:20+02:00
mark CVE-2023-31484 as no-dsa for Buster
- - - - -
a459575c by Thorsten Alteholz at 2023-05-07T01:04:21+02:00
mark CVE-2023-2426 as no-dsa for Buster
- - - - -
de96f629 by Thorsten Alteholz at 2023-05-07T01:15:15+02:00
mark CVE-2021-45423 as not-affected for Buster
- - - - -
b103816e by Thorsten Alteholz at 2023-05-07T01:17:40+02:00
mark CVE-2023-29323 as no-dsa for Buster
- - - - -
2d7c953d by Thorsten Alteholz at 2023-05-07T01:18:59+02:00
mark CVE-2022-48468 as no-dsa for Buster
- - - - -
2c4bc770 by Thorsten Alteholz at 2023-05-07T01:20:03+02:00
mark CVE-2023-31485 as no-dsa for Buster
- - - - -
27392198 by Salvatore Bonaccorso at 2023-05-07T09:06:27+02:00
Track fixed version for CVE-2023-2251/node-yaml
- - - - -
bc31d78c by Tobias Frost at 2023-05-07T09:41:53+02:00
LTS: claim hdf5 in dla-needed.txt
- - - - -
18a80f0d by Tobias Frost at 2023-05-07T09:49:15+02:00
LTS: claim nvidia-graphics-drivers-legacy-390xx in dla-needed.txt
- - - - -
0ad924df by Tobias Frost at 2023-05-07T09:49:27+02:00
LTS: claim nvidia-graphics-drivers in dla-needed.txt
- - - - -
9d04f63a by security tracker role at 2023-05-07T08:12:07+00:00
automatic update
- - - - -
309f620a by Thorsten Alteholz at 2023-05-07T10:47:37+02:00
mark CVEs for gss-ntlmssp as no-dsa for Buster
- - - - -
f85dc448 by Thorsten Alteholz at 2023-05-07T10:47:37+02:00
add libfastjson
- - - - -
03619494 by Thorsten Alteholz at 2023-05-07T10:47:37+02:00
update note
- - - - -
85011540 by Thorsten Alteholz at 2023-05-07T10:47:38+02:00
mark CVE-2023-30861 as postponed for Buster
- - - - -
72895e5d by Thorsten Alteholz at 2023-05-07T12:17:02+02:00
add sqlparse
- - - - -
9f020ce9 by Thorsten Alteholz at 2023-05-07T12:31:23+02:00
add python-ipaddress
- - - - -
edbbb571 by Salvatore Bonaccorso at 2023-05-07T13:57:50+02:00
Process NFUs
- - - - -
191da05f by Guilhem Moulin at 2023-05-07T17:15:41+02:00
LTS: claim sqlparse and python-ipaddress in dla-needed.txt
- - - - -
334c0d94 by Salvatore Bonaccorso at 2023-05-07T17:25:34+02:00
Update information for CVE-2023-29839/hoteldruid
- - - - -
880e8bd5 by Salvatore Bonaccorso at 2023-05-07T17:26:31+02:00
Add Debian bug reference for CVE-2023-30861/flask
- - - - -
c81be77d by Salvatore Bonaccorso at 2023-05-07T17:40:44+02:00
Add Debian bug reference for CVE-2023-29839/hoteldruid
- - - - -
52b67a09 by Salvatore Bonaccorso at 2023-05-07T21:10:07+02:00
Update information for CVE-2023-30300/wabt
Add Debian bug reference and mark bullseye as no-dsa. While it is not
just a crash in the CLI tool, it causes a hang/infinite loop. So maybe
the we can even go for unimportant severity.
- - - - -
884a4888 by Salvatore Bonaccorso at 2023-05-07T21:31:37+02:00
Add note for CVE-2023-29491 on mitigation since 6.4-3 upload
- - - - -
dd1443ba by Salvatore Bonaccorso at 2023-05-07T21:39:18+02:00
Update information on CVE-2023-1729/libraw
- - - - -
3c435b72 by security tracker role at 2023-05-07T20:12:11+00:00
automatic update
- - - - -
b5712724 by Salvatore Bonaccorso at 2023-05-07T22:18:29+02:00
Process two NFUs
- - - - -
3b9b94f8 by Markus Koschany at 2023-05-08T00:17:08+02:00
CVE-2021-40647,CVE-2021-40648,man2html: Buster is no-dsa
Minor issues
- - - - -
d9d02f10 by Markus Koschany at 2023-05-08T00:19:14+02:00
Remove man2html from dla-needed.txt
- - - - -
8ff57b1b by Markus Koschany at 2023-05-08T00:20:08+02:00
Remove r-cran-commonmark from dla-needed.txt
- - - - -
40f85448 by Markus Koschany at 2023-05-08T00:37:45+02:00
r-cran-commonmark: triage open CVE for Buster
Minor issues. The security impact for r-cran-commonmark is negligible.
- - - - -
9d18c172 by Markus Koschany at 2023-05-08T00:55:20+02:00
Remove puppet-module-puppetlabs-mysql from dla-needed.txt
- - - - -
9b62c4f4 by Markus Koschany at 2023-05-08T00:55:49+02:00
CVE-2022-3276,puppet-module-puppetlabs-mysql: Buster is no-dsa
Minor issue. Hard to exploit.
- - - - -
cd6969c7 by Markus Koschany at 2023-05-08T01:05:22+02:00
Claim netatalk in dsa-needed.txt
- - - - -
6aeebaa4 by Markus Koschany at 2023-05-08T01:06:17+02:00
Claim netatalk in dla-needed.txt
- - - - -
736c6dd3 by Anton Gladky at 2023-05-08T06:37:55+02:00
LTS: status update
- - - - -
5df4725f by Salvatore Bonaccorso at 2023-05-08T07:24:42+02:00
Track fixed version for sniproxy via unstable
- - - - -
4c9a0fb2 by security tracker role at 2023-05-08T08:11:55+00:00
automatic update
- - - - -
e2e3d0fc by Salvatore Bonaccorso at 2023-05-08T10:33:20+02:00
Process some NFUs
- - - - -
7cf17d7f by Emilio Pozuelo Monfort at 2023-05-08T10:47:01+02:00
lts: update notes
- - - - -
47a099c4 by Moritz Muehlenhoff at 2023-05-08T11:01:33+02:00
xpdf n/a
- - - - -
52544f46 by Roberto C. Sánchez at 2023-05-08T11:09:39-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
47fd1137 by Moritz Muehlenhoff at 2023-05-08T17:27:21+02:00
bullseye triage
- - - - -
dd194c5e by Salvatore Bonaccorso at 2023-05-08T18:09:24+02:00
Add CVE-2023-32233/linux
- - - - -
12728470 by Salvatore Bonaccorso at 2023-05-08T20:46:02+02:00
Update information for CVE-2023-28464
- - - - -
a68d62fd by Salvatore Bonaccorso at 2023-05-08T20:55:08+02:00
Update information for CVE-2023-26606
- - - - -
a9a9f24a by Salvatore Bonaccorso at 2023-05-08T21:03:03+02:00
Update information for CVE-2023-26544/linux
- - - - -
47f453ed by Salvatore Bonaccorso at 2023-05-08T21:10:38+02:00
Update severity for CVE-2023-23039
- - - - -
cc25a648 by Salvatore Bonaccorso at 2023-05-08T21:22:54+02:00
Add upstream commit reference for CVE-2023-2124
- - - - -
68b7f5e6 by Salvatore Bonaccorso at 2023-05-08T21:29:21+02:00
Add upstream commit reference for CVE-2023-1380
- - - - -
390c74a8 by Salvatore Bonaccorso at 2023-05-08T21:36:54+02:00
Add upstream commit reference for CVE-2022-48425/linux
- - - - -
01c1aa1f by security tracker role at 2023-05-08T20:12:26+00:00
automatic update
- - - - -
9f7a99ef by Salvatore Bonaccorso at 2023-05-08T22:25:17+02:00
Drop notes for CVE-2023-2248 (duplicate of CVE-2023-31436)
- - - - -
1297e750 by Salvatore Bonaccorso at 2023-05-08T22:27:40+02:00
Track fixed version for linux issues via unstable
- - - - -
a02729ba by Salvatore Bonaccorso at 2023-05-08T22:29:37+02:00
Process some new NFUs
- - - - -
a113fb06 by Salvatore Bonaccorso at 2023-05-08T22:35:47+02:00
Process NFUs
- - - - -
c6fe3252 by Salvatore Bonaccorso at 2023-05-09T08:28:53+02:00
Add CVE-2023-2283/libssh
- - - - -
68dd66b9 by Salvatore Bonaccorso at 2023-05-09T08:29:42+02:00
Add CVE-2023-1667/libssh
- - - - -
90a2f4e7 by Moritz Muehlenhoff at 2023-05-09T08:45:45+02:00
webkit2gtk n/a
- - - - -
8cd87534 by Moritz Muehlenhoff at 2023-05-09T08:50:41+02:00
fill in details for CVE-2023-2283
- - - - -
6335d9da by Moritz Muehlenhoff at 2023-05-09T08:55:06+02:00
fill in details for CVE-2023-1667
- - - - -
de9ecb6e by security tracker role at 2023-05-09T08:12:17+00:00
automatic update
- - - - -
7cf8862e by Moritz Muehlenhoff at 2023-05-09T10:37:21+02:00
NFUs
- - - - -
53ef5539 by Moritz Muehlenhoff at 2023-05-09T10:56:27+02:00
new gitlab issue
- - - - -
f94b4b62 by Moritz Muehlenhoff at 2023-05-09T11:26:48+02:00
NFUs
- - - - -
faf8356f by Moritz Muehlenhoff at 2023-05-09T11:38:28+02:00
new unimportant log4cxx issue
- - - - -
13a20789 by Moritz Muehlenhoff at 2023-05-09T13:03:05+02:00
NFUs
- - - - -
426f5ed0 by Salvatore Bonaccorso at 2023-05-09T20:27:04+02:00
Track fixes for CVE-2023-31038/log4cxx via experimental
- - - - -
266ceb1a by Moritz Muehlenhoff at 2023-05-09T21:30:47+02:00
add bug for frr
- - - - -
cec67343 by security tracker role at 2023-05-09T20:12:13+00:00
automatic update
- - - - -
d070f3ec by Salvatore Bonaccorso at 2023-05-09T22:21:08+02:00
Add upstream version tag references for libssh issues
- - - - -
ea818f76 by Salvatore Bonaccorso at 2023-05-09T22:21:38+02:00
Process two NFUs
- - - - -
4907a96a by Salvatore Bonaccorso at 2023-05-09T22:26:51+02:00
Process some NFUs
- - - - -
dd9ec307 by Salvatore Bonaccorso at 2023-05-09T22:27:37+02:00
Add two more frr CVEs
- - - - -
bec97387 by Salvatore Bonaccorso at 2023-05-09T22:35:33+02:00
Add two new sngrep issues
- - - - -
75b34f44 by Salvatore Bonaccorso at 2023-05-09T22:36:38+02:00
Add Debian bug reference for libssh issues
- - - - -
277ab670 by Salvatore Bonaccorso at 2023-05-09T22:37:28+02:00
Process one NFU
- - - - -
524bbec9 by Salvatore Bonaccorso at 2023-05-09T22:37:51+02:00
Add CVE-2023-31979/catdoc
- - - - -
5c27be93 by Salvatore Bonaccorso at 2023-05-09T22:40:05+02:00
Add CVE-2023-31976/ming
- - - - -
11f4e182 by Salvatore Bonaccorso at 2023-05-09T22:41:35+02:00
Process some NFUs
- - - - -
a195c8a1 by Salvatore Bonaccorso at 2023-05-09T22:47:40+02:00
Process NFUs
- - - - -
8500517a by Salvatore Bonaccorso at 2023-05-09T22:48:35+02:00
Add CVE-2023-2591/teampass
- - - - -
a56a7397 by Salvatore Bonaccorso at 2023-05-09T22:53:05+02:00
Add four new yasm issues
- - - - -
31fe0ad7 by Salvatore Bonaccorso at 2023-05-09T22:57:11+02:00
Add CVE-2023-2609/vim
- - - - -
6bd1de91 by Salvatore Bonaccorso at 2023-05-09T22:57:46+02:00
Add CVE-2023-3008{3,4,5}/ming
- - - - -
4cfc99b3 by Markus Koschany at 2023-05-10T00:32:40+02:00
Claim erlang in dla-needed.txt
- - - - -
e4dcf3e8 by Markus Koschany at 2023-05-10T00:37:11+02:00
Claim golang-websocket in dla-needed.txt
- - - - -
909f006d by Markus Koschany at 2023-05-10T00:38:26+02:00
Reserve DLA-3416-1 for emacs
- - - - -
d32e291f by Salvatore Bonaccorso at 2023-05-10T06:32:40+02:00
Add firefox issues from fsa2023-16
- - - - -
a6a35500 by Salvatore Bonaccorso at 2023-05-10T06:38:44+02:00
Add firefox-esr issues from mfsa2023-17
- - - - -
fbc8b61e by Salvatore Bonaccorso at 2023-05-10T06:40:39+02:00
Add firefox-esr and assign to jmm
- - - - -
05e566ea by Salvatore Bonaccorso at 2023-05-10T06:42:38+02:00
Track fixed version for firefox-esr issues from mfsa2023-17 via unstable
- - - - -
231450c4 by Salvatore Bonaccorso at 2023-05-10T08:20:07+02:00
Add CVE-2023-2491
- - - - -
1f6d59e8 by Salvatore Bonaccorso at 2023-05-10T08:55:26+02:00
Track fixed version for libssh issues via unstable
- - - - -
2c857647 by Emilio Pozuelo Monfort at 2023-05-10T09:56:25+02:00
lts: take firefox-esr
- - - - -
7085e240 by security tracker role at 2023-05-10T08:12:05+00:00
automatic update
- - - - -
a3a988bf by Salvatore Bonaccorso at 2023-05-10T13:52:35+02:00
Add CVE-2023-2598/linux
- - - - -
de8f6ff0 by Moritz Muehlenhoff at 2023-05-10T15:02:16+02:00
NFUs
- - - - -
821f3a3b by Moritz Muehlenhoff at 2023-05-10T16:12:33+02:00
new dav1d issue
- - - - -
780de349 by Chris Lamb at 2023-05-10T07:24:51-07:00
Triage CVE-2023-26112 in configobj for buster LTS.
- - - - -
8fd890aa by Moritz Muehlenhoff at 2023-05-10T17:04:40+02:00
add frr commit references
- - - - -
930b8c4b by Moritz Mühlenhoff at 2023-05-10T17:52:57+02:00
firefox-esr DSA
- - - - -
f4c507e2 by Salvatore Bonaccorso at 2023-05-10T21:13:26+02:00
Add temporary entry for osslsigncode issue
- - - - -
f9939663 by Salvatore Bonaccorso at 2023-05-10T21:17:13+02:00
Add CVE-2023-2610/vim
- - - - -
e9a10628 by Salvatore Bonaccorso at 2023-05-10T21:20:23+02:00
Add upstream tag reference for CVE-2023-32570 commit
- - - - -
abeebcd3 by Salvatore Bonaccorso at 2023-05-10T21:34:38+02:00
Add CVE-2023-30086/tiff
- - - - -
5ab6579f by Salvatore Bonaccorso at 2023-05-10T21:37:55+02:00
Reference upstream commit tags for easier further tracking
- - - - -
74f2efb8 by security tracker role at 2023-05-10T20:12:28+00:00
automatic update
- - - - -
e76698a1 by Salvatore Bonaccorso at 2023-05-10T22:17:09+02:00
Add two opencv CVEs: CVE-2023-2617 and CVE-2023-2618
- - - - -
499213c8 by Salvatore Bonaccorso at 2023-05-10T22:17:11+02:00
Add CVE-2023-31137/maradns
- - - - -
f4ecc10c by Salvatore Bonaccorso at 2023-05-10T22:17:13+02:00
Process one NFU
- - - - -
11a3f0bb by Salvatore Bonaccorso at 2023-05-10T22:17:14+02:00
Add CVE-2021-31240/ming
- - - - -
fa220fef by Salvatore Bonaccorso at 2023-05-10T22:18:33+02:00
Process some NFUs
- - - - -
5bd4a616 by Salvatore Bonaccorso at 2023-05-10T22:27:19+02:00
Process NFUs
- - - - -
3cb4bb52 by Salvatore Bonaccorso at 2023-05-10T22:35:02+02:00
Add CVE-2023-28410/linux
- - - - -
4ce710b0 by Scarlett Moore at 2023-05-10T14:36:55-07:00
Claim golang-yaml.v2
- - - - -
bf69899a by Salvatore Bonaccorso at 2023-05-11T06:44:03+02:00
Add initial tracking for some libpodofo issues
- - - - -
53730d72 by Salvatore Bonaccorso at 2023-05-11T08:27:00+02:00
Add CVE-2023-2088/{cinder,python-glance-store,nova,python-os-brick}
- - - - -
0d94120f by Moritz Muehlenhoff at 2023-05-11T08:55:30+02:00
new gitlab issue
- - - - -
55e51617 by Moritz Muehlenhoff at 2023-05-11T09:17:52+02:00
new distribution/distribution issue (src:docker-registry)
- - - - -
696fdda4 by security tracker role at 2023-05-11T08:12:12+00:00
automatic update
- - - - -
924a7d65 by Emilio Pozuelo Monfort at 2023-05-11T10:14:33+02:00
Reserve DLA-3417-1 for firefox-esr
- - - - -
336083ad by Moritz Muehlenhoff at 2023-05-11T10:19:53+02:00
new in-toto issue
- - - - -
2e12c310 by Moritz Muehlenhoff at 2023-05-11T10:23:23+02:00
new iotjs issues
- - - - -
86c47271 by Salvatore Bonaccorso at 2023-05-11T10:24:36+02:00
Process some NFUs
- - - - -
89311173 by Moritz Muehlenhoff at 2023-05-11T10:32:29+02:00
NFUs
- - - - -
39189e0b by Moritz Muehlenhoff at 2023-05-11T12:21:05+02:00
openjdk-8 fixed in sid
- - - - -
1a75b57c by Moritz Muehlenhoff at 2023-05-11T13:46:17+02:00
flask fixed in sid
- - - - -
5b9cc7f9 by Moritz Muehlenhoff at 2023-05-11T13:59:35+02:00
new podofo issues
- - - - -
b734574a by Moritz Muehlenhoff at 2023-05-11T14:07:30+02:00
add podofo commit references
- - - - -
20ad60a8 by Moritz Muehlenhoff at 2023-05-11T14:11:35+02:00
catdoc unimportant
- - - - -
30320f7d by Moritz Muehlenhoff at 2023-05-11T15:51:17+02:00
bugnums
- - - - -
2422e873 by Tobias Frost at 2023-05-11T16:23:42+02:00
Reserve DLA-3418-1 for nvidia-graphics-drivers-legacy-390xx
- - - - -
2bcd18c6 by Salvatore Bonaccorso at 2023-05-11T16:41:50+02:00
Add two new postgresql CVEs
- - - - -
3973adfc by Salvatore Bonaccorso at 2023-05-11T16:42:55+02:00
Add postgresql-13 to dsa-needed list
- - - - -
7db7bfc0 by Moritz Muehlenhoff at 2023-05-11T17:46:53+02:00
bullseye/bookworm triage
- - - - -
5c307e46 by Moritz Muehlenhoff at 2023-05-11T17:55:39+02:00
puppetserver fixed in sid
- - - - -
917e6aa0 by Moritz Muehlenhoff at 2023-05-11T18:00:39+02:00
bugnums
- - - - -
75f696d1 by Moritz Mühlenhoff at 2023-05-11T18:27:43+02:00
postgresql-13 DSA
- - - - -
a2ffa365 by Salvatore Bonaccorso at 2023-05-11T20:55:30+02:00
Add CVE-2023-32668/texlive-bin for luatex
- - - - -
bde1b242 by Salvatore Bonaccorso at 2023-05-11T21:00:41+02:00
Add Debian bug reference for CVE-2023-2088/python-os-brick
- - - - -
a1a69a56 by Salvatore Bonaccorso at 2023-05-11T21:06:53+02:00
Process some NFUs
- - - - -
4f74a1e7 by Salvatore Bonaccorso at 2023-05-11T21:46:22+02:00
Add upstream tag information for CVE-2023-2253
- - - - -
b7432a4e by Salvatore Bonaccorso at 2023-05-11T21:50:43+02:00
Reference the non merge commits and add upstream tag information
- - - - -
0b4cd5a4 by Salvatore Bonaccorso at 2023-05-11T21:58:43+02:00
Add cloned bug references for CVE-2023-2088
- - - - -
a744f936 by security tracker role at 2023-05-11T20:12:36+00:00
automatic update
- - - - -
6c32268e by Salvatore Bonaccorso at 2023-05-11T22:35:57+02:00
Process NFUs
- - - - -
a372ec80 by security tracker role at 2023-05-12T08:12:08+00:00
automatic update
- - - - -
378eb68a by Emilio Pozuelo Monfort at 2023-05-12T11:27:22+02:00
Reserve DLA-3419-1 for webkit2gtk
- - - - -
1cf5c2a1 by Emilio Pozuelo Monfort at 2023-05-12T11:33:55+02:00
lts: re-add webkit2gtk
- - - - -
4b5be60c by Salvatore Bonaccorso at 2023-05-12T13:48:28+02:00
Track fixes for openstack issues (CVE-2023-2088)
- - - - -
5924de76 by Salvatore Bonaccorso at 2023-05-12T14:02:07+02:00
Track fixes for cinder via unstable
- - - - -
d95bc556 by Salvatore Bonaccorso at 2023-05-12T14:09:45+02:00
Process NFUs
- - - - -
81ccda00 by Salvatore Bonaccorso at 2023-05-12T14:17:17+02:00
Process NFUs
- - - - -
09842794 by Salvatore Bonaccorso at 2023-05-12T14:18:11+02:00
Add CVE-2023-2666/froxlor
- - - - -
b9a8a526 by Tobias Frost at 2023-05-12T16:00:29+02:00
for buster/LTS: Mark CVE's affecting nvidia-graphics-driver and nvidia-graphics-driver-legacy390xx as ignored.
Those drivers are EOL and there will be no updates by nvidia.
