October 2023 Archives by thread
Starting: Sun Oct 1 00:00:15 BST 2023
Ending: Tue Oct 31 21:28:15 GMT 2023
Messages: 831
- [Git][security-tracker-team/security-tracker][master] lts: add libvpx
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-44488/libvpx
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Specify upstream tags and branch for CVE-2023-44488
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take some updates from dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate preparation for mosquitto as well
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Unclaim and remove nasm from dla-needed.txt, as suggested by rouca to me via...
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5323/dolibarr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-43907/optipng
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two matrix-synapse issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Map three remaining ZDI issues to exim bugtracker
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-44488/libvpx via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-0809,mosquitto: Buster is not affected
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-40626/zabbix : Mark no-dsa for buster as well, for consitency.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Reference followup post for exim4 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2022-29654 the same at its duplicate, CVE-2022-44370
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3597-1 for open-vm-tools
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DSA-5511-1 mosquitto
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Added a note about the work needed after upgrade of borgbackup.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Buster no-dsa for gcc-7 and gcc-8 following bullseye decision.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Clarify status for exim4 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Marked golang-golang-x-image CVEs as no-dsa for buster.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Marked composer CVE-2023-43655 as minor issue.
Ola Lundqvist ( at opal)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3598-1 for libvpx
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Take postgresql-11 for paperwork
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for several freerdp2 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Revert "Document file move for prometheus-alertmanager for CVE-2023-40577"
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] dla: take axis
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2023-41115,exim4: Buster is not affected
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 4 commits: Reference upstream fixes for exim4
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-42754/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-42467/qemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: mark CVE-2021-28025/qt4-x11 as no-dsa on buster
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5345/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: identified potential patch for CVE-2023-39353/freerdp2
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Revert "identified potential patch for CVE-2023-39353/freerdp2"
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] dla: tidy golang triage
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add python3.7
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: dispatch FD slots for first half of 2024
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5344/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5160/mattermost-server, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-41580/phpipam
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] foot spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track new libx11 and libxpm issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2023-4911/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for glibc update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-4911/glibc via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-4911
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add libx11 and libxpm to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add grub2 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add grub2 to dla-needed.txt
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Expand commit id for tenttive/possible patch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference CVE list for DSA-5513-1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track pending linux updates for bullseye-pu and bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Clarify that introducing commit for CVE-2023-4911 was backported and included in debian/2.31-12
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-43655/composer via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-4732/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-4886/foreman
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3600-1 for postgresql-11
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Take grub2 announement
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5346/chromium
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-4610/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: drop zabbix, no remaining issues
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5366/openvswitch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new galera issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Mark Red Hat OpenStack reference as non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-44272/citadel
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] curl, glib2.0 ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] python-git spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libx11 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-44272: citadel -> webcit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add libx11 and libxpm
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] lts: take libx11 and libxpm
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new libstb issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] gitlab n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add galera-4 as well for CVE-2023-5157
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Re-associate for now CVE-2023-42118 with libspf2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional references for CVE-2023-43898
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] additional references for libstb issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] freerdp2: Add patches fixing CVEs (see complete commit message for details)
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] chromium DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] openrefine spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Remove duplicate references for CVE-2023-43898
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust commit for CVE-2023-39352
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-39355
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust one upstream tag which landed in a later release apparently
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-43665/python-django
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-469{2, 3}: Reference as well kernel-list post for easier patch reviews
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add commit reference for CVE-2023-4806
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-43665/python-django
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for galera-3 issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-43642
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5377/gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5371/wireshark
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference to CVE-2023-37543/cacti
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-43642/snappy-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-39191/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-39192/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-39193/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-39194/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2023-39365/cacti
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2023-39365
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5341/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new avahi issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3601-1 for thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3576/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3430/openimageio
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: reference linux-5.10 for clarity
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3602-1 for libx11
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3603-1 for libxpm
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] 14 commits: Rewrite check-new-issues in Python
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] check-new-issues: read the zip file after downloading it
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] three unimportant kernel issues fixed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust one commit reference for CVE-2022-45886
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Sync version information with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] libxpm fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] de-associate libxpm from CVE-2023-43786/CVE-2023-43787
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] django fixed
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3604-1 for qemu
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] LTS: Claim python3.7 in dla-needed.txt
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] 5 commits: CVE-2023-5377/gpac: buster end-of-life
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-43646/node-get-func-name, CVE-2023-44270/node-postcss: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add node-webpack
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] libx11, libxpm DSAs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update version for second batch of CVEs for bookworm-pu for openrefine