- - - - -
a05e84ed by Tobias Frost at 2023-05-12T16:15:11+02:00
nvidia-graphics-drivers in buster is EOL and latest version. Nonthing to do
See also: https://lists.debian.org/debian-lts/2023/05/msg00015.html
- - - - -
97352946 by Salvatore Bonaccorso at 2023-05-12T21:06:20+02:00
Process NFUs
- - - - -
776416f6 by Salvatore Bonaccorso at 2023-05-12T21:07:13+02:00
Add CVE-2023-32082/etcd
- - - - -
65fd8b44 by Salvatore Bonaccorso at 2023-05-12T21:09:40+02:00
Add CVE-2023-28360/brave-browser, itp'ed
- - - - -
ef5026e1 by Salvatore Bonaccorso at 2023-05-12T21:11:55+02:00
Add postgresql-11
Link: https://lists.debian.org/debian-lts/2023/05/msg00018.html
- - - - -
21b473d2 by Salvatore Bonaccorso at 2023-05-12T21:16:03+02:00
Track fixed version for postgresql-15 issues via unstable
- - - - -
e915e5f7 by Salvatore Bonaccorso at 2023-05-12T21:20:18+02:00
Track fixed issues from mfsa2023-16 for firefox via unstable upload
- - - - -
ef137a75 by Salvatore Bonaccorso at 2023-05-12T21:27:36+02:00
Add thunderbird issues from mfsa2023-18
- - - - -
8e85d48a by Salvatore Bonaccorso at 2023-05-12T21:30:15+02:00
Track fixes for thunderbird mfsa2023-18 issues
- - - - -
a1048585 by Salvatore Bonaccorso at 2023-05-12T21:31:22+02:00
Add tunderbird to dsa-needed list
- - - - -
6ce3a757 by Salvatore Bonaccorso at 2023-05-12T21:36:37+02:00
Add CVE-2020-25720/samba
- - - - -
d4309a23 by Salvatore Bonaccorso at 2023-05-12T21:38:49+02:00
Remove notes from CVE-2023-2535
CVE was withdrawn by the assigning CNA.
- - - - -
7805fc44 by Salvatore Bonaccorso at 2023-05-12T21:39:27+02:00
Remove notes from CVE-2023-30183
As this was a duplicate of CVE-2023-30349.
- - - - -
578e2fa9 by Salvatore Bonaccorso at 2023-05-12T21:40:53+02:00
Remove notes from CVE-2023-26812
Duplicate of CVE-2023-26813.
- - - - -
975aa890 by Salvatore Bonaccorso at 2023-05-12T21:42:23+02:00
Remove notes from CVE-2022-37708
Got rejected as it was shown that there is no security issue; See as
well context in https://bugs.debian.org/1034886
- - - - -
d71728dd by security tracker role at 2023-05-12T20:12:00+00:00
automatic update
- - - - -
b8fbbc42 by Salvatore Bonaccorso at 2023-05-12T22:23:11+02:00
Add CVE-2023-2514/mattermost-server
- - - - -
f6e96e1f by Salvatore Bonaccorso at 2023-05-12T22:24:15+02:00
Process two NFUs
- - - - -
be1c96bf by Salvatore Bonaccorso at 2023-05-12T22:34:33+02:00
Process NFUs
- - - - -
a7d54b4b by Salvatore Bonaccorso at 2023-05-12T22:35:05+02:00
Add CVE-2023-2515/mattermost-server
- - - - -
6367efad by Salvatore Bonaccorso at 2023-05-12T22:35:37+02:00
Add CVE-2023-29657/extplorer
- - - - -
9ef47802 by Salvatore Bonaccorso at 2023-05-12T23:27:30+02:00
Track fixed versions via unstable for CVE-2023-261{7,8}/opencv
- - - - -
aca0297a by Tobias Frost at 2023-05-13T08:36:34+02:00
CVE-2115-3416 (sqlite) does not affect buster.
- - - - -
481fa94c by Salvatore Bonaccorso at 2023-05-13T08:55:06+02:00
Add CVE-2023-2680
- - - - -
8d913e43 by security tracker role at 2023-05-13T08:12:17+00:00
automatic update
- - - - -
9bac5d7f by Tobias Frost at 2023-05-13T10:45:09+02:00
CVE-2020-13434 (sqlite) does not affect buster.
- - - - -
39305abf by Salvatore Bonaccorso at 2023-05-13T11:03:45+02:00
Process NFUs
- - - - -
fe981b1a by Salvatore Bonaccorso at 2023-05-13T11:37:11+02:00
Add libusrsctp for CVE-2022-46871
- - - - -
60e9eefd by Salvatore Bonaccorso at 2023-05-13T12:47:41+02:00
Reserve DSA number for linux update
- - - - -
e8ee7f23 by Salvatore Bonaccorso at 2023-05-13T13:26:14+02:00
Mark CVE-2023-32668/texlive-bin as no-dsa
- - - - -
10204358 by Salvatore Bonaccorso at 2023-05-13T21:22:37+02:00
Add additional reference for CVE-2023-32668
- - - - -
36651028 by security tracker role at 2023-05-13T20:12:01+00:00
automatic update
- - - - -
007fe3a5 by Salvatore Bonaccorso at 2023-05-13T22:16:58+02:00
Expand notes for CVE-2023-32668
- - - - -
4f8a5df8 by Markus Koschany at 2023-05-14T00:39:58+02:00
Reserve DLA-3420-1 for golang-websocket
- - - - -
bb64d571 by Markus Koschany at 2023-05-14T01:43:06+02:00
Claim golang-go.crypto in dla-needed.txt
- - - - -
11839c12 by Sylvain Beucler at 2023-05-14T08:26:27+02:00
dla: update python2.7 status
- - - - -
cbcada12 by Tobias Frost at 2023-05-14T08:56:03+02:00
add note to CVE-2020-13434/CVE-2015-3416 (sqlite) with addtional
information why this is not affecting sqlite2.
- - - - -
9b629b47 by Salvatore Bonaccorso at 2023-05-14T08:58:06+02:00
Track fixed version for CVE-2023-2253/docker-registry via unstable
- - - - -
deae4fd0 by security tracker role at 2023-05-14T08:11:56+00:00
automatic update
- - - - -
e3fa1948 by Salvatore Bonaccorso at 2023-05-14T10:53:16+02:00
Process NFUs
- - - - -
eebe9d4c by Abhijith PA at 2023-05-14T15:49:54+05:30
Remove consul from dla-needed.txt.
- - - - -
248024f1 by Salvatore Bonaccorso at 2023-05-14T17:30:13+02:00
Take thunderbird (exceptionally) from dsa-needed list
- - - - -
b494197a by Salvatore Bonaccorso at 2023-05-14T20:41:31+02:00
Reserve DSA number for thunderbird update
- - - - -
1c2adf9e by Utkarsh Gupta at 2023-05-15T00:52:19+05:30
Add owslib to dla-needed
- - - - -
d5188308 by Salvatore Bonaccorso at 2023-05-14T21:39:10+02:00
Reference upstream commit for CVE-2023-31489/frr
- - - - -
5c828859 by Salvatore Bonaccorso at 2023-05-14T21:47:43+02:00
Add Debian bug reference for CVE-2023-31489/frr
- - - - -
c2a06e81 by Salvatore Bonaccorso at 2023-05-14T22:02:58+02:00
Add Debian bug reference for CVE-2023-31490/frr
- - - - -
097ac31b by security tracker role at 2023-05-14T20:12:05+00:00
automatic update
- - - - -
35925ae1 by Salvatore Bonaccorso at 2023-05-14T22:18:32+02:00
Update information for three libpodofo issues
- - - - -
4b679aef by Salvatore Bonaccorso at 2023-05-14T22:21:30+02:00
Process some NFUs
- - - - -
cdbf8473 by Utkarsh Gupta at 2023-05-15T10:48:43+05:30
Mark CVE-2023-29839/hoteldruid as no-dsa for bullseye
- - - - -
37f2f02b by Utkarsh Gupta at 2023-05-15T10:48:46+05:30
Mark iotjs CVEs as ignored for buster; following bullseye
- - - - -
842a0cf5 by Utkarsh Gupta at 2023-05-15T10:50:22+05:30
Mark CVE-2023-31555/libpodofo as no-dsa for buster
- - - - -
eb607fa1 by Utkarsh Gupta at 2023-05-15T10:52:33+05:30
Mark CVE-2023-31566-67/libpodofo as no-dsa for buster
- - - - -
20824c93 by Utkarsh Gupta at 2023-05-15T10:53:10+05:30
Mark CVE-2023-29491/ncurses as no-dsa for buster
- - - - -
29d9dd56 by Utkarsh Gupta at 2023-05-15T11:01:03+05:30
Add nvidia-cuda-toolkit to dla-needed
- - - - -
28178542 by Salvatore Bonaccorso at 2023-05-15T09:14:05+02:00
Correct entry for CVE-2023-31555
- - - - -
d5d9a18a by security tracker role at 2023-05-15T08:11:28+00:00
automatic update
- - - - -
63d7a47a by Emilio Pozuelo Monfort at 2023-05-15T11:01:23+02:00
Reserve DLA-3421-1 for thunderbird
- - - - -
e143e995 by Emilio Pozuelo Monfort at 2023-05-15T11:05:34+02:00
Reserve DLA-3422-1 for postgresql-11
- - - - -
e406734a by Roberto C. Sánchez at 2023-05-15T09:43:21-04:00
LTS: update NOTE to include date
- - - - -
e8d2689b by Roberto C. Sánchez at 2023-05-15T09:46:51-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
aba7432c by Adrian Bunk at 2023-05-15T16:52:01+03:00
dla: take owslib
- - - - -
07014546 by Chris Lamb at 2023-05-15T08:37:28-07:00
data/dla-needed.txt: Claim epiphany-browser.
- - - - -
90f0e061 by Salvatore Bonaccorso at 2023-05-15T19:20:46+02:00
Add CVE-2023-260{2,3}/libcap2
- - - - -
aa6ad58e by Salvatore Bonaccorso at 2023-05-15T19:28:16+02:00
Reference upstream commits for CVE-2023-260{2,3}/libcap2
- - - - -
150b2c6c by Salvatore Bonaccorso at 2023-05-15T20:42:07+02:00
Add Debian bug reference for libcap2 issues
- - - - -
4ec13cad by Salvatore Bonaccorso at 2023-05-15T21:10:33+02:00
Add CVE-2023-32784/keepass2
- - - - -
d1bfdbad by Salvatore Bonaccorso at 2023-05-15T21:11:06+02:00
Mark CVE-2023-32758 as NFU
- - - - -
1514fa56 by Salvatore Bonaccorso at 2023-05-15T21:24:25+02:00
Add reference for CVE-2023-32233
- - - - -
64b62616 by Salvatore Bonaccorso at 2023-05-15T21:34:19+02:00
Reference upstream commit including fix for CVE-2023-28625
- - - - -
ccad33d6 by Salvatore Bonaccorso at 2023-05-15T21:48:13+02:00
Mark two node-undici issues as no-dsa for future bookworm
- - - - -
37da3d1f by Salvatore Bonaccorso at 2023-05-15T21:49:00+02:00
Drop sort of incorrect statement done for node-undici
Not necessarily intrusive if the isolated fixes are in context enough.
Marking it as no-dsa as minor issue is enough.
- - - - -
8fcd32b2 by Salvatore Bonaccorso at 2023-05-15T21:57:37+02:00
Reference upstream commit for CVE-2023-1999/libwebp
- - - - -
4c305d68 by Chris Lamb at 2023-05-15T13:00:49-07:00
Reserve DLA-3423-1 for epiphany-browser
- - - - -
ccf0acd6 by security tracker role at 2023-05-15T20:13:55+00:00
automatic update
- - - - -
d51b6084 by Salvatore Bonaccorso at 2023-05-15T22:16:06+02:00
Add additional set of commits for CVE-2023-30570/libreswan
- - - - -
d6fa11f7 by Salvatore Bonaccorso at 2023-05-15T22:18:51+02:00
Process some NFUs
- - - - -
e0055c53 by Sylvain Beucler at 2023-05-15T22:28:29+02:00
dla: fix python-ipaddress added date
- - - - -
b78eb356 by Sylvain Beucler at 2023-05-15T22:50:17+02:00
CVE-2019-20907/python2.7: fixed in DLA-2337-1
- - - - -
11dd5976 by Salvatore Bonaccorso at 2023-05-15T23:24:36+02:00
Process some NFUs
- - - - -
c1ebca92 by Guilhem Moulin at 2023-05-16T01:21:48+02:00
Reserve DLA-3424-1 for python-ipaddress
- - - - -
122f13d0 by Guilhem Moulin at 2023-05-16T01:24:59+02:00
Fix DLA-3424-1 entry.
- - - - -
ce3ad42d by Salvatore Bonaccorso at 2023-05-16T07:01:13+02:00
Track fixed version for libcap2 issues fixed via unstable
- - - - -
64f91d14 by Salvatore Bonaccorso at 2023-05-16T08:41:16+02:00
Add CVE-2023-2700/libvirt
- - - - -
b2823b55 by security tracker role at 2023-05-16T08:11:59+00:00
automatic update
- - - - -
499e028f by Salvatore Bonaccorso at 2023-05-16T11:00:49+02:00
Process NFUs
- - - - -
5171a771 by Guilhem Moulin at 2023-05-16T13:29:38+02:00
Reserve DLA-3425-1 for sqlparse
- - - - -
60e9d688 by Salvatore Bonaccorso at 2023-05-16T16:13:25+02:00
Proccess NFUs
- - - - -
6991857d by Moritz Muehlenhoff at 2023-05-16T17:12:20+02:00
NFUs
- - - - -
d9e1fe94 by Salvatore Bonaccorso at 2023-05-16T17:57:17+02:00
Add CVE-2022-42336/xen
- - - - -
c74e77ed by Salvatore Bonaccorso at 2023-05-16T21:12:28+02:00
Process two NFUs
- - - - -
fe0eff82 by Salvatore Bonaccorso at 2023-05-16T22:05:27+02:00
Add new virtuoso-opensource CVEs
- - - - -
ca6da290 by security tracker role at 2023-05-16T20:12:12+00:00
automatic update
- - - - -
0a948e57 by Salvatore Bonaccorso at 2023-05-16T22:18:39+02:00
Process NFUs
- - - - -
5b2bcfaa by Anton Gladky at 2023-05-16T22:39:34+02:00
LTS: add libpcap to dla-needed.txt
- - - - -
7ec7a8c9 by Salvatore Bonaccorso at 2023-05-16T22:42:46+02:00
Process some NFUs
- - - - -
2550a788 by Salvatore Bonaccorso at 2023-05-16T22:44:39+02:00
Add new chromium issues
- - - - -
3b2594cd by Salvatore Bonaccorso at 2023-05-16T22:54:02+02:00
Add chromium to dsa-needed list
- - - - -
8009518b by Markus Koschany at 2023-05-17T00:20:16+02:00
Reserve DLA-3426-1 for netatalk
- - - - -
53c24e00 by Salvatore Bonaccorso at 2023-05-17T06:40:13+02:00
Track fixed version for chromium via unstable
- - - - -
f63f5225 by Salvatore Bonaccorso at 2023-05-17T08:33:21+02:00
Add CVE-2023-2731/tiff
- - - - -
09fa1473 by security tracker role at 2023-05-17T08:11:57+00:00
automatic update
- - - - -
f59224e0 by Salvatore Bonaccorso at 2023-05-17T11:40:25+02:00
Process two NFUs
- - - - -
5770db59 by Salvatore Bonaccorso at 2023-05-17T12:44:02+02:00
Process NFUs
- - - - -
0fe51f8c by Moritz Muehlenhoff at 2023-05-17T15:33:43+02:00
bullseye triage
- - - - -
ae967725 by Moritz Muehlenhoff at 2023-05-17T16:26:56+02:00
bullseye triage
- - - - -
ae8a32d2 by Moritz Muehlenhoff at 2023-05-17T16:47:41+02:00
NFUs
- - - - -
a25344f2 by Moritz Muehlenhoff at 2023-05-17T17:09:14+02:00
new curl issues
- - - - -
8886f6a4 by Salvatore Bonaccorso at 2023-05-17T17:57:34+02:00
Update references for CVE-2023-28319/curl
- - - - -
ef32f413 by Salvatore Bonaccorso at 2023-05-17T17:59:34+02:00
Add references for CVE-2023-28320/curl
- - - - -
089a6bee by Salvatore Bonaccorso at 2023-05-17T18:01:28+02:00
Add references for CVE-2023-28321
- - - - -
bf12ea79 by Salvatore Bonaccorso at 2023-05-17T18:03:21+02:00
Add commit references for CVE-2023-28322/curl
- - - - -
cdda6c51 by Salvatore Bonaccorso at 2023-05-17T18:07:26+02:00
Add CVE-2023-24805/cups-filter
- - - - -
a7802dff by Thorsten Alteholz at 2023-05-17T19:57:21+02:00
add cups with my maintainer hat on
- - - - -
fc6e5b90 by Thorsten Alteholz at 2023-05-17T20:03:33+02:00
err, its cups-filters
- - - - -
d5e73e9d by Salvatore Bonaccorso at 2023-05-17T20:37:25+02:00
Add Debian bug reference for CVE-2023-24805/cups-filters
- - - - -
240f0211 by security tracker role at 2023-05-17T20:12:18+00:00
automatic update
- - - - -
2aa60d89 by Salvatore Bonaccorso at 2023-05-17T22:13:37+02:00
Process one NFU
- - - - -
c9616acd by Salvatore Bonaccorso at 2023-05-17T22:33:05+02:00
Process some NFUs
- - - - -
8db7625e by Moritz Mühlenhoff at 2023-05-17T22:38:51+02:00
chromium DSA
- - - - -
9df07805 by Salvatore Bonaccorso at 2023-05-17T22:48:45+02:00
Process some NFUs
- - - - -
4449ecac by Anton Gladky at 2023-05-17T23:11:08+02:00
Revert "LTS: add libpcap to dla-needed.txt"
This reverts commit 5b2bcfaa20e12d0c90eb3999fba8b6e942e201ab.
- - - - -
7f3ee2c5 by Anton Gladky at 2023-05-17T23:11:42+02:00
LTS: add libcap2 to dla-needed.txt
- - - - -
42efe3d6 by Salvatore Bonaccorso at 2023-05-17T23:28:54+02:00
Add Debian bug reference for curl issues
- - - - -
d2f489b7 by Markus Koschany at 2023-05-18T00:15:50+02:00
dsa-needed.txt: remove myself from netatalk update for now
- - - - -
ed6232dd by Salvatore Bonaccorso at 2023-05-18T06:53:10+02:00
Add CVE-2023-2745/wordpress
- - - - -
201b041b by Salvatore Bonaccorso at 2023-05-18T06:54:34+02:00
Process NFUs
- - - - -
1c2a8c2d by Salvatore Bonaccorso at 2023-05-18T06:58:17+02:00
Add new issues in check-mk
- - - - -
0aa62068 by Salvatore Bonaccorso at 2023-05-18T06:58:48+02:00
Add CVE-2023-27233/piwigo
- - - - -
87ee52ab by Salvatore Bonaccorso at 2023-05-18T06:59:25+02:00
Add CVE-2021-27131/moodle
- - - - -
a79dc3b8 by Salvatore Bonaccorso at 2023-05-18T07:04:24+02:00
Add CVE-2023-32573/qt
- - - - -
7ca8a1fb by Salvatore Bonaccorso at 2023-05-18T07:25:20+02:00
Add CVE-2023-3172{3,4,5}/yasm
- - - - -
22cd5a0b by Salvatore Bonaccorso at 2023-05-18T08:37:20+02:00
Add CVE-2021-31239/sqlite3
- - - - -
f806004d by Salvatore Bonaccorso at 2023-05-18T09:26:02+02:00
Add new dokuwiki issue
- - - - -
e39ac7a5 by Salvatore Bonaccorso at 2023-05-18T09:32:43+02:00
Add two more QT issues: CVE-2023-32762 and CVE-2023-32763
- - - - -
6c40180a by security tracker role at 2023-05-18T08:12:07+00:00
automatic update
- - - - -
5fb105b1 by Salvatore Bonaccorso at 2023-05-18T10:19:55+02:00
Add CVE-2023-33203/linux
- - - - -
c4742010 by Salvatore Bonaccorso at 2023-05-18T10:21:52+02:00
Process two NFUs
- - - - -
7ee41e0a by Salvatore Bonaccorso at 2023-05-18T10:34:38+02:00
Add CVE-2023-33204/sysstat
- - - - -
af207b77 by Salvatore Bonaccorso at 2023-05-18T10:38:50+02:00
Process some NFUs
- - - - -
9e232090 by Abhijith PA at 2023-05-18T14:44:14+05:30
data/dla-needed.txt: claim libcap2
- - - - -
cdfcc26c by Moritz Mühlenhoff at 2023-05-18T13:49:30+02:00
libapache2-mod-auth-openidc DSA
- - - - -
043034f3 by Salvatore Bonaccorso at 2023-05-18T13:51:57+02:00
Add note for CVE-2023-2156
- - - - -
64582bbf by Salvatore Bonaccorso at 2023-05-18T14:20:09+02:00
Update notes for sysstat CVEs
- - - - -
82ba798c by Moritz Muehlenhoff at 2023-05-18T15:27:24+02:00
bugnums
- - - - -
dc5f382e by Moritz Muehlenhoff at 2023-05-18T17:51:15+02:00
bullseye triage
- - - - -
b30f0780 by Moritz Muehlenhoff at 2023-05-18T19:27:11+02:00
tiff fixed in sid
- - - - -
1a654571 by Samuel Henrique at 2023-05-18T19:07:21+01:00
curl: CVE-2023-28320: Add follow-up patch
- - - - -
5c8fd12b by Samuel Henrique at 2023-05-18T19:10:18+01:00
curl: CVE-2023-28320: Fix URL
- - - - -
3b05ff7c by Salvatore Bonaccorso at 2023-05-18T21:17:17+02:00
Add CVE-2023-31722/nasm
- - - - -
cdf7af48 by Salvatore Bonaccorso at 2023-05-18T21:36:57+02:00
Add Debian bug reference for CVE-2023-32082/etcd
- - - - -
ad38ccf5 by Salvatore Bonaccorso at 2023-05-18T21:37:43+02:00
Revert "Add Debian bug reference for CVE-2023-32082/etcd"
This reverts commit cdf7af483c2e6bfea38587d8087ca486248db0fc.
- - - - -
269cfd7e by Salvatore Bonaccorso at 2023-05-18T21:38:07+02:00
Add Debian bug reference for CVE-2023-33204/sysstat
- - - - -
ae9be3c3 by Salvatore Bonaccorso at 2023-05-18T21:46:12+02:00
Update information for CVE-2023-29827/node-ejs
- - - - -
9eb668b2 by Salvatore Bonaccorso at 2023-05-18T21:48:25+02:00
Add Debian bug reference for CVE-2023-32082/etcd
- - - - -
b50ac19d by Salvatore Bonaccorso at 2023-05-18T21:57:54+02:00
Scope for barbican getting clearer, waiting for reporter feedback
- - - - -
fbebfc60 by Salvatore Bonaccorso at 2023-05-18T22:02:40+02:00
Add Debian bug reference for CVE-2023-2700/libvirt
- - - - -
be9f8e27 by Salvatore Bonaccorso at 2023-05-18T22:03:36+02:00
Add Debian bug reference for CVE-2023-2745/wordpress
- - - - -
f4b6e219 by security tracker role at 2023-05-18T20:12:26+00:00
automatic update
- - - - -
8f2608c5 by Salvatore Bonaccorso at 2023-05-18T22:25:11+02:00
Process one NFU
- - - - -
c2c7e2a2 by Salvatore Bonaccorso at 2023-05-18T22:39:14+02:00
Process some NFUs
- - - - -
0303e696 by Salvatore Bonaccorso at 2023-05-18T22:40:23+02:00
Add CVE-2023-31597/zammad
- - - - -
d139507b by Salvatore Bonaccorso at 2023-05-18T22:43:20+02:00
Adjust commit reference for CVE-2023-31626
- - - - -
ba3b7f19 by Salvatore Bonaccorso at 2023-05-18T22:59:22+02:00
Track fixed version for xen issues fixed via unstable
- - - - -
bc368847 by Salvatore Bonaccorso at 2023-05-18T23:03:05+02:00
Add Debian bug reference for CVE-2022-42336/xen
- - - - -
9ced9e11 by Salvatore Bonaccorso at 2023-05-19T05:49:56+02:00
Track fixed versions for various curl issues
- - - - -
16dd835c by Salvatore Bonaccorso at 2023-05-19T05:51:50+02:00
Track fixed version via unstable for CVE-2023-2745
- - - - -
763e470f by Salvatore Bonaccorso at 2023-05-19T06:20:01+02:00
Add CVE-2023-26044/php-react-http
- - - - -
5e4d6bf2 by Abhijith PA at 2023-05-19T12:35:28+05:30
Add upstream commit refs for CVE-2022-36179, CVE-2022-36180
- - - - -
48c64348 by Moritz Muehlenhoff at 2023-05-19T09:20:46+02:00
bugnum
- - - - -
562dcecf by security tracker role at 2023-05-19T08:11:53+00:00
automatic update
- - - - -
717f80a8 by Moritz Muehlenhoff at 2023-05-19T11:24:16+02:00
NFUs
- - - - -
641c5590 by Salvatore Bonaccorso at 2023-05-19T11:41:38+02:00
Add CVE-2023-2789/cflow
- - - - -
f474a2a5 by Moritz Muehlenhoff at 2023-05-19T12:25:53+02:00
bullseye triage
- - - - -
6e37895a by Moritz Muehlenhoff at 2023-05-19T12:34:56+02:00
new iotjs issues
- - - - -
b8c47a99 by Moritz Muehlenhoff at 2023-05-19T13:36:01+02:00
bullseye triage
- - - - -
234c492e by Moritz Muehlenhoff at 2023-05-19T16:32:05+02:00
bullseye triage
- - - - -
b7c4fbfd by Moritz Muehlenhoff at 2023-05-19T16:33:34+02:00
libwebp fixed in sid
- - - - -
c83b117a by Roberto C. Sánchez at 2023-05-19T11:03:00-04:00
LTS: VCS link for cairosvg in dla-needed.txt
- - - - -
19efa95a by Moritz Muehlenhoff at 2023-05-19T17:40:51+02:00
bullseye triage
- - - - -
c4df7499 by Salvatore Bonaccorso at 2023-05-19T20:46:50+02:00
Track fixed version for cups-filters via unstable
- - - - -
57c88f54 by Salvatore Bonaccorso at 2023-05-19T21:08:35+02:00
Use upstream tag versions
- - - - -
fe8443a5 by Salvatore Bonaccorso at 2023-05-19T21:32:46+02:00
Add additional tracking for src:pupnp for issues
They were open for src:pupnp-1.8 but fixed with the renamed source
package to experimental. Track exceptionally already as expected that
once it moves to unstable all fixes still are contained.
- - - - -
adc59b42 by Salvatore Bonaccorso at 2023-05-19T21:57:30+02:00
Reference upstream commit for older encfs issue
- - - - -
54f9e0d5 by Salvatore Bonaccorso at 2023-05-19T22:00:50+02:00
Add CVE-2023-1601/qemu
- - - - -
00aae374 by security tracker role at 2023-05-19T20:11:53+00:00
automatic update
- - - - -
27723b18 by Salvatore Bonaccorso at 2023-05-20T08:50:25+02:00
Process NFUs
- - - - -
ab7cf797 by Salvatore Bonaccorso at 2023-05-20T08:57:27+02:00
Process some NFUs
- - - - -
0cf00fb8 by Anton Gladky at 2023-05-20T09:26:02+02:00
LTS: add libraw to dla-needed.txt
- - - - -
4fd52af7 by Anton Gladky at 2023-05-20T09:29:32+02:00
LTS: add libssh to dla-needed.txt
- - - - -
e07d91bc by Salvatore Bonaccorso at 2023-05-20T09:49:06+02:00
Add CVE-2023-32700/texlive-bin
- - - - -
073ac497 by Salvatore Bonaccorso at 2023-05-20T09:52:43+02:00
Track fixed version for CVE-2023-32700/texlive-bin via unstable
- - - - -
f78a8ce7 by Salvatore Bonaccorso at 2023-05-20T09:55:50+02:00
Reserve DSA number for texlive-bin update
- - - - -
27cfbb86 by security tracker role at 2023-05-20T08:11:56+00:00
automatic update
- - - - -
a0ed5739 by Salvatore Bonaccorso at 2023-05-20T10:23:47+02:00
Process NFUs
- - - - -
654c9fb0 by Salvatore Bonaccorso at 2023-05-20T10:49:24+02:00
Process NFUs
- - - - -
a982e752 by Tobias Frost at 2023-05-20T11:17:22+02:00
unclaim hdf5. It seems we'd need an SONAME bump and difficulties with the packageing.
- - - - -
cd224cf6 by Tobias Frost at 2023-05-20T11:18:17+02:00
LTS: claim libssh in dla-needed.txt
- - - - -
e154ff13 by Guilhem Moulin at 2023-05-20T11:26:13+02:00
LTS: claim libraw in dla-needed.txt
- - - - -
b78a7b9c by Bastien Roucariès at 2023-05-20T14:26:38+00:00
LTS: claim node-nth-check
- - - - -
5bc9c211 by Markus Koschany at 2023-05-20T17:59:52+02:00
Reserve DLA-3427-1 for textlive-bin
- - - - -
ebd6f3a1 by Markus Koschany at 2023-05-20T18:01:57+02:00
Fix DLA-3427-1 entries
- - - - -
468a59d0 by Markus Koschany at 2023-05-20T18:19:23+02:00
CVE-2023-32668,texlive-bin: Buster is no-dsa
Minor issue
- - - - -
e4db5778 by Sylvain Beucler at 2023-05-20T19:31:01+02:00
CVE-2019-9947/python2.7: reference introductory commit
- - - - -
9b2e8517 by Markus Koschany at 2023-05-20T20:48:54+02:00
Fix textlive <-> texlive typo.
- - - - -
209e6c9b by security tracker role at 2023-05-20T20:12:03+00:00
automatic update
- - - - -
e5f7bf11 by Salvatore Bonaccorso at 2023-05-20T22:23:25+02:00
Process some NFUs
- - - - -
e938807f by Bastien Roucariès at 2023-05-20T21:01:59+00:00
Reserve DLA-3428-1 for node-nth-check
- - - - -
9ba2e6c3 by Bastien Roucariès at 2023-05-20T21:34:44+00:00
Claim node-got for rouca
- - - - -
d7c42961 by Bastien Roucariès at 2023-05-20T22:26:39+00:00
CVE-2022-33987: Mark node-got/buster has not-affected
Tested not-affected here https://salsa.debian.org/js-team/node-got/-/commit/47a15e189e39c29281532131675a998e1c0a9f8e
Code throw an error.
- - - - -
2db58f1b by Salvatore Bonaccorso at 2023-05-21T09:14:49+02:00
Add CVE-2023-2157/imagemagick
- - - - -
57062131 by Salvatore Bonaccorso at 2023-05-21T09:27:01+02:00
Add CVE-2023-2804/libjpeg-turbo
- - - - -
623b63be by security tracker role at 2023-05-21T08:11:55+00:00
automatic update
- - - - -
afe52d21 by Salvatore Bonaccorso at 2023-05-21T11:48:33+02:00
Process NFUs
- - - - -
e878c362 by Salvatore Bonaccorso at 2023-05-21T13:10:53+02:00
Take cups-filters prepared by Thorsten for DSA release
- - - - -
0ff03e2d by Bastien Roucariès at 2023-05-21T11:54:59+00:00
CVE-2021-4219 is not for strech
Code introduced later.
- - - - -
8d5718cf by Salvatore Bonaccorso at 2023-05-21T14:06:43+02:00
Track fixed version for two libraw issues
- - - - -
ed10daa6 by Salvatore Bonaccorso at 2023-05-21T15:41:24+02:00
Track fixed version for dokuwiki via unstable
- - - - -
0b318874 by Salvatore Bonaccorso at 2023-05-21T15:46:00+02:00
Reserve DSA number for cups-filters
- - - - -
60062332 by Tobias Frost at 2023-05-21T15:56:01+02:00
CVE-2023-2283/libssh [buster] vulnerable code introduced later.
Vulnerablity is in function pki_verify_data_signature and explained in [1]
Commit that introduces vulnerable function:
https://git.libssh.org/projects/libssh.git/commit/?id=fd94465
Commit that starts using the function:
https://git.libssh.org/projects/libssh.git/commit/?id=db51fa1
git tag --contains fd94465 shows that this commit no earlier than 0.9.0 part of any release.
The implementation present in buster, 0.8.7, does not have the refactoring
and errors out correctly with return SSH_ERROR in the verify functiob pki_signature_verify
that will in a later version call the vulnearble pki_verify_data_signature().
[1] https://www.libssh.org/security/advisories/CVE-2023-2283.txt
- - - - -
0a520114 by Bastien Roucariès at 2023-05-21T15:49:07+00:00
Add imagemagick6 commit for CVE-2021-39212
- - - - -
30de8d07 by Moritz Mühlenhoff at 2023-05-21T19:59:11+02:00
libwebp DSA
- - - - -
ff1a2c8e by Salvatore Bonaccorso at 2023-05-21T21:02:29+02:00
Add Debian bug reference for virtuoso-opensource issues
- - - - -
69eb6940 by Salvatore Bonaccorso at 2023-05-21T21:10:51+02:00
Add Debian bug reference for CVE-2023-32668/texlive-bin
- - - - -
1635ee12 by Salvatore Bonaccorso at 2023-05-21T21:29:36+02:00
CVE-2023-2283: Use full commit hash id
- - - - -
36636f51 by security tracker role at 2023-05-21T20:12:17+00:00
automatic update
- - - - -
e00bd633 by Salvatore Bonaccorso at 2023-05-21T22:24:02+02:00
Add Debian bug reference for CVE-2023-2157
- - - - -
fb6dde22 by Salvatore Bonaccorso at 2023-05-21T22:27:05+02:00
Process one NFU
- - - - -
7d7cedde by Salvatore Bonaccorso at 2023-05-21T22:28:36+02:00
Take libraw from dsa-needed list
- - - - -
ed2d1ded by Bastien Roucariès at 2023-05-21T22:08:26+00:00
Reserve DLA-3429-1 for imagemagick
- - - - -
f461f1b9 by Thorsten Alteholz at 2023-05-22T00:24:13+02:00
Reserve DLA-3430-1 for cups-filters
- - - - -
03b044cf by Thorsten Alteholz at 2023-05-22T02:10:53+02:00
update notes
- - - - -
72705fe1 by Moritz Muehlenhoff at 2023-05-22T09:17:13+02:00
NFUs
- - - - -
7f2bcee1 by Sylvain Beucler at 2023-05-22T09:25:08+02:00
LTS: add sqlite to dla-needed.txt
Front-Desk by-pass rationale:
- FD ping'd 2 days ago by tobi (no answer)
- I was responsible for sqlite triage (vs. sqlite3), cf.
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/50
and concur it was meant to be added in dla-needed.txt
- probably missed by previous FDs as it's a buster-specific package
and displayed separately in lts-cve-triage.py output
- - - - -
d7841148 by Salvatore Bonaccorso at 2023-05-22T09:56:47+02:00
Add CVE-2023-32250/linux
- - - - -
32dbd07b by security tracker role at 2023-05-22T08:11:58+00:00
automatic update
- - - - -
7b283b0e by Salvatore Bonaccorso at 2023-05-22T10:53:15+02:00
Add CVE-2020-36694/linux
- - - - -
6a6b2190 by Salvatore Bonaccorso at 2023-05-22T10:57:15+02:00
Add CVE-2023-33250/linux
- - - - -
3babe1fb by Salvatore Bonaccorso at 2023-05-22T11:04:41+02:00
Add CVE-2023-33288/linux
- - - - -
ba9bfd18 by Salvatore Bonaccorso at 2023-05-22T11:18:59+02:00
Process one NFU
- - - - -
b4b5c823 by Tobias Frost at 2023-05-22T11:24:12+02:00
LTS: claim sqlite in dla-needed.txt
- - - - -
3c555b72 by Tobias Frost at 2023-05-22T11:43:36+02:00
CVE-2021-31239/sqlite is not affecting buster
The affected feature, AppendVFS, has been according upstream
changelog introduced in sqlite3 version 3.22.0 [1] with commit [2]
(Very likely not sqlite at all, but I'm conservative here)
[1] https://sqlite.org/releaselog/3_22_0.html
[2] https://github.com/sqlite/sqlite/commit/3be8b1a
- - - - -
91c61dfd by Tobias Frost at 2023-05-22T13:01:37+02:00
Reserve DLA-3431-1 for sqlite
- - - - -
adfd2914 by Moritz Muehlenhoff at 2023-05-22T15:37:42+02:00
new c-ares issues
- - - - -
0664c38f by Roberto C. Sánchez at 2023-05-22T09:52:17-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
06927a4c by Moritz Muehlenhoff at 2023-05-22T16:16:34+02:00
add more qt references
- - - - -
f1227f71 by Emilio Pozuelo Monfort at 2023-05-22T16:20:17+02:00
lts: reclaim openjdk-11
- - - - -
448225e2 by Moritz Muehlenhoff at 2023-05-22T16:33:32+02:00
add one more Qt reference
- - - - -
21f71967 by Moritz Muehlenhoff at 2023-05-22T17:51:00+02:00
various Qt fixes in sid
- - - - -
c3bad6ef by Moritz Muehlenhoff at 2023-05-22T17:52:15+02:00
c-ares fixed in experimental
- - - - -
182272b5 by Chris Lamb at 2023-05-22T09:31:10-07:00
Triage CVE-2023-31913, CVE-2023-31914, CVE-2023-31916, CVE-2023-31918, CVE-2023-31919 & CVE-2023-31920 in iotjs for buster LTS.
- - - - -
1cce0841 by Chris Lamb at 2023-05-22T09:31:50-07:00
Triage CVE-2023-29659 in libheif for buster LTS.
- - - - -
e69ae8b4 by Chris Lamb at 2023-05-22T09:32:32-07:00
Triage CVE-2021-31239 in sqlite3 for buster LTS.
- - - - -
fb373eb1 by Chris Lamb at 2023-05-22T09:32:59-07:00
Triage CVE-2023-28371 in stellarium for buster LTS.
- - - - -
08ae7461 by Chris Lamb at 2023-05-22T09:33:30-07:00
Triage CVE-2023-2610 in vim for buster LTS.
- - - - -
bc010571 by Abhijith PA at 2023-05-22T23:31:37+05:30
data/ela-needed.txt: re-claim fusiondirectory
- - - - -
ffe095c1 by Salvatore Bonaccorso at 2023-05-22T20:48:03+02:00
Remove one note for CVE-2022-24790
- - - - -
a8b78f31 by Salvatore Bonaccorso at 2023-05-22T21:07:15+02:00
Update information for CVE-2021-31239/sqlite
The referenced URL leads to a 404, isolate the commit and use the full
commit hash. As the feature was intorduced only in the 3.22.0 version,
mark the whole sqlite entry as not-affected, as sqlite was in version
2.8.17-15 latest in unstable.
- - - - -
396903fa by Salvatore Bonaccorso at 2023-05-22T21:13:53+02:00
Add references for c-ares issues
- - - - -
20014380 by Bastien Roucariès at 2023-05-22T19:15:46+00:00
No open CVE for node-got => drop
Last CVE after triage does not affect buster (test case work ok)
- - - - -
2e7a21fb by security tracker role at 2023-05-22T20:12:09+00:00
automatic update
- - - - -
894f3243 by Salvatore Bonaccorso at 2023-05-22T22:18:17+02:00
Add CVE-2023-32254/linux
- - - - -
0f26b321 by Salvatore Bonaccorso at 2023-05-22T22:22:26+02:00
Clarify what needs to be checked for CVE-2023-31655
- - - - -
1d6abe02 by Salvatore Bonaccorso at 2023-05-22T22:58:38+02:00
Process NFUs
- - - - -
f9cd4a6e by Salvatore Bonaccorso at 2023-05-22T23:07:43+02:00
Process NFUs
- - - - -
315cf75c by Salvatore Bonaccorso at 2023-05-22T23:12:17+02:00
Add four new gpac CVEs
- - - - -
bc106ca6 by Salvatore Bonaccorso at 2023-05-23T08:05:18+02:00
Track fixed version for CVE-2023-32573 via unstable for qtsvg-opensource-src
- - - - -
6e87b367 by Salvatore Bonaccorso at 2023-05-23T08:09:20+02:00
Track fixed version for older nghttp2 issue
- - - - -
04633fab by security tracker role at 2023-05-23T08:12:01+00:00
automatic update
- - - - -
7376c9e1 by Moritz Mühlenhoff at 2023-05-23T11:14:25+02:00
NFUs
- - - - -
95927ac0 by Moritz Mühlenhoff at 2023-05-23T11:23:25+02:00
libssh DSA
- - - - -
2c41a0e1 by Salvatore Bonaccorso at 2023-05-23T12:15:36+02:00
Mark CVE-2023-1601 as unimportant
- - - - -
4093c20b by Salvatore Bonaccorso at 2023-05-23T12:24:48+02:00
Add CVE-2023-31670/wabt
- - - - -
bb76e927 by Salvatore Bonaccorso at 2023-05-23T12:26:38+02:00
Add CVE-2023-33297/bitcoin
- - - - -
37c9243b by Moritz Mühlenhoff at 2023-05-23T12:30:03+02:00
bookworm triage
- - - - -
3d1f185a by Salvatore Bonaccorso at 2023-05-23T12:31:24+02:00
Process some more NFUs
- - - - -
dae66a11 by Salvatore Bonaccorso at 2023-05-23T12:31:25+02:00
Add CVE-2023-25440/civicrm
- - - - -
8e00ad01 by Sylvain Beucler at 2023-05-23T13:31:48+02:00
CVE-2022-0391/python: buster ignored + clarifications
In particular my python3.5/stretch triage led Ubuntu to believe the regression was specific to that version;
also dropping the stretch triage entirely so it can be re-triaged in ELTS
- - - - -
44207d14 by Sylvain Beucler at 2023-05-23T14:06:51+02:00
CVE-2023-24329/python: buster ignored + link follow-up fix
- - - - -
81aaacbb by Sylvain Beucler at 2023-05-23T14:09:23+02:00
CVE-2022-0391,CVE-2023-24329/python3.7: harmonize with python2.7
- - - - -
9b752d73 by Salvatore Bonaccorso at 2023-05-23T15:35:04+02:00
Track proposed updates for curl via bullseye-pu
- - - - -
4e7e8196 by Moritz Mühlenhoff at 2023-05-23T15:37:10+02:00
bookworm triage
- - - - -
615a884d by Salvatore Bonaccorso at 2023-05-23T15:38:19+02:00
Mark CVE-2021-33797/mujs as no-dsa
- - - - -
794142e6 by Salvatore Bonaccorso at 2023-05-23T15:39:09+02:00
Track proposed update for mujs via bullseye-pu
- - - - -
a1274645 by Anton Gladky at 2023-05-23T18:31:27+02:00
Merge branch 'master' into fix_987283
- - - - -
083d060f by Chris Lamb at 2023-05-23T10:12:33-07:00
Triage CVE-2023-2837, CVE-2023-2838, CVE-2023-2839 & CVE-2023-2840 in gpac for buster LTS.
- - - - -
c986b3ca by Chris Lamb at 2023-05-23T10:14:37-07:00
data/dla-needed.txt: Triage c-ares for buster LTS (CVE-2023-31130 & CVE-2023-32067)
- - - - -
6ce0fae9 by Chris Lamb at 2023-05-23T10:15:56-07:00
Triage CVE-2023-32784 in keepass2 for buster LTS.
- - - - -
2f365699 by Chris Lamb at 2023-05-23T10:16:19-07:00
Triage CVE-2023-2700 in libvirt for buster LTS.
- - - - -
04bc010f by Chris Lamb at 2023-05-23T10:16:39-07:00
Triage CVE-2023-30300 in wabt for buster LTS.
- - - - -
a54866e9 by Chris Lamb at 2023-05-23T10:17:04-07:00
Triage CVE-2023-29579 in yasm for buster LTS.
- - - - -
a7ba4eab by Chris Lamb at 2023-05-23T10:18:16-07:00
Triage CVE-2023-2731 & CVE-2023-30086 in tiff for buster LTS.