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] De-associate CVE-2023-43786 CVE-2023-43787 for libxpm (was only additional hardening for libxpm)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for libvpx update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new python-urllib3 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag reference for CVE-2023-43804 commit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new vorbis-tools issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for galera-4 including CVE fix via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-38469/avahi as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-38470/avahi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3605-1 for grub2
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-22995/netatalk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take grub2 from dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note for CVE-2023-5255
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Review list of bookworm-pu updates (move unaccepted ones to end of list)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Review list of bullseye-pu updates (move unaccepted ones to end of list)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new gradle issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] puppet/puppetserver n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: add python-urllib3
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add python-django
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add flatpak
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] LTS: claim python-urllib3 in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] netatalk fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] chromium fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] "new" PHP issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFUs (concludes external check)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new vim issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new golang issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new drupal issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new rust-sudo-rs issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new iotjs issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new hamster-time-tracker issue (might be bogus), NFU
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: add unfixed note to opendkim in dla-needed.txt
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-44387/gradle: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-38469/avahi: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-36109/iotjs: follow bullseye
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for grub2 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag reference for CVE-2023-5441
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-39323/golang-1.21 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-39323/golang-1.20 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commits for CVE-2023-39323
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-42456: Try to clarify that no vulnerable version was in unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix CVE id for sgt-puzzles issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] wireshark fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] gitignore: Ignore mitre.zip as downloaded from mitre feed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5452/snipe-it
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-42445/gradle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference to oss-security post for avahi issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-5345/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45322/libxml2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 4 commits: Merge linux changes for bookworm 12.2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for some linux issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] swap order of patches for CVE-2023-39353, as they have to be applied in that order.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] 5 commits: Merge linux changes for bullseye 11.8
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix typo in version for CVE-2023-39356/freerdp2
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Revert "Fix typo in version for CVE-2023-39356/freerdp2"
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-39323/golang-1.11: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-45322/libxml2: buster postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track nomad as removed from everywhere supported
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-4900/php7.4: not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add curl
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-43804/python-urllib3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-45322/libxml2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-43898/libstb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 5 commits: dla: add batik
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] LTS: claim inetutils in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] lts: take dbus
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] lts: take curl
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-33503/python-urllib3: Versions <1.25.4 are unaffected.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3606-1 for freerdp2
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3607-1 for gnome-boxes
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3608-1 for vinagre
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] DLA-3606-1 Fix wrong number in CVE, paste error
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Readd freerdp2, missed a few CVEs.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Record gst-plugins-bad1.0 fixed in 1.22.6 directly
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove pending ceph from bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-4567
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-32302 as CVE is rejected
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-2222
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2010-1765
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-5312 (Rejected, duplicate of CVE-2023-43226)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: take krb5
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2018-20060/python-urllib3: Add note for lowercase headers.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] CVE-2018-20060/python-urllib3: Improve note wording.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45199/mbedtls
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] add CVE-2023-43615/mbedtls
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3609-1 for prometheus-alertmanager
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DLA-3610-1 for python-urllib3
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3612-1 for lemonldap-ng
Yadd ( at yadd)
- [Git][security-tracker-team/security-tracker][master] Mark xbindkeys-config as removed from unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add information for CVE-2021-33503
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take batik
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Fix lemonldap-ng version
Yadd ( at yadd)
- [Git][security-tracker-team/security-tracker][master] update notes
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2023-40175/puma
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-43040/ceph
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-43615/mbedtls
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-43040/ceph
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-45199/mbedtls
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-5115/ansible
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-5115/ansible-core
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-5344/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: check-new-issues: Define set_cve_nfu before using it for automatic processing
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] ceph fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new mediawiki issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: Add note why axis has to be fixed in bullseye first
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Update status of mosquitto in dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-40175 as ignored for buster
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] new libcue issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] gifsicle non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new libowasp-antisamy-java issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new netfilter issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libcue fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] urllib3 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new xen issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new HTTP/2 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2021-40211 as fixed by fix of CVE-2022-32545
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] two mediawiki issues n/a for older suites
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] track ATS and haproxy for HTTP/2 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add nginx
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add imagemagick6 commit for CVE-2023-5341
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] new samba issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] more HTTP/2 refs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add nghttpd2 to affected packages
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mediawiki DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] more HTTP/2 references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark one mediawiki issue n/a for buster
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark CVE-2014-1686 as bogus
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-44487: Add h2o to list of affected packages