- - - - -
0fd31e5c by Moritz Mühlenhoff at 2023-05-23T21:11:20+02:00
bookworm triage
- - - - -
454c96e9 by Salvatore Bonaccorso at 2023-05-23T21:46:36+02:00
Add Debian bug reference for CVE-2023-33297/bitcoin
- - - - -
b64bd426 by Salvatore Bonaccorso at 2023-05-23T22:09:12+02:00
Mark two sngrep issues as unimportant
- - - - -
1c57a9b3 by security tracker role at 2023-05-23T20:12:15+00:00
automatic update
- - - - -
54f50b7a by Moritz Mühlenhoff at 2023-05-23T22:16:30+02:00
bookworm triage
- - - - -
57343b44 by Salvatore Bonaccorso at 2023-05-23T22:26:31+02:00
Process one NFU
- - - - -
db5ee8b0 by Salvatore Bonaccorso at 2023-05-23T22:29:54+02:00
Process some NFUs
- - - - -
4029192d by Salvatore Bonaccorso at 2023-05-23T22:39:15+02:00
Add some new piwigo issues
- - - - -
b87054a1 by Salvatore Bonaccorso at 2023-05-23T22:49:19+02:00
Track fixed version for CVE-2022-47516/sofia-sip via unstable
- - - - -
f513fcac by Aron Xu at 2023-05-24T10:59:03+08:00
add sniproxy to dsa-needed
- - - - -
df3897bb by Salvatore Bonaccorso at 2023-05-24T07:41:57+02:00
Add CVE-2023-32695/node-socket.io-parser
- - - - -
337da7fa by Salvatore Bonaccorso at 2023-05-24T07:44:19+02:00
Process one NFU in Spring Boot
- - - - -
317a77e3 by Salvatore Bonaccorso at 2023-05-24T07:50:41+02:00
Add CVE-2023-31669/wabt
- - - - -
a0f11619 by Salvatore Bonaccorso at 2023-05-24T07:57:06+02:00
Add two CVE-2023-3151{7,8}/teeworlds
- - - - -
9fa1629d by Salvatore Bonaccorso at 2023-05-24T08:08:49+02:00
Process NFUs
- - - - -
5d541685 by Moritz Mühlenhoff at 2023-05-24T10:01:38+02:00
bookworm triage
- - - - -
9a6445e6 by security tracker role at 2023-05-24T08:11:58+00:00
automatic update
- - - - -
702c8b68 by Salvatore Bonaccorso at 2023-05-24T10:29:09+02:00
Process some NFUs
- - - - -
8ca3c678 by Salvatore Bonaccorso at 2023-05-24T10:31:31+02:00
Add CVE-2023-32697/xerial-sqlite-jdbc
- - - - -
51ae3929 by Salvatore Bonaccorso at 2023-05-24T10:49:11+02:00
Process NFUs
- - - - -
5c11a203 by Salvatore Bonaccorso at 2023-05-24T10:49:40+02:00
Add CVE-2023-2859/teampass, itp'ed
- - - - -
6e2e36d8 by Salvatore Bonaccorso at 2023-05-24T11:33:28+02:00
Update information on CVE-2023-28410/linux
- - - - -
08daeb22 by Salvatore Bonaccorso at 2023-05-24T11:51:49+02:00
Update information for CVE-2016-1585/apparmor
- - - - -
04fd073a by Salvatore Bonaccorso at 2023-05-24T12:08:01+02:00
Update and clarify information on CVE-2023-1601
- - - - -
96b88c22 by Moritz Mühlenhoff at 2023-05-24T12:11:13+02:00
glusterfs fixed in sid
- - - - -
80e3a65f by Moritz Mühlenhoff at 2023-05-24T12:26:31+02:00
sofia-sip DSA
- - - - -
65bd13ae by Anton Gladky at 2023-05-24T13:58:05+02:00
LTS: take c-ares and openimageio)
- - - - -
e2d89fd4 by Anton Gladky at 2023-05-24T13:58:35+02:00
Merge branch 'master' into fix_987283
- - - - -
a4c5a4a4 by Anton Gladky at 2023-05-24T14:40:10+02:00
Fix issues, mentioned in the MR
- - - - -
26 changed files:
- bin/grab-cve-in-fix
- bin/merge-cve-files
- + bin/process-cve-records
- bin/remove-cve-dist-tags
- bin/tracker_service.py
- bin/update-vuln
- + bin/update-xrefs
- check-external/update.sh
- data/CVE/list
- data/DLA/list
- data/DSA/list
- data/config.json
- data/dla-needed.txt
- data/dsa-needed.txt
- data/embedded-code-copies
- data/next-point-update.txt
- data/packages/lts-do-call-me
- data/packages/lts-do-not-call
- data/packages/removed-packages
- lib/python/sectracker/analyzers.py
- lib/python/sectracker/parsers.py
- lib/python/sectracker/xpickle.py
- lib/python/sectracker_test/test_parsers.py
- lib/python/security_db.py
- org/lts-frontdesk.2023.txt
- static/distributions.json
Changes:
=====================================
bin/grab-cve-in-fix
=====================================
@@ -12,6 +12,7 @@ grab-cve-in-fix - #1001451
#
# Copyright 2021-2022 Neil Williams <codehelp at debian.org>
+# Copyright © 2023 Emilio Pozuelo Monfort <pochu at debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -84,7 +85,7 @@ class ParseChanges:
def _read_cvelist(self):
os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__))))
- data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter
+ data = cvelist("data/CVE/list")
for cve in self.cves:
for bug in data:
if bug.header.name == cve:
@@ -167,7 +168,10 @@ class ParseChanges:
self.source_package,
)
continue
- for line in self.bugs[cve].annotations:
+
+ bug = self.bugs[cve]
+
+ for line in bug.annotations:
if not isinstance(line, PackageAnnotation):
continue # skip notes etc.
if line.release: # only update unstable
@@ -185,12 +189,8 @@ class ParseChanges:
)
if vcompare < 0:
self.logger.info("Updating %s to %s", line.version, self.unstable_version)
- mod_line = line._replace(version=self.unstable_version)
- index = self.bugs[cve].annotations.index(line)
- bug_list = list(self.bugs[cve].annotations)
- bug_list[index] = mod_line
- mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
- modified.append(mod_bug)
+ line.version = self.unstable_version
+ modified.append(bug)
elif vcompare > 0:
self.logger.error(
"%s is listed as fixed in %s which is newer than %s",
@@ -206,12 +206,8 @@ class ParseChanges:
line.version,
)
else:
- mod_line = line._replace(version=self.unstable_version)
- index = self.bugs[cve].annotations.index(line)
- bug_list = list(self.bugs[cve].annotations)
- bug_list[index] = mod_line
- mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
- modified.append(mod_bug)
+ line.version = self.unstable_version
+ modified.append(bug)
if not modified:
return 0
if os.path.exists(cve_file):
=====================================
bin/merge-cve-files
=====================================
@@ -3,7 +3,7 @@
# Merge a separate CVE file (such as data/next-point-update.txt) back into
# the main one.
#
-# Copyright © 2020 Emilio Pozuelo Monfort <pochu at debian.org>
+# Copyright © 2020-2023 Emilio Pozuelo Monfort <pochu at debian.org>
# Copyright (c) 2021-2022 Neil Williams <codehelp at debian.org>
import os
@@ -21,43 +21,31 @@ from sectracker.parsers import (
XrefAnnotation
)
-def merge_notes(bug, notes):
+def merge_notes(annotations, new_annotation):
"""
Special support for StringAnnotations.
- notes is a dict containing a list of string annotations for
- each CVE in the file being merged. Pick out the string annotations
- for this bug, ignore if already exist, append if new.
+ Merges a note into the bug's annotations, taking care not to
+ add duplicate notes.
+
+ new_annotation is a new string annotation for this CVE (bug),
"""
- new_notes = []
- cve = bug.header.name
- merge_list = notes.get(cve) # list of notes to merge
- if not merge_list:
- # nothing to merge
- return bug
- tagged_notes = [note.description for note in merge_list]
- bug_notes = [ann.description for ann in bug.annotations if isinstance(ann, StringAnnotation)]
- # get the list items in tagged_notes which are not in bug_notes
- new_strings = list(set(tagged_notes) - set(bug_notes))
- if not new_strings:
- return bug
- for new_ann in merge_list:
- if new_ann.description in new_strings:
- new_notes.append(new_ann)
- bug_list = list(bug.annotations)
- bug_list.extend(new_notes)
- mod_bug = Bug(
- bug.file, bug.header, tuple(bug_list)
- )
- return mod_bug
+ old_descriptions = [ann.description
+ for ann in annotations
+ if isinstance(ann, StringAnnotation)]
+
+ # prevent adding duplicate notes
+ if not new_annotation.description in old_descriptions:
+ annotations.append(new_annotation)
def merge_annotations(annotations, new_annotation):
+ """
+ Adds new_annotation to the annotations list
+ """
if not isinstance(new_annotation, PackageAnnotation):
raise NotImplementedError(f"unsupported annotation of type {new_annotation.type} (line {new_annotation.line})")
- annotations = list(annotations)
-
annotations_for_pkg = [ann for ann in annotations \
if isinstance(ann, PackageAnnotation) \
and ann.package == new_annotation.package]
@@ -72,7 +60,7 @@ def merge_annotations(annotations, new_annotation):
continue
annotations.insert(idx, new_annotation)
- return annotations
+ return
# append/substitute the new one at the right place
@@ -87,6 +75,13 @@ def merge_annotations(annotations, new_annotation):
annotations[idx] = new_annotation
break
+ # if we found an experimental annotation, it will be followed by a 'sid'
+ # one, so next_annotation.release will be None in the next case. That
+ # comparison will break, so we avoid it by continuing. If new_annotation
+ # was for experimental, we would have already replaced it in the above check.
+ if annotation.release == 'experimental':
+ continue
+
# if the next annotation's release is the same, we continue to replace
# it in the next iteration. otherwise if we found the right place, we
# insert the new annotation
@@ -99,15 +94,6 @@ def merge_annotations(annotations, new_annotation):
annotations.insert(idx + 1, new_annotation)
break
- return annotations
-
-def parse_list(path):
- data, messages = cvelist(path)
-
- for m in messages:
- sys.stderr.write(str(m) + "\n")
-
- return data
if len(sys.argv) not in (2, 3):
print(f"Usage: {os.path.basename(sys.argv[0])} (CVE/list) extra-cve-list")
@@ -120,27 +106,20 @@ else:
extra_list = sys.argv[-1]
-data = parse_list(main_list)
-extra_data = parse_list(extra_list)
+data = cvelist(main_list)
+extra_data = cvelist(extra_list)
for extra_bug in extra_data:
bug = next(bug for bug in data if bug.header.name == extra_bug.header.name)
- notes = {}
- new_annotations = bug.annotations
for extra_annotation in extra_bug.annotations:
if isinstance(extra_annotation, FlagAnnotation):
continue
if isinstance(extra_annotation, StringAnnotation):
- cve = f"{extra_bug.header.name}"
- note_tag = notes.setdefault(cve, [])
- note_tag.append(extra_annotation)
+ merge_notes(bug.annotations, extra_annotation)
continue
- new_annotations = merge_annotations(new_annotations, extra_annotation)
- bug = bug._replace(annotations=new_annotations)
- bug = merge_notes(bug, notes)
- data = [bug if bug.header.name == old_bug.header.name else old_bug for old_bug in data]
+ merge_annotations(bug.annotations, extra_annotation)
with open(main_list, 'w') as f:
writecvelist(data, f)
=====================================
bin/process-cve-records
=====================================
@@ -0,0 +1,171 @@
+#!/usr/bin/python3
+#
+# Parse MITRE JSON 5.0 records and update data/CVE/list
+#
+# See https://github.com/CVEProject/cve-schema
+# and https://github.com/CVEProject/cvelistV5
+#
+# Copyright © 2023 Emilio Pozuelo Monfort <pochu at debian.org>
+
+import argparse
+import io
+import json
+import os
+import zipfile
+
+import requests
+
+import setup_paths # noqa
+from sectracker import parsers
+
+CVE_ZIPFILE = 'https://github.com/CVEProject/cvelistV5/archive/refs/heads/main.zip'
+
+def debug(m):
+ if args.verbose:
+ print(m)
+
+
+def get_annotation(annotations, ann_type):
+ for ann in annotations:
+ if isinstance(ann, ann_type):
+ return ann
+
+
+def is_published(record):
+ return record['cveMetadata']['state'] == 'PUBLISHED'
+
+
+def is_reserved(record):
+ return record['cveMetadata']['state'] == 'RESERVED'
+
+
+def is_rejected(record):
+ return record['cveMetadata']['state'] == 'REJECTED'
+
+
+def parse_record(record, cve):
+ # remove all flags, and add the current one if needed
+ ann = get_annotation(cve.annotations, parsers.FlagAnnotation)
+ if ann:
+ cve.annotations.remove(ann)
+
+ if is_published(record):
+ # no flag for published records
+ pass
+ elif is_reserved(record):
+ ann = parsers.FlagAnnotation(0, 'RESERVED')
+ cve.annotations.insert(0, ann)
+ elif is_rejected(record):
+ ann = parsers.FlagAnnotation(0, 'REJECTED')
+ cve.annotations.insert(0, ann)
+
+ if is_reserved(record) or is_rejected(record):
+ if cve.header.description.startswith('('):
+ cve.header.description = ''
+ else:
+ desc = [desc['value']
+ for desc in record['containers']['cna']['descriptions']
+ if desc['lang'].startswith('en')]
+ if desc:
+ desc = desc[0]
+
+ # for some reason descriptions may contain new lines
+ desc = desc.replace('\n', ' ')
+
+ # and even non-printable characters such as \xa0 ( )
+ # if a character is non-ascii then return character in
+ # ASCII-only representation.
+ desc = "".join([ c if ord(c) < 128 else ascii(c).strip('\'') for c in desc if c.isprintable() ])
+
+ # and some contain leading spaces
+ desc = desc.strip()
+
+ if len(desc) > 70:
+ desc = desc[:70] + ' ...'
+
+ cve.header.description = f"({desc})"
+
+ if not is_reserved(record) and not is_rejected(record) \
+ and not get_annotation(cve.annotations, parsers.StringAnnotation) \
+ and not get_annotation(cve.annotations, parsers.PackageAnnotation):
+ ann = parsers.StringAnnotation(0, 'TODO', 'check')
+ cve.annotations.append(ann)
+
+
+def process_record_file(f):
+ global cve_dir
+ global cves
+
+ record = json.load(f)
+ cve_id = record['cveMetadata']['cveId']
+
+ try:
+ cve = cve_dir[cve_id]
+ except KeyError:
+ header = parsers.Header(0, cve_id, '')
+ cve = parsers.Bug('', header, list())
+ cves.insert(0, cve)
+
+ parse_record(record, cve)
+
+def process_record_filename(record_file):
+ with open(record_file) as f:
+ process_record_file(f)
+
+
+def process_record_dir(record_dir):
+ for year_dir in os.listdir(record_dir):
+ for record_file in os.listdir(year_dir):
+ debug("processing record " + record_file)
+ process_record_filename(record_file)
+ debug("record processed")
+
+
+def process_zip_file(zip_file):
+ z = zipfile.ZipFile(zip_file)
+ for fname in z.namelist():
+ if os.path.basename(fname).startswith('CVE-'):
+ f = z.open(fname)
+ debug("processing record " + fname)
+ process_record_file(f)
+ debug("record processed")
+
+
+def download_zip_file():
+ debug("downloading zip file...")
+ r = requests.get(CVE_ZIPFILE)
+ debug(f"downloaded, status {r.status_code}")
+ b = io.BytesIO(r.content)
+ process_zip_file(b)
+
+default_workdir = os.path.join(os.path.dirname(os.path.dirname(__file__)))
+
+parser = argparse.ArgumentParser(description='Update CVE list with MITRE CVE records')
+parser.add_argument('-v', '--verbose', action="store_true", help='enable verbose messages')
+parser.add_argument('--work-dir', help='path to security-tracker repo (default: relative to the script)', default=default_workdir)
+parser.add_argument('file', nargs='?', help='file to process, or download records from MITRE if not specified')
+args = parser.parse_args()
+
+main_list = args.work_dir + '/data/CVE/list'
+
+debug("reading cve file")
+cves = parsers.cvelist(main_list)
+debug("finished reading cve file")
+
+cve_dir = { cve.header.name: cve for cve in cves }
+
+if not args.file:
+ # no argument, we download the CVE db
+ download_zip_file()
+elif args.file.endswith('.json'):
+ debug("processing record " + args.file)
+ process_record_filename(args.file)
+ debug("record processed")
+elif args.file.endswith('.zip'):
+ process_zip_file(args.file)
+else:
+ process_record_dir(args.file)
+
+# write CVE file back
+with open(main_list, 'w') as f:
+ parsers.writecvelist(cves, f)
=====================================
bin/remove-cve-dist-tags
=====================================
@@ -25,11 +25,6 @@ def keep_annotation(cve, annotation):
return True
-def parse_list(path):
- data, messages = cvelist(path)
-
- return data
-
if len(sys.argv) <= 3:
# assume there are no CVEs, so nothing to do
sys.exit(0)
@@ -46,7 +41,7 @@ for release in releases:
if 'maincvefile' in distconfig:
main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile']
-data = parse_list(main_list)
+data = cvelist(main_list)
new_data = []
for cve in data:
@@ -55,7 +50,7 @@ for cve in data:
for annotation in cve.annotations
if keep_annotation(cve, annotation)
)
- cve = cve._replace(annotations=annotations)
+ cve.annotations=annotations
if not cve.annotations:
# this shouldn't happen on a normal CVE file as we're only removing
# the dist specific tags, but it may happen in an ExtendFile, in
=====================================
bin/tracker_service.py
=====================================
@@ -1076,14 +1076,16 @@ checker to find out why they have not entered testing yet."""),
def page_status_unreported(self, path, params, url):
show_ignored = params.get('show_ignored', False)
+ show_ignored_flag = False
if show_ignored:
flags = A(url.updateParamsDict({'show_ignored' : None}),
'Hide ignored issues')
+ show_ignored_flag = True
else:
flags = A(url.updateParamsDict({'show_ignored' : '1'}),
'Show ignored issues')
def gen():
- for (bug, packages) in self.db.getUnreportedVulnerabilities(show_ignored=show_ignored):
+ for (bug, packages) in self.db.getUnreportedVulnerabilities(show_ignored=show_ignored_flag):
pkgs = make_list([self.make_source_package_ref(url, pkg)
for pkg in packages], ", ")
yield self.make_xref(url, bug), pkgs
=====================================
bin/update-vuln
=====================================
@@ -81,7 +81,7 @@ class ParseUpdates:
def _read_cvelist(self):
"""Build a list of Bug items for the CVE from data/CVE/list"""
os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__))))
- data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter
+ data = cvelist("data/CVE/list")
for cve in self.cves:
for bug in data:
if bug.header.name == cve:
@@ -96,12 +96,14 @@ class ParseUpdates:
Accounts for PackageAnnotation.release == None for unstable.
"""
+ bug = self.bugs[cve]
+
if isinstance(annotation, PackageAnnotation):
- store = {ann.release: ann for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)}
+ store = {ann.release: ann for ann in bug.annotations if isinstance(ann, PackageAnnotation)}
store[annotation.release] = annotation
# this is needed despite python3 >= 3.7 having ordered dicts
# because using the dict.keys() would need a copy of that list anyway.
- existing = [ann.release for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)]
+ existing = [ann.release for ann in bug.annotations if isinstance(ann, PackageAnnotation)]
if None in existing:
# release == None for unstable
index = existing.index(None)
@@ -118,20 +120,14 @@ class ParseUpdates:
bug_list = []
for item in existing:
bug_list.append(store[item])
+ bug.annotations = bug_list
elif isinstance(annotation, StringAnnotation):
- bug_list = list(self.bugs[cve].annotations)
- bug_list.append(annotation)
+ bug.annotations.append(annotation)
else:
raise ValueError(f"Unsupported annotation type: {type(annotation)}")
- return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
-
- def _replace_annotation_on_line(self, cve, line, mod_line):
- index = self.bugs[cve].annotations.index(line)
- bug_list = list(self.bugs[cve].annotations)
- bug_list[index] = mod_line
- return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+ return bug
def write_modified(self, modified, cve_file):
"""
@@ -169,13 +165,14 @@ class ParseUpdates:
modified = []
cve = self.cves[0]
cve_file = f"{cve}.list"
- existing = [line.release for line in self.bugs[cve].annotations if isinstance(line, PackageAnnotation)]
+ bug = self.bugs[cve]
+ existing = [line.release for line in bug.annotations if isinstance(line, PackageAnnotation)]
if suite not in existing:
# line type release package kind version description flags
line = PackageAnnotation(0, "package", suite, src, "not-affected", None, description, [])
mod_bug = self._add_annotation_to_cve(cve, line)
modified.append(mod_bug)
- for line in self.bugs[cve].annotations:
+ for line in bug.annotations:
if not isinstance(line, PackageAnnotation):
continue # skip notes etc.
if line.release != suite:
@@ -187,23 +184,18 @@ class ParseUpdates:
if line.kind == "not-affected":
self.logger.info("Nothing to do for %s in %s.", cve, suite)
return
- mod_line = line._replace(kind="not-affected")
+ line.kind = "not-affected"
self.logger.info("Modified %s for %s in %s to <not-affected>", cve, src, release)
- if mod_line.version:
+ if line.version:
self.logger.info("Removing version %s", line.version)
- ver_line = mod_line
- mod_line = ver_line._replace(version=None)
+ line.version = None
if description:
self.logger.info("Replacing description %s", line.description)
- desc_line = mod_line
- mod_line = desc_line._replace(description=description)
- elif mod_line.description:
+ line.description = description
+ elif line.description:
self.logger.info("Removing description %s", line.description)
- desc_line = mod_line
- mod_line = desc_line._replace(description=None)
- # removing a bug annotation is not covered, yet.
- mod_bug = self._replace_annotation_on_line(cve, line, mod_line)
- modified.append(mod_bug)
+ line.description = None
+ modified.append(bug)
self.write_modified(modified, cve_file)
def add_note(self, note):
=====================================
bin/update-xrefs
=====================================
@@ -0,0 +1,100 @@
+#!/usr/bin/python3
+#
+# Update xrefs in data/CVE/list
+#
+# Copyright © 2023 Emilio Pozuelo Monfort <pochu at debian.org>
+
+import argparse
+import os
+
+import setup_paths # noqa
+from sectracker import parsers
+
+def get_annotation(annotations, ann_type):
+ for ann in annotations:
+ if isinstance(ann, ann_type):
+ return ann
+
+
+def add_xref(cve, xref):
+ ann = get_annotation(cve.annotations, parsers.XrefAnnotation)
+ if not ann:
+ ann = parsers.XrefAnnotation(0, "xref", list())
+ # TODO: annotations order is important atm
+ flag_ann = get_annotation(cve.annotations, parsers.FlagAnnotation)
+ idx = cve.annotations.index(flag_ann) + 1 if flag_ann else 0
+ cve.annotations.insert(idx, ann)
+
+ if not xref in ann.bugs:
+ ann.bugs.append(xref)
+
+
+def parse_advfile(filename, parsemethod):
+ global cve_map
+
+ advs = parsemethod(filename)
+
+ for adv in advs:
+ for ann in adv.annotations:
+ if isinstance(ann, parsers.XrefAnnotation):
+ cves = ann.bugs
+ for cvename in cves:
+ if not cvename.startswith('CVE-'):
+ continue
+
+ cve = cve_map[cvename]
+ add_xref(cve, adv.header.name)
+
+
+def parse_dsafile(dsafile):
+ return parse_advfile(dsafile, parsers.dsalist)
+
+
+def parse_dtsafile(dtsafile):
+ return parse_advfile(dtsafile, parsers.dtsalist)
+
+
+def parse_dlafile(dlafile):
+ return parse_advfile(dlafile, parsers.dlalist)
+
+
+def remove_xrefs(cves):
+ for cve in cves:
+ #cve.annotations = [ann
+ # for ann in cve.annotations
+ # if not isinstance(ann, parsers.XrefAnnotation)]
+
+ ann = get_annotation(cve.annotations, parsers.XrefAnnotation)
+
+ if ann:
+ # we have CVE- cross-references, keep those and remove
+ # the rest, which we will re-add later if appropriate
+ ann.bugs = [bug for bug in ann.bugs if bug.startswith('CVE-')]
+ if len(ann.bugs) == 0:
+ cve.annotations.remove(ann)
+
+
+default_workdir = os.path.join(os.path.dirname(os.path.dirname(__file__)))
+
+parser = argparse.ArgumentParser(description='Update cross-references in CVE list')
+parser.add_argument('--work-dir', help='path to security-tracker repo (default: relative to the script)', default=default_workdir)
+args = parser.parse_args()
+
+dsa_list = args.work_dir + '/data/DSA/list'
+dtsa_list = args.work_dir + '/data/DTSA/list'
+dla_list = args.work_dir + '/data/DLA/list'
+main_list = args.work_dir + '/data/CVE/list'
+
+cves = parsers.cvelist(main_list)
+cve_map = {cve.header.name: cve for cve in cves}
+
+# We remove the Xrefs, then re-parse the various advisory files and re-add
+# them
+remove_xrefs(cves)
+parse_dsafile(dsa_list)
+parse_dtsafile(dtsa_list)
+parse_dlafile(dla_list)
+
+# write the CVE file back
+with open(main_list, 'w') as f:
+ parsers.writecvelist(cves, f)
=====================================
check-external/update.sh
=====================================
@@ -58,7 +58,7 @@ check_list cve.list
# or as specified at the individual html files or elsewhere on cve.mitre.org's website
for vendor in SUSE DEBIAN GENTOO FEDORA REDHAT UBUNTU; do
wget -N http://cve.mitre.org/data/refs/refmap/source-$vendor.html
- sed -rn "/CVE-[12][0-9]{3}-/{s/^.+>($vendor:)?(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\2/;p}" source-$vendor.html |
+ sed -rn "/CVE-[12][0-9]{3}-/{s/^.+>($vendor:)?($vendor Security )?(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\3/i;p}" source-$vendor.html |
sort -u > $vendor.list
check_list $vendor.list
done
=====================================
data/CVE/list
=====================================
The diff for this file was not included because it is too large.
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,276 @@
+[22 May 2023] DLA-3431-1 sqlite - security update
+ {CVE-2016-6153 CVE-2018-8740}
+ [buster] - sqlite 2.8.17-15+deb10u1
+[22 May 2023] DLA-3430-1 cups-filters - security update
+ {CVE-2023-24805}
+ [buster] - cups-filters 1.21.6-5+deb10u1
+[21 May 2023] DLA-3429-1 imagemagick - security update
+ {CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 CVE-2021-39212 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547}
+ [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u5
+[20 May 2023] DLA-3428-1 node-nth-check - security update
+ {CVE-2021-3803}
+ [buster] - node-nth-check 1.0.1-1+deb10u1
+[20 May 2023] DLA-3427-1 texlive-bin - security update
+ {CVE-2023-32700}
+ [buster] - texlive-bin 2018.20181218.49446-1+deb10u1
+[17 May 2023] DLA-3426-1 netatalk - security update
+ {CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122 CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634 CVE-2022-45188}
+ [buster] - netatalk 3.1.12~ds-3+deb10u1
+[16 May 2023] DLA-3425-1 sqlparse - security update
+ {CVE-2023-30608}
+ [buster] - sqlparse 0.2.4-1+deb10u1
+[16 May 2023] DLA-3424-1 python-ipaddress - security update
+ {CVE-2020-14422}
+ [buster] - python-ipaddress 1.0.17-1+deb10u1
+[15 May 2023] DLA-3423-1 epiphany-browser - security update
+ {CVE-2023-26081}
+ [buster] - epiphany-browser 3.32.1.2-3~deb10u3
+[15 May 2023] DLA-3422-1 postgresql-11 - security update
+ {CVE-2023-2454 CVE-2023-2455}
+ [buster] - postgresql-11 11.20-0+deb10u1
+[15 May 2023] DLA-3421-1 thunderbird - security update
+ {CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215}
+ [buster] - thunderbird 1:102.11.0-1~deb10u1
+[14 May 2023] DLA-3420-1 golang-websocket - security update
+ {CVE-2020-27813}
+ [buster] - golang-websocket 1.4.0-1+deb10u1
+[12 May 2023] DLA-3419-1 webkit2gtk - security update
+ {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205}
+ [buster] - webkit2gtk 2.38.6-0+deb10u1
+[11 May 2023] DLA-3418-1 nvidia-graphics-drivers-legacy-390xx - security update
+ {CVE-2022-34670 CVE-2022-34674 CVE-2022-34675 CVE-2022-34677 CVE-2022-34680 CVE-2022-42257 CVE-2022-42258 CVE-2022-42259}
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb10u1
+[11 May 2023] DLA-3417-1 firefox-esr - security update
+ {CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215}
+ [buster] - firefox-esr 102.11.0esr-1~deb10u1
+[10 May 2023] DLA-3416-1 emacs - security update
+ {CVE-2022-48337 CVE-2022-48339 CVE-2023-28617}
+ [buster] - emacs 1:26.1+1-3.2+deb10u4
+[05 May 2023] DLA-3415-1 python-django - security update
+ {CVE-2023-31047}
+ [buster] - python-django 1:1.11.29-1+deb10u8
+[02 May 2023] DLA-3414-1 avahi - security update
+ {CVE-2023-1981}
+ [buster] - avahi 0.7-4+deb10u2
+[02 May 2023] DLA-3413-1 libdatetime-timezone-perl - new timezone database
+ [buster] - libdatetime-timezone-perl 1:2.23-1+2023c
+[02 May 2023] DLA-3412-1 tzdata - new timezone database
+ [buster] - tzdata 2021a-0+deb10u11
+[30 Apr 2023] DLA-3411-1 distro-info-data - database update
+ [buster] - distro-info-data 0.41+deb10u7
+[01 May 2023] DLA-3410-1 openvswitch - security update
+ {CVE-2023-1668}
+ [buster] - openvswitch 2.10.7+ds1-0+deb10u4
+[30 Apr 2023] DLA-3409-1 libapache2-mod-auth-openidc - security update
+ {CVE-2019-20479 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVE-2023-28625}
+ [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u2
+[30 Apr 2023] DLA-3408-1 jruby - security update
+ {CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755 CVE-2023-28756}
+ [buster] - jruby 9.1.17.0-3+deb10u1
+[30 Apr 2023] DLA-3407-1 jackson-databind - security update
+ {CVE-2020-10650}
+ [buster] - jackson-databind 2.9.8-3+deb10u5
+[30 Apr 2023] DLA-3406-1 sniproxy - security update
+ {CVE-2023-25076}
+ [buster] - sniproxy 0.6.0-1+deb10u1
+[30 Apr 2023] DLA-3405-1 libxml2 - security update
+ {CVE-2023-28484 CVE-2023-29469}
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u6
+[29 Apr 2023] DLA-3404-1 linux-5.10 - security update
+ {CVE-2022-2196 CVE-2022-3424 CVE-2022-3707 CVE-2022-4129 CVE-2022-4379 CVE-2023-0045 CVE-2023-0458 CVE-2023-0459 CVE-2023-0461 CVE-2023-1073 CVE-2023-1074 CVE-2023-1076 CVE-2023-1077 CVE-2023-1078 CVE-2023-1079 CVE-2023-1118 CVE-2023-1281 CVE-2023-1513 CVE-2023-1611 CVE-2023-1670 CVE-2023-1829 CVE-2023-1855 CVE-2023-1859 CVE-2023-1872 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2162 CVE-2023-2194 CVE-2023-22998 CVE-2023-23004 CVE-2023-23559 CVE-2023-25012 CVE-2023-26545 CVE-2023-28328 CVE-2023-28466 CVE-2023-30456}
+ [buster] - linux-5.10 5.10.178-3~deb10u1
+[29 Apr 2023] DLA-3403-1 linux - security update
+ {CVE-2022-2873 CVE-2022-3424 CVE-2022-3545 CVE-2022-3707 CVE-2022-4744 CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0458 CVE-2023-0459 CVE-2023-0461 CVE-2023-1073 CVE-2023-1074 CVE-2023-1078 CVE-2023-1079 CVE-2023-1118 CVE-2023-1281 CVE-2023-1513 CVE-2023-1670 CVE-2023-1829 CVE-2023-1855 CVE-2023-1859 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2162 CVE-2023-2194 CVE-2023-23454 CVE-2023-23455 CVE-2023-23559 CVE-2023-26545 CVE-2023-28328 CVE-2023-30456 CVE-2023-30772}
+ [buster] - linux 4.19.282-1
+[29 Apr 2023] DLA-3402-1 wireshark - security update
+ {CVE-2023-1161 CVE-2023-1992 CVE-2023-1993 CVE-2023-1994}
+ [buster] - wireshark 2.6.20-0+deb10u6
+[24 Apr 2023] DLA-3401-1 apache2 - security update
+ {CVE-2023-25690 CVE-2023-27522}
+ [buster] - apache2 2.4.38-3+deb10u10
+[24 Apr 2023] DLA-3400-1 thunderbird - security update
+ {CVE-2023-0547 CVE-2023-1945 CVE-2023-1999 CVE-2023-28427 CVE-2023-29479 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
+ [buster] - thunderbird 1:102.10.0-1~deb10u1
+[24 Apr 2023] DLA-3399-1 389-ds-base - security update
+ {CVE-2019-3883 CVE-2019-10224 CVE-2019-14824 CVE-2021-3514 CVE-2021-3652 CVE-2021-4091 CVE-2022-0918 CVE-2022-0996 CVE-2022-2850}
+ [buster] - 389-ds-base 1.4.0.21-1+deb10u1
+[21 Apr 2023] DLA-3398-1 curl - security update
+ {CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538}
+ [buster] - curl 7.64.0-4+deb10u6
+[21 Apr 2023] DLA-3397-1 connman - security update
+ {CVE-2023-28488}
+ [buster] - connman 1.36-2.1~deb10u5
+[21 Apr 2023] DLA-3396-1 redis - security update
+ {CVE-2023-28856}
+ [buster] - redis 5:5.0.14-1+deb10u4
+[20 Apr 2023] DLA-3395-2 golang-1.11 - regression update
+ [buster] - golang-1.11 1.11.6-1+deb10u7
+[19 Apr 2023] DLA-3395-1 golang-1.11 - security update
+ {CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-38297 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717 CVE-2022-23806 CVE-2022-24921}
+ [buster] - golang-1.11 1.11.6-1+deb10u6
+[19 Apr 2023] DLA-3394-1 asterisk - security update
+ {CVE-2023-27585}
+ [buster] - asterisk 1:16.28.0~dfsg-0+deb10u3
+[18 Apr 2023] DLA-3393-1 protobuf - security update
+ {CVE-2021-22569 CVE-2021-22570 CVE-2022-1941}
+ [buster] - protobuf 3.6.1.3-2+deb10u1
+[17 Apr 2023] DLA-3392-1 ruby-rack - security update
+ {CVE-2023-27530 CVE-2023-27539}
+ [buster] - ruby-rack 2.0.6-3+deb10u3
+[12 Apr 2023] DLA-3391-1 firefox-esr - security update
+ {CVE-2023-1945 CVE-2023-1999 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
+ [buster] - firefox-esr 102.10.0esr-1~deb10u1
+[12 Apr 2023] DLA-3390-1 zabbix - security update
+ {CVE-2019-15132 CVE-2020-15803 CVE-2021-27927 CVE-2022-24349 CVE-2022-24917 CVE-2022-24919 CVE-2022-35229 CVE-2022-35230}
+ [buster] - zabbix 1:4.0.4+dfsg-1+deb10u1
+[10 Apr 2023] DLA-3389-1 lldpd - security update
+ {CVE-2020-27827 CVE-2021-43612}
+ [buster] - lldpd 1.0.3-1+deb10u1
+[10 Apr 2023] DLA-3388-1 keepalived - security update
+ {CVE-2021-44225}
+ [buster] - keepalived 1:2.0.10-1+deb10u1
+[10 Apr 2023] DLA-3387-2 udisks2 - regression update
+ [buster] - udisks2 2.8.1-4+deb10u2
+[07 Apr 2023] DLA-3387-1 udisks2 - security update
+ {CVE-2021-3802}
+ [buster] - udisks2 2.8.1-4+deb10u1
+[06 Apr 2023] DLA-3386-1 grunt - security update
+ {CVE-2022-0436}
+ [buster] - grunt 1.0.1-8+deb10u3
+[05 Apr 2023] DLA-3385-1 trafficserver - security update
+ {CVE-2022-31778 CVE-2022-31779 CVE-2022-32749 CVE-2022-37392}
+ [buster] - trafficserver 8.1.6+ds-1~deb10u1
+[05 Apr 2023] DLA-3384-1 tomcat9 - security update
+ {CVE-2022-42252 CVE-2023-28708}
+ [buster] - tomcat9 9.0.31-1~deb10u8
+[05 Apr 2023] DLA-3383-1 grunt - security update
+ {CVE-2022-1537}
+ [buster] - grunt 1.0.1-8+deb10u2
+[05 Apr 2023] DLA-3382-1 openimageio - security update
+ {CVE-2022-36354 CVE-2022-41639 CVE-2022-41838 CVE-2022-41977 CVE-2022-41981 CVE-2022-41988 CVE-2022-41999 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-43603}
+ [buster] - openimageio 2.0.5~dfsg0-1+deb10u1
+[04 Apr 2023] DLA-3381-1 ghostscript - security update
+ {CVE-2023-28879}
+ [buster] - ghostscript 9.27~dfsg-2+deb10u7
+[01 Apr 2023] DLA-3380-1 firmware-nonfree - security update
+ {CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2021-23168 CVE-2021-23223 CVE-2021-37409 CVE-2021-44545 CVE-2022-21181}
+ [buster] - firmware-nonfree 20190114+really20220913-0+deb10u1
+[01 Apr 2023] DLA-3379-1 intel-microcode - security update
+ {CVE-2022-21216 CVE-2022-21233 CVE-2022-33196 CVE-2022-33972 CVE-2022-38090}
+ [buster] - intel-microcode 3.20230214.1~deb10u1
+[01 Apr 2023] DLA-3378-1 duktape - security update
+ {CVE-2021-46322}
+ [buster] - duktape 2.3.0-1+deb10u1
+[31 Mar 2023] DLA-3377-1 systemd - security update
+ {CVE-2023-26604}
+ [buster] - systemd 241-7~deb10u9
+[31 Mar 2023] DLA-3376-1 svgpp - security update
+ {CVE-2019-6245 CVE-2019-6247 CVE-2021-44960}
+ [buster] - svgpp 1.2.3+dfsg1-6+deb10u1
+[31 Mar 2023] DLA-3375-1 xrdp - security update
+ {CVE-2022-23480 CVE-2022-23481 CVE-2022-23482}
+ [buster] - xrdp 0.9.9-1+deb10u3
+[30 Mar 2023] DLA-3374-1 libmicrohttpd - security update
+ {CVE-2023-27371}
+ [buster] - libmicrohttpd 0.9.62-1+deb10u1
+[30 Mar 2023] DLA-3373-1 json-smart - security update
+ {CVE-2021-31684 CVE-2023-1370}
+ [buster] - json-smart 2.2-2+deb10u1
+[30 Mar 2023] DLA-3193-2 joblib - security update
+ {CVE-2022-21797}
+ [buster] - joblib 0.13.0-2+deb10u2
+[29 Mar 2023] DLA-3372-1 xorg-server - security update
+ {CVE-2023-1393}
+ [buster] - xorg-server 2:1.20.4-1+deb10u9
+[29 Mar 2023] DLA-3371-1 unbound - security update
+ {CVE-2020-28935 CVE-2022-3204 CVE-2022-30698 CVE-2022-30699}
+ [buster] - unbound 1.9.0-2+deb10u3
+[28 Mar 2023] DLA-3370-1 xrdp - security update
+ {CVE-2022-23468 CVE-2022-23478 CVE-2022-23479 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493}
+ [buster] - xrdp 0.9.9-1+deb10u2
+[27 Mar 2023] DLA-3369-1 runc - security update
+ {CVE-2019-16884 CVE-2019-19921 CVE-2021-30465 CVE-2022-29162 CVE-2023-27561 CVE-2023-28642}
+ [buster] - runc 1.0.0~rc6+dfsg1-3+deb10u2
+[26 Mar 2023] DLA-3368-1 libreoffice - security update
+ {CVE-2021-25636 CVE-2022-3140 CVE-2022-26305 CVE-2022-26306 CVE-2022-26307}
+ [buster] - libreoffice 1:6.1.5-3+deb10u8
+[24 Mar 2023] DLA-3367-1 libdatetime-timezone-perl - new timezone database
+ [buster] - libdatetime-timezone-perl 1:2.23-1+2023b
+[24 Mar 2023] DLA-3366-1 tzdata - new timezone database
+ [buster] - tzdata 2021a-0+deb10u10
+[20 Mar 2023] DLA-3315-2 sox - regression update
+ [buster] - sox 14.4.2+git20190427-1+deb10u2
+[20 Mar 2023] DLA-3365-1 thunderbird - security update
+ {CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176}
+ [buster] - thunderbird 1:102.9.0-1~deb10u1
+[18 Mar 2023] DLA-3357-2 imagemagick - regression update
+ [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u4
+[18 Mar 2023] DLA-3355-1 xapian-core - security update
+ [buster] - xapian-core 1.4.11-1+deb10u1
+[17 Mar 2023] DLA-3364-1 firefox-esr - security update
+ {CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176}
+ [buster] - firefox-esr 102.9.0esr-1~deb10u1
+[16 Mar 2023] DLA-3363-1 pcre2 - security update
+ {CVE-2019-20454 CVE-2022-1586 CVE-2022-1587}
+ [buster] - pcre2 10.32-5+deb10u1
+[14 Mar 2023] DLA-3362-1 qemu - security update
+ {CVE-2020-14394 CVE-2020-17380 CVE-2020-29130 CVE-2021-3409 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2022-0216 CVE-2022-1050}
+ [buster] - qemu 1:3.1+dfsg-8+deb10u10
+[13 Mar 2023] DLA-3361-1 redis - security update
+ {CVE-2022-36021}
+ [buster] - redis 5:5.0.14-1+deb10u3
+[13 Mar 2023] DLA-3360-1 ruby-sidekiq - security update
+ {CVE-2021-30151 CVE-2022-23837}
+ [buster] - ruby-sidekiq 5.2.3+dfsg-1+deb10u1
+[13 Mar 2023] DLA-3359-1 libapache2-mod-auth-mellon - security update
+ {CVE-2019-13038 CVE-2021-3639}
+ [buster] - libapache2-mod-auth-mellon 0.14.2-1+deb10u1
+[12 Mar 2023] DLA-3358-1 mpv - security update
+ {CVE-2020-19824}
+ [buster] - mpv 0.29.1-1+deb10u1
+[11 Mar 2023] DLA-3357-1 imagemagick - security update
+ {CVE-2020-19667 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27560 CVE-2020-27750 CVE-2020-27751 CVE-2020-27754 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2020-29599 CVE-2021-3574 CVE-2021-3596 CVE-2021-20224 CVE-2022-44267 CVE-2022-44268}
+ [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u2
+[09 Mar 2023] DLA-3356-1 wireless-regdb - security update
+ [buster] - wireless-regdb 2022.04.08-2~deb10u1
+[06 Mar 2023] DLA-3354-1 kopanocore - security update
+ {CVE-2019-19907 CVE-2022-26562}
+ [buster] - kopanocore 8.7.0-3+deb10u1
+[05 Mar 2023] DLA-3353-1 xfig - security update
+ {CVE-2021-40241}
+ [buster] - xfig 1:3.2.7a-3+deb10u1
+[04 Mar 2023] DLA-3352-1 libde265 - security update
+ {CVE-2022-47664 CVE-2022-47665 CVE-2023-24751 CVE-2023-24752 CVE-2023-24754 CVE-2023-24755 CVE-2023-24756 CVE-2023-24757 CVE-2023-24758 CVE-2023-25221}
+ [buster] - libde265 1.0.11-0+deb10u4
+[03 Mar 2023] DLA-3347-2 spip - regression update
+ [buster] - spip 3.2.4-1+deb10u11
+[03 Mar 2023] DLA-3351-1 apache2 - security update
+ {CVE-2006-20001 CVE-2019-0215 CVE-2020-1927 CVE-2021-33193 CVE-2022-36760 CVE-2022-37436}
+ [buster] - apache2 2.4.38-3+deb10u9
+[03 Mar 2023] DLA-3350-1 node-css-what - security update
+ {CVE-2021-33587 CVE-2022-21222}
+ [buster] - node-css-what 2.1.0-1+deb10u1
+[02 Mar 2023] DLA-3349-1 linux-5.10 - security update
+ {CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696 CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929 CVE-2023-0179 CVE-2023-0240 CVE-2023-0266 CVE-2023-0394 CVE-2023-23454 CVE-2023-23455 CVE-2023-23586}
+ [buster] - linux-5.10 5.10.162-1~deb10u1
+[01 Mar 2023] DLA-3348-1 syslog-ng - security update
+ {CVE-2022-38725}
+ [buster] - syslog-ng 3.19.1-5+deb10u1
+[27 Feb 2023] DLA-3347-1 spip - security update
+ {CVE-2023-24258 CVE-2023-27372}
+ [buster] - spip 3.2.4-1+deb10u10
+[27 Feb 2023] DLA-3346-1 python-werkzeug - security update
+ {CVE-2023-23934 CVE-2023-25577}
+ [buster] - python-werkzeug 0.14.1+dfsg1-4+deb10u2