Samuel Henrique ( at samueloph)
- [Git][security-tracker-team/security-tracker][master] add tomcat9
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] new tomcat issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new matrix-synapse issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DSA-5521-1 tomcat10
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Correct CVE entry for tomcat9
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] curl DSA
Moritz Muehlenhoff ( at jmm)
- Processing f1bd93a3fa1510ba20b67b144b3a4bafdc141753 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] new curl issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new nss issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] nginx fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] curl fixed in sid, n/a for buster
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new chromium issues (fixed in sid)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] separate CVE for HTTP2 issue for Golang
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] more curl references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] adapt fixed versions for jpeg-xl
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim org-mode.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] new jetty issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3613-1 for curl
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] new zookeeper issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] matrix-synapse fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] nss fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bugnum
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] tomcat10 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark netty as affeted for HTTP/2 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] additonal HTTP/2 references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libcue, samba DSAs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3614-1 for python3.7
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] 5 commits: add jetty9
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Triage tomcat9 issues in bookworm, trixie and sid
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3615-1 for libcue
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3616-1 for org-mode
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-5527-1
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5522-2 tomcat9
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2023-38473 CVE-2023-38472 CVE-2023-38471 CVE-2023-38470...
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] new babel issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new node-undici issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new tracker-miners issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new gpac issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new zabbix issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new qbittorrent issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new json/java issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] ceph spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3617-1 for tomcat9
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] node-babel7 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] xterm unimportant, affected functionality not enabled in Debian
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] golang-golang-x-net fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] additional HTTP/2 reference
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] node-undici fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new wordpress issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] vim fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 5 commits: update note
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] add zookeeper
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-44981/zookeeper: Add commit that introduced it
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Claim node-babel in dla-needed.txt
Yadd ( at yadd)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3618-1 for node-babel
Yadd ( at yadd)
- [Git][security-tracker-team/security-tracker][master] new zabbix issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new slurm issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] xen fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Mark progress on imagemagick/buster
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] LTS: take freeimage
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3619-1 for batik
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] LTS: claim nghttp2 in dla-needed.txt
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim h2o
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-42118: Add libspf2 bugnum
Samuel Henrique ( at samueloph)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2020-18839/poppler in buster fixed by the same version as CVE-2020-27778
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] 5 commits: add nss
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] DLA-3610-1: Also mark CVE-2018-25091/python-urllib3 as fixed.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Fix sid version for CVE-2018-25091/python-urllib3.
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim zookeeper.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3620-1 for poppler
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dla: add note
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3621-1 for nghttp2
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] LTS: Claim nss in dla-needed.txt
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] add bullseye fix for recent Chromium DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] node-babel7 DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: claim cacti and mediawiki in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5522-3 for tomcat9
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3617-2 for tomcat9
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-40743,axis: fixed in unstable
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3622-1 for axis
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Claim jetty9 in dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] axis spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] undici spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: chromium DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new ATS issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new linux issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] aom fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim python-django.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim phppgadmin.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-39189/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Linux commit reference for XSA-441
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-40791/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-45862/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-45863/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-45871/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-45898/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new gpac issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-39331/nodejs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-42319/golang-github-go-ethereum
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from now rejected CVE-2023-4413
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE wich was withdrawn by its CNA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-43764 (duplicate of CVE-223-43762)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45853/zlib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional references for CVE-2023-43641
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-42459/fastdds
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-44270/node-postcss via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-42459/fastdds
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for libowasp-antisamy-java issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update some references for CVE-2023-44487
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-44487/nghttp2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag references for CVE-2023-5341/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5568
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-42670/samba
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Expand commit ids for CVE-2023-3854{5,6}
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adapt fixed version for CVE-2023-4421/nss
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track upstream tag for CVE-2023-44981 commit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag for CVE-2023-5535 commit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add clarifying note about server stack removal from tomcat/9.0.70-2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2023-45143
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-5557/tracker-miners
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5632/mosquitto
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5631/roundcube
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46009/gifsicle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] node-graphql fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new Java issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new virtualbox issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3623-1 for linux-5.10
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46228/zchunk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45145/redis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additonal reference for tracker-minier sandboxing escape issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: take openjdk-11
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28999/nextcloud-desktop via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add slurm-llnl for CVE-2023-41914
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add pmix to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Slightly redact note for regression fixing commit as commit is in 1.25
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45803/python-urllib3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45683/golang-github-crewjam-saml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark for now slurm-wlm in bullseye as postponed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-45145/redis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-44981/zookeeper
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-45683
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-45803
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-45145/redis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-44487/netty
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-46228/zchunk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-44487/h2o
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two more exim4 issues as fixed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-46009/gifsicle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-37543 after feedback from upstream
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new RT issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add for now RT4 and RT5 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: python-pip 23.3 vendors python-truststore
Stefano Rivera ( at stefanor)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-38703/pjproject
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-20588/xen via unstable (XSA-439)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove CVE-2023-1989 from DLA-3623-1
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] new apache2 issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dsa-needed: add and claim roundcube
Sebastien Delafond ( at seb)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-30847 as not-affected in Debian
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-5527-2
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3624-1 for zookeeper
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Update note for Django.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] new rust-pleaser issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference apache2 advisories with upstream details
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Slightly redact information on CVE-2023-30847
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-44487/h2o via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-46277/rust-pleaser
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-46228/zchunk via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2022-33065/libsndfile
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5090/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2023-45802
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-45853/zlib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5686/radare2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46287/nagvis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46267/roundcube
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add pull reference for CVE-2023-38473/avahi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference fix from upstream for CVE-2023-38472/avahi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: take h2o
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] DLA-3538-2 zabbix - regression update.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Add version for DLA-3538-2
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Add new set of libstb issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note about cepth progress on buster
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Take ruby rmagick
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45805/pdm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-44483/libxml-security-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-45803 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5349/ruby-rmagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track for now the experimental fix of CVE-2023-3428
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track two CVE fixes for openjdk-21
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-5568/samba
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-28755/rubygems
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-5115/ansible-core
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] opensearch is in the archive now
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-32723/zabbix, identified upstream fix.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-32721/zabbix, add potential upstream fix.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-29454/zabbix - buster does not have the affected Go agent.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Add note that I'm still wokring on the package.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage redis for buster LTS (CVE-2023-45145)
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Drop notes for CVE-2023-46267 (duplicate of CVE-2023-5631)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3625-1 for ruby-rmagick
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA for longstanding update for ruby-rack and ignore the ruby-sinatra...
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track proposed update for 7zip via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new nodejs issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] python-eventlet n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new vague linux issue (concludes external check)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2023-5178
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new squid issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] openjdk-8 fixes
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixes for linux issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3626-1 for krb5
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] new mysql issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: take trafficserver
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5531-1 for roundcube
Sebastien Delafond ( at seb)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46317/knot-resolver
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] ATS references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3627-1 for redis
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3628-1 for dbus
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] free amanda
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] new squid issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] more squid references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: nss: add note
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3629-1 for ceph
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] one more squid issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new weborf issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2023-39331
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Update two CVEs from Oracle CPU about MySQL connectors for java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] wolfssl fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] weborf fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream pull request for CVE-2023-46586/weborf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed weborf update for bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track additional bug covering more CVEs but including CVE-2023-44487
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] mycli non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add tungstenite references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-3961/samba
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46288/airflow, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for wolfssl via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-4633{1,2}/wabt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from rejecte CVEs (they were all duplicates)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46303/calibre
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5633/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update CVE-2023-5633 with kernel-sec information
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for weborf via bullseye-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-42459/fastdds
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2023-45
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2023-46
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed list and assign to jmm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-5363/openssl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: add roundcube and assign to maintainer
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for openssl update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 5 commits: Mark CVE-2023-{5586,5595} as EOL for LTS (gpac)
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for request-tracker4 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for request-tracker5 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for gst-plugins-bad1.0 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3630-1 for roundcube
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Track fixes for CVEs for firefox-esr via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-38471/avahi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5472/chromium
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add xorg-server CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-5367/xwayland as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add xorg-server to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] add xorg-server
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Track fixes for xorg-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-5367/xwayland
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track CVE for thunderbird from mfsa2023-47
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim pmix.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for 4 squid issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add thunderbird for dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5758/firefox