+[27 Feb 2023] DLA-3331-2 python-cryptography - regression update
+ {CVE-2023-23931}
+ [buster] - python-cryptography 2.6.1-3+deb10u4
+[26 Feb 2023] DLA-3345-1 php7.3 - security update
+ {CVE-2022-31631 CVE-2023-0567 CVE-2023-0568 CVE-2023-0662}
+ [buster] - php7.3 7.3.31-1~deb10u3
+[26 Feb 2023] DLA-3344-1 nodejs - security update
+ {CVE-2022-43548 CVE-2023-23920}
+ [buster] - nodejs 10.24.0~dfsg-1~deb10u3
[24 Feb 2023] DLA-3343-1 mono - security update
{CVE-2023-26314}
[buster] - mono 5.18.0.240+dfsg-3+deb10u1
@@ -78,7 +351,6 @@
{CVE-2020-3299 CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1236 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749 CVE-2021-40114}
[buster] - snort 2.9.20-0+deb10u1
[10 Feb 2023] DLA-3316-1 postgresql-11 - security update
- {CVE-2022-41862}
[buster] - postgresql-11 11.19-0+deb10u1
[10 Feb 2023] DLA-3315-1 sox - security update
{CVE-2019-13590 CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651}
@@ -649,7 +921,7 @@
{CVE-2020-25708 CVE-2020-29260}
[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u5
[29 Sep 2022] DLA-3124-1 webkit2gtk - security update
- {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
[buster] - webkit2gtk 2.38.0-1~deb10u1
[27 Sep 2022] DLA-3123-1 thunderbird - security update
{CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,146 @@
+[24 May 2023] DSA-5410-1 sofia-sip - security update
+ {CVE-2022-31001 CVE-2022-31002 CVE-2022-31003 CVE-2022-47516 CVE-2023-22741}
+ [bullseye] - sofia-sip 1.12.11+20110422.1-2.1+deb11u1
+[23 May 2023] DSA-5409-1 libssh - security update
+ {CVE-2023-1667 CVE-2023-2283}
+ [bullseye] - libssh 0.9.7-0+deb11u1
+[21 May 2023] DSA-5408-1 libwebp - security update
+ {CVE-2023-1999}
+ [bullseye] - libwebp 0.6.1-2.1+deb11u1
+[21 May 2023] DSA-5407-1 cups-filters - security update
+ {CVE-2023-24805}
+ [bullseye] - cups-filters 1.28.7-1+deb11u2
+[20 May 2023] DSA-5406-1 texlive-bin - security update
+ {CVE-2023-32700}
+ [bullseye] - texlive-bin 2020.20200327.54578-7+deb11u1
+[18 May 2023] DSA-5405-1 libapache2-mod-auth-openidc - security update
+ {CVE-2023-28625}
+ [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u3
+[17 May 2023] DSA-5404-1 chromium - security update
+ {CVE-2023-2721 CVE-2023-2722 CVE-2023-2723 CVE-2023-2724 CVE-2023-2725 CVE-2023-2726}
+ [bullseye] - chromium 113.0.5672.126-1~deb11u1
+[14 May 2023] DSA-5403-1 thunderbird - security update
+ {CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215}
+ [bullseye] - thunderbird 1:102.11.0-1~deb11u1
+[13 May 2023] DSA-5402-1 linux - security update
+ {CVE-2023-0386 CVE-2023-31436 CVE-2023-32233}
+ [bullseye] - linux 5.10.179-1
+[11 May 2023] DSA-5401-1 postgresql-13 - security update
+ {CVE-2023-2454 CVE-2023-2455}
+ [bullseye] - postgresql-13 13.11-0+deb11u1
+[10 May 2023] DSA-5400-1 firefox-esr - security update
+ {CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215}
+ [bullseye] - firefox-esr 102.11.0esr-1~deb11u1
+[05 May 2023] DSA-5399-1 odoo - security update
+ {CVE-2021-23166 CVE-2021-23176 CVE-2021-23178 CVE-2021-23186 CVE-2021-23203 CVE-2021-26263 CVE-2021-26947 CVE-2021-44476 CVE-2021-44775 CVE-2021-45071 CVE-2021-45111}
+ [bullseye] - odoo 14.0.0+dfsg.2-7+deb11u1
+[04 May 2023] DSA-5398-1 chromium - security update
+ {CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468}
+ [bullseye] - chromium 113.0.5672.63-1~deb11u1
+[03 May 2023] DSA-5397-1 wpewebkit - security update
+ {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205}
+ [bullseye] - wpewebkit 2.38.6-1~deb11u1
+[03 May 2023] DSA-5396-1 webkit2gtk - security update
+ {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205}
+ [bullseye] - webkit2gtk 2.40.1-1~deb11u1
+[02 May 2023] DSA-5395-1 nodejs - security update
+ {CVE-2023-23920}
+ [bullseye] - nodejs 12.22.12~dfsg-1~deb11u4
+[30 Apr 2023] DSA-5394-1 ffmpeg - security update
+ {CVE-2022-3109}
+ [bullseye] - ffmpeg 7:4.3.6-0+deb11u1
+[22 Apr 2023] DSA-5393-1 chromium - security update
+ {CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137}
+ [bullseye] - chromium 112.0.5615.138-1~deb11u1
+[22 Apr 2023] DSA-5392-1 thunderbird - security update
+ {CVE-2023-0547 CVE-2023-1945 CVE-2023-1999 CVE-2023-28427 CVE-2023-29479 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
+ [bullseye] - thunderbird 1:102.10.0-1~deb11u1
+[20 Apr 2023] DSA-5391-1 libxml2 - security update
+ {CVE-2023-28484 CVE-2023-29469}
+ [bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u4
+[16 Apr 2023] DSA-5390-1 chromium - security update
+ {CVE-2023-2033}
+ [bullseye] - chromium 112.0.5615.121-1~deb11u1
+[14 Apr 2023] DSA-5389-1 rails - security update
+ {CVE-2023-23913 CVE-2023-28120}
+ [bullseye] - rails 2:6.0.3.7+dfsg-2+deb11u2
+[13 Apr 2023] DSA-5388-1 haproxy - security update
+ {CVE-2023-0836}
+ [bullseye] - haproxy 2.2.9-2+deb11u5
+[13 Apr 2023] DSA-5387-1 openvswitch - security update
+ {CVE-2023-1668}
+ [bullseye] - openvswitch 2.15.0+ds1-2+deb11u4
+[12 Apr 2023] DSA-5386-1 chromium - security update
+ {CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823}
+ [bullseye] - chromium 112.0.5615.49-2~deb11u2
+[12 Apr 2023] DSA-5385-1 firefox-esr - security update
+ {CVE-2023-1945 CVE-2023-1999 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
+ [bullseye] - firefox-esr 102.10.0esr-1~deb11u1
+[10 Apr 2023] DSA-5384-1 openimageio - security update
+ {CVE-2022-36354 CVE-2022-41639 CVE-2022-41649 CVE-2022-41684 CVE-2022-41794 CVE-2022-41837 CVE-2022-41838 CVE-2022-41977 CVE-2022-41981 CVE-2022-41988 CVE-2022-41999 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-43603}
+ [bullseye] - openimageio 2.2.10.1+dfsg-1+deb11u1
+[05 Apr 2023] DSA-5383-1 ghostscript - security update
+ {CVE-2023-28879}
+ [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u4
+[05 Apr 2023] DSA-5382-1 cairosvg - security update
+ {CVE-2023-27586}
+ [bullseye] - cairosvg 2.5.0-1.1+deb11u1
+[05 Apr 2023] DSA-5381-1 tomcat9 - security update
+ {CVE-2022-42252 CVE-2022-45143 CVE-2023-28708}
+ [bullseye] - tomcat9 9.0.43-2~deb11u6
+[29 Mar 2023] DSA-5380-1 xorg-server - security update
+ {CVE-2023-1393}
+ [bullseye] - xorg-server 2:1.20.11-1+deb11u6
+[27 Mar 2023] DSA-5379-1 dino-im - security update
+ {CVE-2023-28686}
+ [bullseye] - dino-im 0.2.0-3+deb11u1
+[25 Mar 2023] DSA-5378-1 xen - security update
+ {CVE-2022-23824 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334}
+ [bullseye] - xen 4.14.5+94-ge49571868d-1
+[23 Mar 2023] DSA-5377-1 chromium - security update
+ {CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534}
+ [bullseye] - chromium 111.0.5563.110-1~deb11u1
+[20 Mar 2023] DSA-5376-1 apache2 - security update
+ {CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 CVE-2023-25690 CVE-2023-27522}
+ [bullseye] - apache2 2.4.56-1~deb11u1
+[17 Mar 2023] DSA-5356-2 sox - regression update
+ [bullseye] - sox 14.4.2+git20190427-2+deb11u2
+[17 Mar 2023] DSA-5375-1 thunderbird - security update
+ {CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176}
+ [bullseye] - thunderbird 1:102.9.0-1~deb11u1
+[15 Mar 2023] DSA-5374-1 firefox-esr - security update
+ {CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176}
+ [bullseye] - firefox-esr 102.9.0esr-1~deb11u1
+[14 Mar 2023] DSA-5373-1 node-sqlite3 - security update
+ {CVE-2022-43441}
+ [bullseye] - node-sqlite3 5.0.0+ds1-1+deb11u2
+[13 Mar 2023] DSA-5372-1 rails - security update
+ {CVE-2021-22942 CVE-2021-44528 CVE-2022-21831 CVE-2022-22577 CVE-2022-23633 CVE-2022-27777 CVE-2023-22792 CVE-2023-22794 CVE-2023-22795 CVE-2023-22796}
+ [bullseye] - rails 2:6.0.3.7+dfsg-2+deb11u1
+[09 Mar 2023] DSA-5371-1 chromium - security update
+ {CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227 CVE-2023-1228 CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232 CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236}
+ [bullseye] - chromium 111.0.5563.64-1~deb11u1
+[07 Mar 2023] DSA-5370-1 apr - security update
+ {CVE-2022-24963}
+ [bullseye] - apr 1.7.0-6+deb11u2
+[05 Mar 2023] DSA-5369-1 syslog-ng - security update
+ {CVE-2022-38725}
+ [bullseye] - syslog-ng 3.28.1-2+deb11u1
+[03 Mar 2023] DSA-5368-1 libreswan - security update
+ {CVE-2023-23009}
+ [bullseye] - libreswan 4.3-1+deb11u3
+[02 Mar 2023] DSA-5367-1 spip - security update
+ {CVE-2023-27372}
+ [bullseye] - spip 3.2.11-3+deb11u7
+[01 Mar 2023] DSA-5366-1 multipath-tools - security update
+ {CVE-2022-41973 CVE-2022-41974}
+ [bullseye] - multipath-tools 0.8.5-2+deb11u1
+[27 Feb 2023] DSA-5365-1 curl - security update
+ {CVE-2023-23916}
+ [bullseye] - curl 7.74.0-1.3+deb11u7
+[26 Feb 2023] DSA-5364-1 apr-util - security update
+ {CVE-2022-25147}
+ [bullseye] - apr-util 1.6.1-5+deb11u1
[24 Feb 2023] DSA-5363-1 php7.4 - security update
{CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2022-31631}
[bullseye] - php7.4 7.4.33-1+deb11u3
@@ -50,7 +193,7 @@
{CVE-2022-44267 CVE-2022-44268}
[bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u1
[10 Feb 2023] DSA-5346-1 libde265 - security update
- {CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655}
+ {CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655 CVE-2023-25221 CVE-2023-24758 CVE-2023-24757 CVE-2023-24756 CVE-2023-24755 CVE-2023-24754 CVE-2023-24752 CVE-2023-24751 CVE-2022-47665 CVE-2022-47664}
[bullseye] - libde265 1.0.11-0+deb11u1
[08 Feb 2023] DSA-5345-1 chromium - security update
{CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705}
@@ -89,7 +232,7 @@
{CVE-2022-45060}
[bullseye] - varnish 6.5.1-1+deb11u3
[29 Jan 2023] DSA-5333-1 tiff - security update
- {CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3636 CVE-2022-3970 CVE-2022-34526 CVE-2022-48281}
+ {CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 CVE-2022-4645 CVE-2022-34526 CVE-2022-48281}
[bullseye] - tiff 4.2.0-1+deb11u3
[29 Jan 2023] DSA-5332-1 git - security update
{CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 CVE-2022-41903}
@@ -113,6 +256,7 @@
{CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548}
[bullseye] - nodejs 12.22.12~dfsg-1~deb11u3
[24 Jan 2023] DSA-5325-1 spip - security update
+ {CVE-2023-24258}
[bullseye] - spip 3.2.11-3+deb11u6
[23 Jan 2023] DSA-5324-1 linux - security update
{CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696 CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929 CVE-2023-0179 CVE-2023-0266 CVE-2023-0394 CVE-2023-23454 CVE-2023-23455}
@@ -367,10 +511,10 @@
{CVE-2022-29599}
[bullseye] - maven-shared-utils 3.3.0-1+deb11u1
[28 Sep 2022] DSA-5241-1 wpewebkit - security update
- {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
[bullseye] - wpewebkit 2.38.0-1~deb11u1
[28 Sep 2022] DSA-5240-1 webkit2gtk - security update
- {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
[bullseye] - webkit2gtk 2.38.0-1~deb11u1
[27 Sep 2022] DSA-5239-1 gdal - security update
{CVE-2021-45943}
@@ -1045,7 +1189,7 @@
[buster] - prosody 0.11.2-1+deb10u3
[bullseye] - prosody 0.11.9-2+deb11u1
[14 Jan 2022] DSA-5046-1 chromium - security update
- {CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 CVE-2021-37973 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120}
+ {CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 CVE-2021-37973 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120 CVE-2021-30558}
[bullseye] - chromium 97.0.4692.71-0.1~deb11u1
[14 Jan 2022] DSA-5045-1 thunderbird - security update
{CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
@@ -1576,7 +1720,7 @@
{CVE-2021-21772}
[buster] - lib3mf 1.8.1+ds-3+deb10u1
[06 Apr 2021] DSA-4886-1 chromium - security update
- {CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199}
+ {CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 CVE-2021-21200}
[buster] - chromium 89.0.4389.114-1~deb10u1
[05 Apr 2021] DSA-4885-1 netty - security update
{CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409}
@@ -9300,7 +9444,7 @@
[squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze10
[13 Jan 2013] DSA-2606-1 proftpd-dfsg - symlink race
{CVE-2012-6095}
- [squeeze] - proftpd-dfsg 1.3.3a-6squeeze5
+ [squeeze] - proftpd-dfsg 1.3.3a-6squeeze6
[13 Jan 2013] DSA-2605-1 asterisk - several issues
{CVE-2012-5976 CVE-2012-5977}
[squeeze] - asterisk 1:1.6.2.9-2+squeeze9
@@ -10658,6 +10802,9 @@
[27 Mar 2011] DSA-2204-1 imp4 - Insufficient input sanitising
{CVE-2010-3695}
[lenny] - imp4 4.2-4lenny3
+[26 Mar 2011] DSA-2203-1 nss - security update
+ [jessie] - nss 3.12.3.1-0lenny4
+ [squeeze] - nss 3.12.8-1+squeeze1
[23 Mar 2011] DSA-2202-1 apache2 - failure to drop root privileges
{CVE-2011-1176}
[squeeze] - apache2 2.2.16-6+squeeze1
@@ -10665,6 +10812,11 @@
{CVE-2011-0538 CVE-2011-0713 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141}
[lenny] - wireshark 1.0.2-3+lenny13
[squeeze] - wireshark 1.2.11-6+squeeze1
+[23 Mar 2011] DSA-2200-1 iceweasel - security update
+ [jessie] - iceweasel 1.9.0.19-9
+ [squeeze] - iceweasel 3.5.16-6
+[23 Mar 2011] DSA-2199-1 iceape - security update
+ [squeeze] - iceape 2.0.11-4
[22 Mar 2011] DSA-2198-1 tex-common - insufficient input sanitizing
{CVE-2011-1400}
[lenny] - tex-common <not-affected> (shell_escape disabled)
@@ -11155,7 +11307,7 @@
[lenny] - libtheora 1.0~beta3-1+lenny1
[11 May 2010] DSA-2044-1 mplayer - arbitrary code execution
{CVE-2010-2062}
- [lenny] - mplayer 1:1.0~rc2-17+lenny3.2
+ [lenny] - mplayer 1.0~rc2-17+lenny3.2
[11 May 2010] DSA-2043-1 vlc - arbitrary code execution
{CVE-2010-2062}
[lenny] - vlc 0.8.6.h-4+lenny2.3
=====================================
data/config.json
=====================================
@@ -121,6 +121,17 @@
]
}
},
+ "forky": {
+ "members": {
+ "supported": [
+ "forky",
+ "forky-security"
+ ],
+ "optional": [
+ "forky-proposed-updates"
+ ]
+ }
+ },
"sid": {
"members": {
"supported": [
=====================================
data/dla-needed.txt
=====================================
@@ -13,69 +13,37 @@ To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.
--
-389-ds-base
- NOTE: 20221231: Programming language: C.
- NOTE: 20221231: Few users. Low prio. (opal).
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/389-ds-base.git
---
-apache2 (Lee Garrett)
- NOTE: 20221227: Programming language: C.
- NOTE: 20221227: VCS: https://salsa.debian.org/lts-team/packages/apache2.git
- NOTE: 20221227: Special attention: Double check an update! Package is used by many customers and users!.
- NOTE: 20230222: CVE-2019-17567 requires 1000+ LoC patch, too intrusive (lee)
---
-ceph
- NOTE: 20221031: Programming language: C++.
- NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system.
- NOTE: 20221031: What should be checked is whether any user with ceph permission can do the actions described in the exploit. (ola/front-desk)
- NOTE: 20221130: CVE-2022-3650: The patch is kind of trivial Python stuff backporting work.
- NOTE: 20221130: Can someone take care of it in Buster? I'm currently building the Bullseye backport of the fix...
- NOTE: 20221130: https://lists.debian.org/debian-lts/2022/11/msg00025.html (zigo/maintainer)
- NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ceph.git
---
-consul
- NOTE: 20221031: Programming language: Go.
- NOTE: 20221031: Concluded that the package should be fixed by the CVE description. Source code not analyzed in detail.
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/consul.git
---
-emacs (Adrian Bunk)
- NOTE: 20230223: Programming language: Lisp.
- NOTE: 20230223: VCS: https://salsa.debian.org/lts-team/packages/emacs.git
---
-erlang
+c-ares (gladk)
+ NOTE: 20230523: Programming language: C.
+ NOTE: 20230523: VCS: https://salsa.debian.org/lts-team/packages/c-ares.git
+--
+cairosvg
+ NOTE: 20230323: Programming language: Python.
+ NOTE: 20230411: Proposed solution for CVE-2023-27586 in Buster to backport the --unsafe switch, introduced in 1.0.21, might work (dleidert)
+ NOTE: 20230519: VCS: https://salsa.debian.org/lts-team/packages/cairosvg.git
+--
+docker.io
+ NOTE: 20230303: Programming language: Go.
+ NOTE: 20230303: Follow fixes from bullseye 11.2 (Beuc/front-desk)
+ NOTE: 20230320: VCS: https://salsa.debian.org/lts-team/packages/docker.io.git
+ NOTE: 20230424: Is in preparation.
+--
+erlang (Markus Koschany)
NOTE: 20221119: Programming language: Erlang.
NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch)
NOTE: 20230111: VCS: https://salsa.debian.org/erlang-team/packages/erlang
- NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used.
+ NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used. Mail send to mailing list.
--
-firmware-nonfree
- NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it.
- NOTE: 20221204: Coming soon in the first week of December. (apo)
- NOTE: 20221211: Programming language: Binary blob
- NOTE: 20221211: VCS: https://salsa.debian.org/lts-team/packages/firmware-nonfree.git
---
-fusiondirectory
+fusiondirectory (Abhijith PA)
NOTE: 20221203: Programming language: PHP.
NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk).
NOTE: 20221203: Two CVEs have only mitigation, fix in a new version (gladk).
NOTE: 20221203: Also the package was removed from sid recently (gladk).
NOTE: 20221203: Feel free to marke both CVEs as <ignored>, if they are not too serious (gladk).
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/fusiondirectory.git
+ NOTE: 20230523: Added upstream commit references to security tracker. Patched our version, testing (abhijith)
--
-golang-1.11
- NOTE: 20220916: Programming language: Go.
- NOTE: 20220916: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't)
- NOTE: 20220916: Harmonize with bullseye and stretch: 9 CVEs fixed in Debian 11.2 & 11.3 + 2 CVEs fixed in stretch-lts (Beuc/front-desk)
- NOTE: 20220916: CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24921
- NOTE: 20230111: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/golang.html
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/golang-1.11.git
---
-golang-github-nats-io-jwt
- NOTE: 20221109: Programming language: Go.
- NOTE: 20221109: Special attention: limited support, cf. buster release notes; not in bullseye
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/golang-github-nats-io-jwt.git
---
-golang-go.crypto
+golang-go.crypto (Markus Koschany)
NOTE: 20220915: Programming language: Go.
NOTE: 20220915: 3 CVEs fixed in stretch and bullseye (Beuc/front-desk)
NOTE: 20220915: Special attention: limited support, cf. buster release notes
@@ -83,157 +51,107 @@ golang-go.crypto
NOTE: 20220915: Special attention: also check bullseye status
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/golang-go.crypto.git
--
-golang-websocket
- NOTE: 20220915: Programming language: Go.
- NOTE: 20220915: 1 CVE fixed in stretch and bullseye (golang-github-gorilla-websocket) (Beuc/front-desk)
- NOTE: 20220915: Special attention: limited support; requires rebuilding reverse dependencies
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/golang-websocket.git
---
-golang-yaml.v2
+golang-yaml.v2 (sgmoore)
NOTE: 20230125: Programming language: Go.
NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git
NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't).
--
-imagemagick (Adrian Bunk)
- NOTE: 20220904: Programming language: C.
- NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git
- NOTE: 20220904: Should be synced with Stretch. (apo)
- NOTE: 20221212: Integrated patches for 31 CVEs so far and continuing to work. (roberto)
- NOTE: 20230220: roberto put his work in lts-team/packages/imagemagick.git on Salsa so far on the debian/buster branch. He also pushed the related commits on the upstream and pristine-tar branches.
-
---
-intel-microcode
- NOTE: 20230219: Programming language: Binary blob.
- NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/intel-microcode.git
---
-kopanocore
- NOTE: 20220801: Programming language: C++.
- NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) (gusnan/retired)
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/kopanocore.git
---
-libapache2-mod-auth-mellon (Utkarsh)
- NOTE: 20230105: Programming language: C.
- NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/libapache2-mod-auth-mellon.git
- NOTE: 20230220: upload prepped, testing remains. (utkarsh)
---
-libreoffice
- NOTE: 20221012: Programming language: C++.
- NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libreoffice.git
+hdf5
+ NOTE: 20230318: Programming language: C.
+ NOTE: 20230318: VCS: https://salsa.debian.org/lts-team/packages/hdf5.git
+ NOTE: 20230318: Consider fixing all the no-dsa and postponed issues as well. (utkarsh)
+ NOTE: 20230318: Enrico did some work around hdf5* packaging in the past, probably
+ NOTE: 20230318: sync w/ him. (utkarsh)
+ NOTE: 20230506: tried to triage… seems to be that only sensible way forward would be to update to a newer version in the 1.10.x
+ NOTE: 20230506: line. Still then, state of CVEs are unknown if they have been fixed. 1.10.11 is scheduled for September. (tobi)
+ NOTE: 20230520: Tried to backport 1.10.6 to buster, however, it seems that there is a (hidden) SONAME bump,
+ NOTE: 20230520: https://salsa.debian.org/debian/hdf5/-/commit/52b5fe589e68361ea840121d8f4a8eb9148bf3da
+ NOTE: 20230520: additionally couldn't convince the build system to build for buster, something with the autogenerated .install files,
+ NOTE: 20230520: so giving up on the package. (tobi)
+--
+libcap2 (Abhijith PA)
+ NOTE: 20230517: Programming language: C.
+ NOTE: 20230517: VCS: https://salsa.debian.org/lts-team/packages/libcap2.git
+--
+libfastjson (Thorsten Alteholz)
+ NOTE: 20230507: Programming language: C.
+ NOTE: 20230507: the CVE was fixed in json-c already
+ NOTE: 20230521: an RCE CVE of cups-filter made a mess of the timing
+--
+libraw (guilhem)
+ NOTE: 20230520: Programming language: C++.
+ NOTE: 20230520: VCS: https://salsa.debian.org/lts-team/packages/libraw.git
+--
+libssh (tobi)
+ NOTE: 20230520: Programming language: C.
+ NOTE: 20230520: VCS: https://salsa.debian.org/lts-team/packages/libssh.git
--
linux (Ben Hutchings)
NOTE: 20230111: Programming language: C
--
-man2html (gladk)
- NOTE: 20221004: Programming language: C.
- NOTE: 20221004: It looks like not patch is available.
- NOTE: 20221004: Please evalulate, whether the issue can be marked as <ignored>.
- NOTE: 20230213: VCS: https://salsa.debian.org/debian/man2html.git
---
-mariadb-10.3
- NOTE: 20230225: Programming language: C.
- NOTE: 20230225: VCS: https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster
- NOTE: 20230225: Testsuite: https://lists.debian.org/debian-lts/2019/07/msg00049.html
- NOTE: 20230225: Maintainer notes: Contact original maintainer, Otto.
---
-netatalk
- NOTE: 20220816: Programming language: C.
- NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor)
- NOTE: 20221212: VCS: https://salsa.debian.org/lts-team/packages/netatalk
- NOTE: 20221212: Work is ongoing. CVE-2022-0194 is probably too intrusive. (gladk)
---
-nheko
- NOTE: 20230101: Programming language: C++.
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/nheko.git
---
-node-css-what
- NOTE: 20221031: Programming language: Javascript.
- NOTE: 20230130: Module has been rewritten in Typescript since Buster released (guilhem).
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/node-css-what.git
---
-node-got
- NOTE: 20221111: Programming language: JavaScript.
- NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
- NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/node-got.git
---
-node-nth-check
- NOTE: 20221111: Programming language: JavaScript.
- NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
- NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/node-nth-check.git
---
-nodejs (guilhem)
- NOTE: 20221105: Programming language: Javascript, C/C++, Python
- NOTE: 20221105: VCS: https://salsa.debian.org/lts-team/packages/nodejs.git
- NOTE: 20221105: Source code not checked. It may be so that the vulnerability is not present in buster.
- NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html
---
-nvidia-graphics-drivers
- NOTE: 20221225: Programming language: binary blob.
- NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)
- NOTE: 20230103: https://lists.debian.org/debian-lts/2023/01/msg00005.html
---
-nvidia-graphics-drivers-legacy-390xx
- NOTE: 20221225: Programming language: binary blob.
- NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)
- NOTE: 20230103: https://lists.debian.org/debian-lts/2023/01/msg00005.html
- NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/nvidia-graphics-drivers-legacy-390xx.git
---
-openimageio (Markus Koschany)
- NOTE: 20221225: Programming language: C.
- NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git
+nbconvert
+ NOTE: 20230423: Programming language: Python.
+ NOTE: 20230423: XSS may be worth fixing and this was a lot of them. To consider if this require
+ NOTE: 20230423: more work on user side and that require further analysis.
+--
+nova
+ NOTE: 20230302: Programming language: Python.
+ NOTE: 20230302: VCS: https://salsa.debian.org/openstack-team/services/nova
+ NOTE: 20230302: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/OpenStack.html
+ NOTE: 20230302: Maintainer notes: Contact original maintainer: zigo.
+ NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression
+ NOTE: 20230302: (it's meant to check whether a VMDK image has the "monoliticFlat" subtype, but in practice it breaks compute nodes);
+ NOTE: 20230302: cf. debian/patches/cve-2022-47951-nova-stable-rocky.patch, which depends on images_*.patch.
+ NOTE: 20230302: "The upstream patch introduces a whitelist of allowed subtype (with monoliticFlat disabled by default).
+ NOTE: 20230302: Though in the Buster codebase, there was no infrastructure to check for this subtype ..." (zigo)
+ NOTE: 20230302: Later suites (e.g. bullseye) ship a direct upstream patch and are not affected.
+ NOTE: 20230302: We can either rework the patch, or disable .vmdk support entirely.
+ NOTE: 20230302: zigo currently has no time and requests the LTS team to do it (IRC #debian-lts 2023-03-02). (Beuc/front-desk)
+--
+nvidia-cuda-toolkit
+ NOTE: 20230514: Programming language: binary blobs.
+ NOTE: 20230514: VCS: https://salsa.debian.org/lts-team/packages/nvidia-cuda-toolkit.git
+ NOTE: 20230514: package listed in packages-to-support; a bunch of CVEs have
+ NOTE: 20230514: piled up. (utkarsh)
+--
+openimageio (gladk)
+ NOTE: 20230406: Programming language: C.
+ NOTE: 20230406: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git
+ NOTE: 20230508: WIP
+--
+openjdk-11 (Emilio)
+ NOTE: 20230419: Programming language: Java.
+ NOTE: 20230419: VCS: https://salsa.debian.org/lts-team/packages/openjdk-11.git
+ NOTE: 20230522: waiting for sid/bullseye update (pochu)
+--
+owslib (Adrian Bunk)
+ NOTE: 20230514: Programming language: Python.
+ NOTE: 20230514: VCS: https://salsa.debian.org/lts-team/packages/owslib.git
+ NOTE: 20230514: also in dsa-needed. (utkarsh)
--
php-cas
NOTE: 20221105: Programming language: PHP.
NOTE: 20221105: The fix is not backwards compatible. Should be investigated further whether this issue should be solved or ignored.. (ola)
NOTE: 20221107: php-cas only has 2 reverse-deps in buster (fusiondirectory, ocsinventory-reports),
NOTE: 20221107: consider fixing all 3 packages; also check situation in ELTS for reference (Beuc/front-desk)
- NOTE: 20221110: upcoming DSA (Beuc/front-desk)
+ NOTE: 20221110: a DSA is planned (Beuc/front-desk)
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/php-cas.git
--
-php7.3 (guilhem)
- NOTE: 20230225: Programming language: C.
- NOTE: 20230225: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/php.html
---
-pluxml
- NOTE: 20220913: Programming language: PHP.
- NOTE: 20220913: Special attention: orphaned package.
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/pluxml.git
---
-protobuf
- NOTE: 20221031: Programming language: Several.
- NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated code and must therefore get special attention from the application developer using protobuf.
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/protobuf.git
---
-puppet-module-puppetlabs-mysql
- NOTE: 20221107: Programming language: Puppet, Ruby.
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/puppet-module-puppetlabs-mysql.git
---
python-oslo.privsep
NOTE: 20221231: Programming language: Python.
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git
--
-python-werkzeug (Sylvain Beucler)
- NOTE: 20230219: Programming language: Python.
- NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/python-werkzeug.git
+python2.7 (Sylvain Beucler)
+ NOTE: 20230416: Programming language: C, Python.
+ NOTE: 20230416: VCS: https://salsa.debian.org/lts-team/packages/python2.7.git
+ NOTE: 20230416: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/python.html
+ NOTE: 20230513: Backporting patches (Beuc)
--
-python3.7 (Adrian Bunk)
+python3.7
NOTE: 20230220: Programming language: Python.
NOTE: 20230220: VCS: https://salsa.debian.org/lts-team/packages/python3.7.git
NOTE: 20230220: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/python.html
---
-qemu
- NOTE: 20221108: Programming language: C.
- NOTE: 20221108: I updated the status of all opened (minor) CVEs to more clearly state whether we can fix or are waiting for a patch,
- NOTE: 20221108: there's about half of them that can be fixed now (or definitely ignored if backporting is too risky/complex) (Beuc/front-desk)
- NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/qemu.html
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/qemu.git
---
-r-cran-commonmark
- NOTE: 20221009: Programming language: R.
- NOTE: 20221009: Please synchronize with ghostwriter.
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/r-cran-commonmark.git
+ NOTE: 20230228: Waiting for actual upstream fix for CVE-2023-24329. (bunk)
--
rails
NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith)
@@ -259,83 +177,43 @@ rainloop
NOTE: 20220913: Evaluate the situation and decide whether we should support or EOL this package (Beuc/front-desk)
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/rainloop.git
--
-ring
+ring (Thorsten Alteholz)
NOTE: 20221120: Programming language: C.
NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ring.git
+ NOTE: 20230507: testing package
+ NOTE: 20230521: an RCE CVE of cups-filter made a mess of the timing
--
-ruby-loofah (Daniel Leidert)
+ruby-loofah
NOTE: 20221231: Programming language: Ruby.
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/ruby-loofah.git
+ NOTE: 20230313: Pinged Daniel re. patches in repo ^. (lamby)
+ NOTE: 20230403: See "RFC: ruby-loofah 2.2.3-1+deb10u2" thread on debian-lts list. (lamby)
+ NOTE: 20230403: Everything ready, just waiting for ruby-rails-html-sanitizer/utkarsh (dleidert)
--
ruby-rails-html-sanitizer
NOTE: 20221231: Programming language: Ruby.
NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git
---
-ruby-sidekiq (Utkarsh)
- NOTE: 20221231: Programming language: Ruby.
- NOTE: 20221231: CVE-2022-23837 was fixed in stretch so should be fixed in buster for consistency even though it is not that severe. (opal).
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/ruby-sidekiq.git
- NOTE: 20230220: almost done-ish. Will roll out the DLA this week. (utkarsh)
---
-runc (Sylvain Beucler)
- NOTE: 20220905: Programming language: Go.
- NOTE: 20220905: Special attention: Sync with Bullseye.
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/runc.git
- NOTE: 20230213: Starting checking security issues, packaging strategy and testing procedures (Beuc)
- NOTE: 20230218: golang-github-opencontainers-selinux fix uploaded via DLA-3322-1 (Beuc)
- NOTE: 20230220: Checking possible re-introduction of CVE-2019-19921 with upstream (Beuc)
+ NOTE: 20230303: this cannot be fixed unless ruby-loofah is fixed with appropriate methods. (utkarsh)
--
salt
NOTE: 20220814: Programming language: Python.
- NOTE: 20220814: Packages is not in the supported packages by us.
- NOTE: 20220814: Also, I am not sure, whether it is possible to fix issues
+ NOTE: 20220814: I am not sure, whether it is possible to fix issues
NOTE: 20220814: without backporting a newer verion. (Anton)
NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/salt.html
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/salt.git
--
-samba (Lee Garrett)
+samba
NOTE: 20220904: Programming language: C.
NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/samba.git
NOTE: 20220904: Special attention: High popcon! Used in many servers.
NOTE: 20220904: Many postponed or open CVE in general. (apo)
---
-spip
- NOTE: 20230206: Programming language: PHP.
- NOTE: 20230206: Special attention: Please contact maintainer regarding VCS usage
- NOTE: 20230206: VCS: https://salsa.debian.org/debian/spip.git
+ NOTE: 20230323: Still working on the long list of CVEs, will likely release an intermittent package first (lee)
--
sssd
NOTE: 20230131: Programming language: C.
NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
+ NOTE: 20230508: WIP
--
-tinymce
- NOTE: 20221227: Programming language: PHP.
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/tinymce.git
---
-trafficserver
- NOTE: 20230202: Programming language: C.
- NOTE: 20230202: Note recent DLA-3279-1 update. Removed notes (2d9f50586010) suggest CVE-2022-31779 may have already been investigated. (lamby)
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/trafficserver.git
- NOTE: 20230209: <tobi> very difficult to identify exact patches and on top significant refactoring, especially CVE-2022-31778
- NOTE: 20230209; CVE-2022-32749 is possibly https://github.com/apache/trafficserver/pull/9243, (see security tracker)
- NOTE: 20230209: CVE-2022-37392 mihgt be https://github.com/apache/trafficserver/commit/3b9cbf873a77bb7f9297f2b16496a290e0cf7de1
- NOTE: 20230209: could find informatin for CVE-2022-31779, might be the same fix as CVE-2022-31778 (marked as to be ignored), but no proof on that…
- NOTE: 20230209: not sure, maybe the safest way would be to update to 8.1.6. </tobi>
---
-xfig (gladk)
- NOTE: 20230105: Programming language: C.
- NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/xfig.git
- NOTE: 20230213: Communication with the maintainer.
---
-xrdp
- NOTE: 20221225: Programming language: C.
- NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/xrdp.git
- NOTE: 20230117: Fixed 6 out 10 CVEs. Testing (abhijith)
---
-zabbix
- NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too.
- NOTE: 20221209: Programming language: C.
- NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/zabbix.html
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/zabbix.git
+webkit2gtk (Emilio)
+ NOTE: 20230512: checking if upgrade to 2.40.x is possible, otherwise we'll have to EOL webkit (pochu)
--
=====================================
data/dsa-needed.txt
=====================================
@@ -12,12 +12,13 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
--
-apr-util (carnil)
+asterisk
--
-apr (carnil)
+c-ares
--
-curl (jmm)
- pending work on remaining test case
+cinder
+--
+gpac (aron)
--
jupyter-core
Maintainer asked for availability to prepare updates
@@ -26,11 +27,21 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y versions
--
+libraw (carnil)
+--
+nbconvert
+--
netatalk
open regression with MacOS, tentative patch not yet merged upstream
+ See discussion on team mailing list.
+--
+nova
+--
+openjdk-11 (jmm)
+--
+openjdk-17 (jmm)
--
-multipath-tools (carnil)
- Tobias Frost proposed a potential update to be reviewed, maintainer reviewed changes, pending ack
+owslib
--
php-cas
--
@@ -38,20 +49,34 @@ php-horde-mime-viewer
--
php-horde-turba
--
-rails (aron)
+py7zr
+--
+python-glance-store
+--
+python-os-brick
+--
+python-werkzeug
+--
+ring
+ might make sense to rebase to current version
+--
+ruby2.7
--
ruby-nokogiri
--
ruby-rack
--
+ruby-sinatra
+ Maintainer posted packaging repository link with proposed changes for review
+--
ruby-tzinfo
--
salt
--
samba
--
-sofia-sip
- Maintainer proposed debdiff for review with additional question and sent a followup
+sniproxy (aron)
+ Thorsten Alteholz proposed changes for review
--
xrdp
needs some additional clarification, tentatively DSA worthy
=====================================
data/embedded-code-copies
=====================================
@@ -1146,7 +1146,7 @@ php-fpdf
tcpdf (itp: #495985)
- moodle <unfixed>
- - phpmyadmin <unfixed>
+ - phpmyadmin 4:4.1.7-1
- collabtive <unfixed>
typo3
@@ -3543,6 +3543,7 @@ ezxml (not packaged in Debian; no ITP)
- mapcache <unfixed> (embed; bug #989363)
NOTE: mapcache only uses ezxml to parse config file, doesn't trust any trust boundary, no need to file bugs
- scilab <unfixed> (embed; bug #989364)
+ NOTE: scilab only uses it to load scicos/xcos schemas, negligible security impact
libstb
- goxel 0.10.6-2 (embed; bug #949552)
@@ -3700,6 +3701,8 @@ python-packaging
NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
- python2-pip <unfixable> (embed)
NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - wheel <unfixable> (embed)
+ NOTE: Wheel is installed in virtualenvs, so we leave packaging vendored
pep517
- python-pip <unfixable> (embed)
@@ -3792,4 +3795,10 @@ ring
- pjproject <unfixed> (embed)
php-dompdf
- - icingaweb2 <unfixed> (embed)
+ - icingaweb2 <unfixed> (embed; bug #1031010)
+
+php-dompdf-svg-lib
+ - icingaweb2 <unfixed> (embed; bug #1031009)
+
+php-font-lib
+ - icingaweb2 <unfixed> (embed; bug #1030230)
=====================================
data/next-point-update.txt
=====================================
@@ -1,7 +1,5 @@
CVE-2022-3650
[bullseye] - ceph 14.2.21-1+deb11u1
-CVE-2022-37026
- [bullseye] - erlang 1:23.2.6+dfsg-1+deb11u1
CVE-2021-32718
[bullseye] - rabbitmq-server 3.8.9-3+deb11u1
CVE-2021-32719
@@ -18,8 +16,6 @@ CVE-2022-29967
[bullseye] - glewlwyd 2.5.2-2+deb11u3
CVE-2022-32096
[bullseye] - rhonabwy 0.9.13-3+deb11u2
-CVE-2022-28737
- [bullseye] - shim 15.6-1~deb11u1
CVE-2021-24119
[bullseye] - mbedtls 2.16.12-0+deb11u1
CVE-2021-44732
@@ -32,109 +28,52 @@ CVE-2022-39173
[bullseye] - wolfssl 4.6.0+p1-0+deb11u2
CVE-2022-42905
[bullseye] - wolfssl 4.6.0+p1-0+deb11u2
-CVE-2022-46146
- [bullseye] - golang-github-prometheus-exporter-toolkit 0.5.1-2+deb11u2
-CVE-2022-23527
- [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2
-CVE-2022-4415
- [bullseye] - systemd 247.3-7+deb11u2
-CVE-2022-3821
- [bullseye] - systemd 247.3-7+deb11u2
-CVE-2022-1227
- [bullseye] - golang-github-containers-psgo 1.5.2-2~deb11u1
-CVE-2021-3468
- [bullseye] - avahi 0.8-5+deb11u2
-CVE-2021-3482
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29458
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29463
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29464
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29470
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29473
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-29623
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-32815
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-34334
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-34335
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37615
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37616
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37618
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37619
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37620
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37621
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37622
- [bullseye] - exiv2 0.27.3-3+deb11u2
-CVE-2021-37623
- [bullseye] - exiv2 0.27.3-3+deb11u2
CVE-2022-46175
[bullseye] - node-json5 2.1.3-2+deb11u1
CVE-2022-24859
[bullseye] - pypdf2 1.26.0-4+deb11u1
-CVE-2022-47952
- [bullseye] - lxc 1:4.0.6-2+deb11u2
-CVE-2022-22728
- [bullseye] - libapreq2 2.13-7+deb11u1
-CVE-2006-20001
- [bullseye] - apache2 2.4.55-1~deb11u1
-CVE-2022-36760
- [bullseye] - apache2 2.4.55-1~deb11u1
-CVE-2022-37436
- [bullseye] - apache2 2.4.55-1~deb11u1
-CVE-2022-38223
- [bullseye] - w3m 0.5.3+git20210102-6+deb11u1
-CVE-2022-4883
- [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
-CVE-2022-44617
- [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
-CVE-2022-46285
- [bullseye] - libxpm 1:3.5.12-1.1~deb11u1
-CVE-2020-36646
- [bullseye] - libzen 0.4.38-1+deb11u1
CVE-2022-48279
[bullseye] - modsecurity-apache 2.9.3-3+deb11u2
CVE-2023-24021
[bullseye] - modsecurity-apache 2.9.3-3+deb11u2
-CVE-2022-24895
- [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
-CVE-2022-24894
- [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
-CVE-2022-29458
- [bullseye] - ncurses 6.2+20201114-2+deb11u1
-CVE-2021-23385
- [bullseye] - flask-security 4.0.0-1+deb11u1
-CVE-2022-27650
- [bullseye] - crun 0.17+dfsg-1+deb11u1
-CVE-2023-20032
- [bullseye] - clamav 0.103.8+dfsg-0+deb11u1
-CVE-2023-20052
- [bullseye] - clamav 0.103.8+dfsg-0+deb11u1
-CVE-2023-25153
- [bullseye] - containerd 1.4.13~ds1-1~deb11u4
-CVE-2023-25173
- [bullseye] - containerd 1.4.13~ds1-1~deb11u4
-CVE-2022-4904
- [bullseye] - c-ares 1.17.1-1+deb11u2
-CVE-2023-26314
- [bullseye] - mono 6.8.0.105+dfsg-3.3~deb11u1
-CVE-2022-25857
- [bullseye] - snakeyaml 1.28-1+deb11u1
-CVE-2022-38749
- [bullseye] - snakeyaml 1.28-1+deb11u1
-CVE-2022-38750
- [bullseye] - snakeyaml 1.28-1+deb11u1
-CVE-2022-38751
- [bullseye] - snakeyaml 1.28-1+deb11u1
+CVE-2022-21222
+ [bullseye] - node-css-what 4.0.0-3+deb11u1
+CVE-2021-33587
+ [bullseye] - node-css-what 4.0.0-3+deb11u1
+CVE-2021-22569
+ [bullseye] - protobuf 3.12.4-1+deb11u1
+CVE-2021-22570
+ [bullseye] - protobuf 3.12.4-1+deb11u1
+CVE-2022-1941
+ [bullseye] - protobuf 3.12.4-1+deb11u1
+CVE-2023-0842
+ [bullseye] - node-xml2js 0.2.8-1+deb11u1
+CVE-2023-29197
+ [bullseye] - php-guzzlehttp-psr7 1.7.0-1+deb11u2
+ [bullseye] - php-nyholm-psr7 1.3.2-2+deb11u1
+CVE-2021-45423
+ [bullseye] - pev 0.81-3+deb11u1
+CVE-2023-24291
+ [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1
+CVE-2023-2428
+ [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1
+CVE-2023-24287
+ [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1
+CVE-2023-24285
+ [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1
+CVE-2023-24284
+ [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1
+CVE-2023-24283
+ [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1
+CVE-2023-27533
+ [bullseye] - curl 7.74.0-1.3+deb11u8
+CVE-2023-27534
+ [bullseye] - curl 7.74.0-1.3+deb11u8
+CVE-2023-27535
+ [bullseye] - curl 7.74.0-1.3+deb11u8
+CVE-2023-27536
+ [bullseye] - curl 7.74.0-1.3+deb11u8
+CVE-2023-27538
+ [bullseye] - curl 7.74.0-1.3+deb11u8
+CVE-2021-33797
+ [bullseye] - mujs 1.1.0-1+deb11u3
=====================================
data/packages/lts-do-call-me
=====================================
@@ -30,3 +30,13 @@ openldap
# all packages maintained by Thorsten Alteholz/Debian Printing Team
cups
+
+# all packages maintained by Samuel Henrique <samueloph at debian.org>
+# The main reason is to avoid duplication of work, so if I don't
+# reply back in a couple of days, feel free to go ahead.