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46136/python-werkzeug
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note on request-tracker4 in dla-needed.txt
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for xorg-server update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3631-1 for xorg-server
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5752/python-pip
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-5363/openssl via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for firefox issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate chromium for DSA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5472/chromium fixes via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] firefox-esr DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-46136/python-werkzeug
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update references for CVE-2023-38469/avahi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5717/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] co-claim with rouca docker.io in dla-needed.txt, again
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Associate CVE-2019-19588 with src:validators
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track upstream tag for one imagemagick commit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track CVE fixes for imagemagick after upload to unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45872
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] check-new-issues: don't exit when auto-setting nfu
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46753/frr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46752/frr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference to upstream commit for CVE-2023-39364/cacti
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] catdoc non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 5 commits: Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] doc/s-t.d.o/security-tracker: Mention option to speed out clone
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-43281/libstb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46813/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3632-1 for firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-3405{7,8,9} related to VMware and open-vm-tools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: update status for nss
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] new node-browserify-sign issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] openjdk-11 DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag for CVE-2023-46234
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46233/cryptojs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-31582/libjose4j-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-42295/openimageio
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process two new memcached CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46246/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add temporary description for avahi issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for avahi issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Three openimageio issues fixed in unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for open-vm-tools issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-3223/undertow
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for nodejs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45960/dom4j
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-3223/undertow
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46490/cacti
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix for CVE-2023-46234/node-browserify-sign via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46407/ffmpeg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-22067 doesn't apply to openjdk-11, thanks to pochu for the report
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3633-1 for gst-plugins-bad1.0
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] LTS: update request-tracker4 notes with patch info
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3634-1 for nss
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2023-465{69,70}/radare2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two additional references for CVE-2023-34059/open-vm-tools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] opensearch references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-46137/twisted
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note for fastdds, updates prepared by maintainer
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two nats-server issues (one covering as well in nkeys)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add oss-security reference for CVE-2023-5178
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: add python-urllib3 and assign to spwhitton
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] LTS: add galera-3
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for zookeepr via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: take galera-3
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3635-1 for node-browserify-sign
Yadd ( at yadd)
- [Git][security-tracker-team/security-tracker][master] Add note for zookeeper
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add node-browserify-sign to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3636-1 for openjdk-11
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Take node-browserify-sign for DSA release
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46862/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process three NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46858/moodle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45897/exfatprogs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3637-1 for thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for request-tracker5 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for requsest-tracker4 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for CVE-2023-46129
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two maradns issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-45897/exfatprogs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-42295/openimageio
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix via unstable for CVE-2023-35827/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-4610/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-5158/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-1193/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2023-42445 as no-dsa for buster
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] LTS add memcached
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for mysql-8.0 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3638-1 for h2o
Anton Gladky ( at gladk)
- [Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-31582/libjose4j-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5842/dolibarr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-1289 (imagemagick) as fixed in unstable/testing
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3639-1 and DLA-3640-1 for distro-info-data and distro-info updates
Stefano Rivera ( at stefanor)
- [Git][security-tracker-team/security-tracker][master] Update version information for CVE-2023-1289
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for node-browserify-sign update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference merge commits for CVE-2023-41259, CVE-2023-41260 and CVE-2023-45024
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: update request-tracker4 status + attribute past notes
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add assigned CVE-2023-47090/nats-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add open-vm-tools to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-5540-1 for jetty9
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3641-1 for jetty9
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for request-tracker5 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for request-tracker4 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3642-1 for request-tracker4
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track three fixes which landed in wabt/1.0.33 upstream
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-34049/salt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-46361/jbig2dec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-25155/dompurify.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Claim samba
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: retake suricata
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3643-1 for pmix
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Claim memcached and mosquitto
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] open-vm-tools, zookeeper DSAs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-31794/mupdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage open-vm-tools for buster LTS (CVE-2023-34058 & CVE-2023-34059)
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2023-46287 in nagvis for buster LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-31794/mupdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-45746/movabletype-opensource
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream issue reference for CVE-2023-5377/gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream issue for CVE-2023-5586/gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-5377/gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream issue reference for CVE-2023-5595
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-5586/gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-5595/gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-20886 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-5871/libnbd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-22518 as NFU
Salvatore Bonaccorso ( at carnil)
Last message date:
Tue Oct 31 21:28:15 GMT 2023
Archived on: Tue Oct 31 21:28:19 GMT 2023
This archive was generated by
Pipermail 0.09 (Mailman edition).