+# If it's something urgent/critical, I also don't mind the LTS team
+# going ahead with the upload at the same time as letting me know.
+# Some of the packages are listed here
+curl
+rsync
+nmap
=====================================
data/packages/lts-do-not-call
=====================================
@@ -12,7 +12,6 @@
# all packages from Michael Biebl (https://lists.debian.org/debian-lts/2018/01/msg00007.html)
# all packages from Sam Hartman (https://lists.debian.org/debian-lts/2017/07/msg00134.html)
bind9 https://www.mail-archive.com/search?l=debian-lts@lists.debian.org&q=subject:%22squeeze+update+of+bind9\%3F%22&o=newest&f=1
-curl https://lists.debian.org/debian-lts/2016/09/msg00038.html
exiv2 https://lists.debian.org/debian-lts/2018/01/msg00007.html
firefox-esr https://lists.debian.org/debian-lts/2016/08/msg00052.html
ghostscript https://lists.debian.org/debian-lts/2017/04/msg00030.html
=====================================
data/packages/removed-packages
=====================================
@@ -937,3 +937,8 @@ printfilters-ppd
php8.1
golang-1.18
axtls
+rust-crossbeam-utils-0.7
+mariadb-10.6
+cgminer
+rust-ncurses
+libbson
=====================================
lib/python/sectracker/analyzers.py
=====================================
@@ -30,14 +30,14 @@ def mergelists(listfiles, diag):
in diag."""
result = {}
for listfile in listfiles:
- for bug in listfile.list:
+ for bug in listfile:
header = bug.header
name = header.name
if name in result:
diag.error("duplicate bug %r" % name,
- file=header.file, line=header.header.line)
+ file=bug.file, line=header.line)
diag.error("location of previous bug",
- file=result[name].file, line=result[name].line)
+ file=result[name].file, line=result[name].header.line)
continue
result[name] = bug
return result
=====================================
lib/python/sectracker/parsers.py
=====================================
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+from dataclasses import dataclass
+import typing
+import traceback
import re
+import sys
from sys import intern
import debian_support
@@ -26,7 +30,9 @@ from collections import namedtuple as _namedtuple
import sectracker.xpickle as _xpickle
import sectracker.diagnostics
-FORMAT = "4"
+FORMAT = "5"
+
+_debug_enabled = False
def _sortedtuple(seq):
l = list(seq)
@@ -71,15 +77,41 @@ def sourcepackages(name, f):
data[pkg_name] = SourcePackage(pkg_name, pkg_version, pkg_binary)
return data
-FlagAnnotation = _namedtuple("FlagAnnotation", "line type")
-StringAnnotation = _namedtuple("StringAnnotation",
- "line type description")
-XrefAnnotation = _namedtuple("XrefAnnotation", "line type bugs")
-PackageAnnotation = _namedtuple(
- "PackageAnnotation",
- "line type release package kind version description flags")
-PackageBugAnnotation = _namedtuple("PackageBugAnnotation", "bug")
-PackageUrgencyAnnotation = _namedtuple("PackageUrgencyAnnotation", "severity")
+ at dataclass
+class FlagAnnotation:
+ line: int
+ type: str
+
+ at dataclass
+class StringAnnotation:
+ line: int
+ type: str
+ description: str
+
+ at dataclass
+class XrefAnnotation:
+ line: int
+ type: str
+ bugs: typing.List[str]
+
+ at dataclass
+class PackageAnnotation:
+ line: int
+ type: str
+ release: str
+ package: str
+ kind: str
+ version: str
+ description: str
+ flags: list
+
+ at dataclass
+class PackageBugAnnotation:
+ bug: int
+
+ at dataclass
+class PackageUrgencyAnnotation:
+ severity: str
def _annotationdispatcher():
# Parser for inner annotations, like (bug #1345; low)
@@ -156,7 +188,7 @@ def _annotationdispatcher():
)
elif kind in pseudo_struct:
flags = parseinner(diag, inner)
- if kind == "itp" and not inner[1]:
+ if kind == "itp" and not [flag for flag in flags if isinstance(flag, PackageBugAnnotation)]:
diag.error("<itp> needs Debian bug reference")
return PackageAnnotation(
line=diag.line(),
@@ -169,14 +201,14 @@ def _annotationdispatcher():
flags=flags,
)
else:
- diag.error("invalid pseudo-version: " + repr(version))
+ diag.error("invalid pseudo-version: " + repr(kind))
return None
@_regexpcase.rule(r'\{(.*)\}')
def xref(groups, diag):
- x = tuple(groups[0].strip().split())
+ x = groups[0].strip().split()
if x:
- return XrefAnnotation(diag.line(), "xref", x)
+ return XrefAnnotation(line=diag.line(), type="xref", bugs=list(x))
else:
diag.error("empty cross-reference")
return None
@@ -191,9 +223,17 @@ def _annotationdispatcher():
default=lambda text, diag: diag.error("invalid annotation"))
_annotationdispatcher = _annotationdispatcher()
-List = _namedtuple("List", "list messages")
-Bug = _namedtuple("Bug", "file header annotations")
-Header = _namedtuple("Header", "line name description")
+ at dataclass
+class Header:
+ line: int
+ name: str
+ description: str
+
+ at dataclass
+class Bug:
+ file: str
+ header: Header
+ annotations: list # TODO: use a list of annotations
def _parselist(path, f, parseheader, finish):
lineno = 0
@@ -248,7 +288,13 @@ def _parselist(path, f, parseheader, finish):
if header is not None:
bugs.append(finish(header, headerlineno, anns, diag))
- return List(tuple(bugs), diag.messages())
+
+ if _debug_enabled:
+ for m in diag.messages():
+ sys.stderr.write(str(m) + "\n")
+ print("%s:%d: %s: %s" % (m.file, m.line, m.level, m.message))
+
+ return bugs
@_xpickle.loader("CVE" + FORMAT)
def cvelist(path, f):
@@ -268,7 +314,7 @@ def cvelist(path, f):
return (name, desc)
def finish(header, headerlineno, anns, diag):
name, desc = header
- return Bug(path, Header(headerlineno, name, desc), tuple(anns))
+ return Bug(path, Header(headerlineno, name, desc), list(anns))
return _parselist(path, f, parseheader, finish)
def writecvelist(data, f):
@@ -348,7 +394,7 @@ def dsalist(path, f):
def finish(header, headerlineno, anns, diag):
d, m, y, name, desc = header
_checkrelease(anns, diag, "DSA")
- return Bug(path, Header(headerlineno, name, None), tuple(anns))
+ return Bug(path, Header(headerlineno, name, None), list(anns))
return _parselist(path, f, parseheader, finish)
@_xpickle.loader("DTSA" + FORMAT)
@@ -365,7 +411,7 @@ def dtsalist(path, f):
def finish(header, headerlineno, anns, diag):
d, m, y, name, desc = header
_checkrelease(anns, diag, "DTSA")
- return Bug(path, Header(headerlineno, name, None), tuple(anns))
+ return Bug(path, Header(headerlineno, name, None), list(anns))
return _parselist(path, f, parseheader, finish)
@_xpickle.loader("DLA" + FORMAT)
@@ -381,7 +427,7 @@ def dlalist(path, f):
def finish(header, headerlineno, anns, diag):
d, m, y, name, desc = header
_checkrelease(anns, diag, "DLA")
- return Bug(path, Header(headerlineno, name, None), tuple(anns))
+ return Bug(path, Header(headerlineno, name, None), list(anns))
return _parselist(path, f, parseheader, finish)
@_xpickle.loader("EXT" + FORMAT)
@@ -397,5 +443,5 @@ def extadvlist(path, f):
def finish(header, headerlineno, anns, diag):
d, m, y, name, desc = header
_checkrelease(anns, diag, "EXT")
- return Bug(path, Header(headerlineno, name, None), tuple(anns))
+ return Bug(path, Header(headerlineno, name, None), list(anns))
return _parselist(path, f, parseheader, finish)
=====================================
lib/python/sectracker/xpickle.py
=====================================
@@ -63,7 +63,7 @@ def _wraploader(typ, parser):
try:
with open(path + EXTENSION, "rb") as f:
return (_pickle.load(f), True)
- except (EOFError, IOError, _pickle.PickleError):
+ except (AttributeError, EOFError, IOError, _pickle.PickleError):
return (None, False)
def check(data, st):
=====================================
lib/python/sectracker_test/test_parsers.py
=====================================
@@ -25,85 +25,78 @@ assert "bash" in o
assert o["bash"].name == "bash"
assert "bash" in o["bash"].binary
-safeunlink("../../data/CVE/list" + EXTENSION)
-o = cvelist("../../data/CVE/list")
-for err in o.messages:
- print("%s:%d: %s: %s" % (err.file, err.line, err.level, err.message))
+p._debug_enabled = True
safeunlink("../../data/DSA/list" + EXTENSION)
-o = dsalist("../../data/DSA/list")
-for err in o.messages:
- print("%s:%d: %s: %s" % (err.file, err.line, err.level, err.message))
+dsalist("../../data/DSA/list")
safeunlink("../../data/DTSA/list" + EXTENSION)
-o = dtsalist("../../data/DTSA/list")
-for err in o.messages:
- print("%s:%d: %s: %s" % (err.file, err.line, err.level, err.message))
+dtsalist("../../data/DTSA/list")
safeunlink("../../data/DLA/list" + EXTENSION)
-o = dlalist("../../data/DLA/list")
-for err in o.messages:
- print("%s:%d: %s: %s" % (err.file, err.line, err.level, err.message))
+dlalist("../../data/DLA/list")
Message = sectracker.diagnostics.Message
for (line, res, xmsgs) in [
(' - foo <unfixed>',
PackageAnnotation(17, "package", None, "foo", "unfixed", None,
- None, None, (), False), ()),
+ None, []), ()),
(' - foo',
PackageAnnotation(17, "package", None, "foo", "unfixed", None,
- None, None, (), False), ()),
+ None, []), ()),
(' [lenny] - foo <unfixed>',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, None, (), False), ()),
+ None, []), ()),
(' [lenny] - foo <undetermined> (bug #1234)',
PackageAnnotation(17, "package", "lenny", "foo", "undetermined",
- None, None, None, (1234,), False), ()),
+ None, None, [PackageBugAnnotation(1234)]), ()),
(' [lenny] - foo <itp> (bug #1234)',
PackageAnnotation(17, "package", "lenny", "foo", "itp", None,
- None, None, (1234,), False), ()),
+ None, [PackageBugAnnotation(1234)]), ()),
(' [lenny] - foo <itp>',
PackageAnnotation(17, "package", "lenny", "foo", "itp", None,
- None, None, (), False),
+ None, []),
(Message("CVE", 17, "error",
"<itp> needs Debian bug reference"),)),
(' [lenny] - foo 1.0',
PackageAnnotation(17, "package", "lenny", "foo", "fixed", "1.0" ,
- None, None, (), False), ()),
+ None, []), ()),
(' [lenny] - foo <unfixed> (bug filed)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, None, (), True), ()),
+ None, []),
+ (Message("CVE", 17, "error",
+ "invalid inner annotation: 'bug filed'"),)),
(' [lenny] - foo <unfixed> (bug filed; bug #1234)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, None, (1234,), False),
+ None, [PackageBugAnnotation(1234)]),
(Message("CVE", 17, "error",
- "'bug filed' and bug numbers listed"),)),
+ "invalid inner annotation: 'bug filed'"),)),
(' [lenny] - foo <unfixed> (low)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, "low", (), False), ()),
+ None, [PackageUrgencyAnnotation("low")]), ()),
(' [lenny] - foo <unfixed> (low; low)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, "low", (), False),
- (Message("CVE", 17, "error", "duplicate flag: 'low'"),)),
+ None, [PackageUrgencyAnnotation("low")]),
+ (Message("CVE", 17, "error", "duplicate urgency: 'low'"),)),
(' [lenny] - foo <unfixed> (bug #1234; garbled)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, None, (1234,), False),
+ None, [PackageBugAnnotation(1234)]),
(Message("CVE", 17, "error",
"invalid inner annotation: 'garbled'"),)),
(' [lenny] - foo <no-dsa> (explanation goes here)',
PackageAnnotation(17, "package", "lenny", "foo", "no-dsa", None,
- "explanation goes here", None, (), False), ()),
+ "explanation goes here", []), ()),
(' [lenny] - foo <end-of-life> (explanation goes here)',
PackageAnnotation(17, "package", "lenny", "foo", "end-of-life",
- None, "explanation goes here", None, (), False),
+ None, "explanation goes here", []),
()),
(' [lenny] - foo <not-affected> (explanation goes here)',
PackageAnnotation(17, "package", "lenny", "foo", "not-affected",
None,
- "explanation goes here", None, (), False), ()),
+ "explanation goes here", []), ()),
('\t{CVE-2009-1234 CVE-2009-1235}',
XrefAnnotation(17, "xref",
- tuple("CVE-2009-1234 CVE-2009-1235".split())),
+ ["CVE-2009-1234", "CVE-2009-1235"]),
()),
('\t{}', None,
(Message("CVE", 17, "error", "empty cross-reference"),)),
=====================================
lib/python/security_db.py
=====================================
@@ -918,7 +918,14 @@ class DB:
tables = ['debian_bugs', 'bugs', 'package_notes', 'bugs_notes', 'bugs_xref', 'package_notes_nodsa', 'ignored_packages', 'removed_packages', 'next_point_update']
+ # clean up all tables
for table in tables:
+ # check first, whether the table exists
+ try:
+ cursor.execute(f"SELECT 1 FROM sqlite_schema WHERE type = 'table' AND name = {table}")
+ except:
+ # table does not exist
+ continue
cursor.execute(f"DELETE FROM {table}")
# The *_status tables are regenerated anyway, no need to
@@ -2065,11 +2072,6 @@ class DB:
cursor = self.cursor()
last_bug = None
- if show_ignored == 0:
- show_ignored_sql = " AND NOT EXISTS (SELECT * FROM ignored_packages WHERE ignored_packages.name = source_packages.name)"
- else:
- show_ignored_sql = ""
-
result = []
for bug, pkg in cursor.execute(
f"""SELECT DISTINCT source_package_status.bug_name, source_packages.name
@@ -2085,7 +2087,7 @@ f"""SELECT DISTINCT source_package_status.bug_name, source_packages.name
AND package_notes.urgency <> 'unimportant'
AND package_notes.rowid NOT IN (SELECT note FROM debian_bugs)
AND source_package_status.vulnerable
- {show_ignored_sql}
+ AND ({show_ignored} OR NOT EXISTS (SELECT * FROM ignored_packages WHERE ignored_packages.name = source_packages.name))
ORDER BY source_package_status.bug_name, source_packages.name"""):
if last_bug is None or last_bug != bug:
last_bug = bug
=====================================
org/lts-frontdesk.2023.txt
=====================================
@@ -11,10 +11,10 @@ From 06-03 to 12-03:Thorsten Alteholz <squeeze-lts at alteholz.de>
From 13-03 to 19-03:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
From 20-03 to 26-03:Anton Gladky <gladky.anton at gmail.com>
From 27-03 to 02-04:Chris Lamb <chris at chris-lamb.co.uk>
-From 03-04 to 09-04:Emilio Pozuelo Monfort <pochu27 at gmail.com>
+From 03-04 to 09-04:Sylvain Beucler <beuc at beuc.net>
From 10-04 to 16-04:Markus Koschany <markus at koschany.net>
From 17-04 to 23-04:Ola Lundqvist <ola at inguza.com>
-From 24-04 to 30-04:Sylvain Beucler <beuc at beuc.net>
+From 24-04 to 30-04:Emilio Pozuelo Monfort <pochu27 at gmail.com>
From 01-05 to 07-05:Thorsten Alteholz <squeeze-lts at alteholz.de>
From 08-05 to 14-05:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
From 15-05 to 21-05:Anton Gladky <gladky.anton at gmail.com>
@@ -24,29 +24,29 @@ From 05-06 to 11-06:Markus Koschany <markus at koschany.net>
From 12-06 to 18-06:Ola Lundqvist <ola at inguza.com>
From 19-06 to 25-06:Sylvain Beucler <beuc at beuc.net>
From 26-06 to 02-07:Thorsten Alteholz <squeeze-lts at alteholz.de>
-From 03-07 to 09-07:
-From 10-07 to 16-07:
-From 17-07 to 23-07:
-From 24-07 to 30-07:
-From 31-07 to 06-08:
-From 07-08 to 13-08:
-From 14-08 to 20-08:
-From 21-08 to 27-08:
-From 28-08 to 03-09:
-From 04-09 to 10-09:
-From 11-09 to 17-09:
-From 18-09 to 24-09:
-From 25-09 to 01-10:
-From 02-10 to 08-10:
-From 09-10 to 15-10:
-From 16-10 to 22-10:
-From 23-10 to 29-10:
-From 30-10 to 05-11:
-From 06-11 to 12-11:
-From 13-11 to 19-11:
-From 20-11 to 26-11:
-From 27-11 to 03-12:
-From 04-12 to 10-12:
-From 11-12 to 17-12:
-From 18-12 to 24-12:
-From 25-12 to 31-12:
\ No newline at end of file
+From 03-07 to 09-07:Anton Gladky <anton at gladk.de>
+From 10-07 to 16-07:Chris Lamb <chris at chris-lamb.co.uk>
+From 17-07 to 23-07:Emilio Pozuelo Monfort <pochu27 at gmail.com>
+From 24-07 to 30-07:Markus Koschany <markus at koschany.net>
+From 31-07 to 06-08:Ola Lundqvist <ola at inguza.com>
+From 07-08 to 13-08:Sylvain Beucler <beuc at beuc.net>
+From 14-08 to 20-08:Thorsten Alteholz <squeeze-lts at alteholz.de>
+From 21-08 to 27-08:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
+From 28-08 to 03-09:Anton Gladky <anton at gladk.de>
+From 04-09 to 10-09:Chris Lamb <chris at chris-lamb.co.uk>
+From 11-09 to 17-09:Emilio Pozuelo Monfort <pochu27 at gmail.com>
+From 18-09 to 24-09:Markus Koschany <markus at koschany.net>
+From 25-09 to 01-10:Ola Lundqvist <ola at inguza.com>
+From 02-10 to 08-10:Sylvain Beucler <beuc at beuc.net>
+From 09-10 to 15-10:Thorsten Alteholz <squeeze-lts at alteholz.de>
+From 16-10 to 22-10:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
+From 23-10 to 29-10:Anton Gladky <anton at gladk.de>
+From 30-10 to 05-11:Chris Lamb <chris at chris-lamb.co.uk>
+From 06-11 to 12-11:Emilio Pozuelo Monfort <pochu27 at gmail.com>
+From 13-11 to 19-11:Markus Koschany <markus at koschany.net>
+From 20-11 to 26-11:Ola Lundqvist <ola at inguza.com>
+From 27-11 to 03-12:Sylvain Beucler <beuc at beuc.net>
+From 04-12 to 10-12:Thorsten Alteholz <squeeze-lts at alteholz.de>
+From 11-12 to 17-12:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
+From 18-12 to 24-12:Anton Gladky <anton at gladk.de>
+From 25-12 to 31-12:Chris Lamb <chris at chris-lamb.co.uk>
\ No newline at end of file
=====================================
static/distributions.json
=====================================
@@ -34,6 +34,11 @@
"support": "none",
"contact": ""
},
+ "forky": {
+ "major-version": "14",
+ "support": "none",
+ "contact": ""
+ },
"sid": {
"major-version": "",
"support": "none",
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32e398392b522bbe5184dfe1a44ca0dbfa82f6cf...a4c5a4a40dfa1616beb7d7067e301c9689db3b73
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32e398392b522bbe5184dfe1a44ca0dbfa82f6cf...a4c5a4a40dfa1616beb7d7067e301c9689db3b73
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230524/a9dd5de3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list