May 2025 Archives by thread
Starting: Thu May 1 01:17:28 BST 2025
Ending: Sat May 31 17:14:23 BST 2025
Messages: 1091
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4149-1 for nagvis
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add entry for DLA-4150-1/uboot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note that there is debdiff for review for vips update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4056/glib2.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-43857/ruby (Net::IMAP embedded in ruby)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-3891/libapache2-mod-auth-openidc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for another angular.js issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-43857/ruby3.3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-32464/haproxy
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE assigned for nodejs issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional references for CVE-2025-47153
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add embded copy for libuv/nodejs
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47154/ladybird, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Claim golang-github-gorilla-csrf in dla-needed.txt
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4151-1 for golang-github-gorilla-csrf
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] Process two more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] mark CVE-2024-39936 as unimportant for the gles package
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-47153/nodejs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Pushed new branch pip-vendor-dependency-groups
Stefano Rivera ( at stefanor)
- [Git][security-tracker-team/security-tracker][master] LTS: claim containerd in dla-needed.txt
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage nodejs for bullseye LTS (CVE-2025-47153)
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Remove notes from rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: lesstif and libxpm have been removed long time ago
Paul Gevers ( at elbrus)
- [Git][security-tracker-team/security-tracker][master] Fix a typo s/node-domepurify/node-dompurify/
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] libjs-jquery-validation is now packaged
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] ruby-fugit removed from sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Take nodejs/dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46569/golang-github-open-policy-agent-opa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] openjdk-17 DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46565/node-vite
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46337/libphp-adodb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two kibana issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-46337/libphp-adodb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-52979/elasticsearch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] add reference for CVE-2025-21756
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update note for openjdk-17
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged enries for unimportant CVE entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reverse order as liferea embeds node-dompurify
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix used source package name for jquery-validation
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track now packaged node-jquery-validation issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage firefox-esr for bullseye LTS (CVE-2025-4083,...
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage qemu for bullseye LTS (CVE-2024-3446, CVE-2024-4467 & CVE-2024-7409)
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add comment for u-boot
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim libeconf.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4152-1 for nodejs
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] chromium dsa
Andres Salomon ( at dilinger)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-32464/haproxy as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from now rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Processs some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add new description based rule for PCMan FTP Server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] NFU CVE-2025-46762 Apache Parquet
Henri Salo ( at hsalo-guest)
- [Git][security-tracker-team/security-tracker][master] Ignore CVE-2022-35409 for bullseye
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] first batch of wastime RUSTSEC assignments and data fixes
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] more RUSTSEC assignments for wasmtime
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] more rust-wasmtime assignments
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] last batch of wasmtime fixes
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-46337 via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-3695-2 for ansible
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] 2 commits: pip vendored two new libraries in 25.1+dfsg-1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Deleted branch pip-vendor-dependency-groups
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage golang-golang-x-net for bullseye LTS (CVE-2025-22872)
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA based rule for Dassault Systèmes
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA based rule for Honeywell products
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for fdkaac issues via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add description based rule for Wavlink
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process one more NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Sync two Linux CVEs with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes for nvidia-graphics-drivers via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-3573/kalkun via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for vips update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2024-58253 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: Pseudo-unclaim libsoup2.4 with update
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] Remove empty line
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for libsoup2.4 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-58135/libmojolicious-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-58135
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4215/ublock-origin
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47229/pspp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47226/snipe-it
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-0782 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-55069/ffmpeg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-21546/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-4215/ublock-origin
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-47229
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim openjdk-{17,11}
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Triage issue in rust-tokio for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-49214/haproxy: Improve rationale for ignoring
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-37799/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-58134/libmojolicious-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Trck fixed version for nvidia-open-gpu-kernel-modules issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for second libmojolicious-perl issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: mark CVEs affecting libbson-xs-perl
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Add php-horde-css-parser embedding Sabberworm CSS Parser
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim python-flask-cors in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] sqlite fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] rt5 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4153-1 for containerd
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2025-32743
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-24795/apache2: link actual fixes for fossil
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Take krb5
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-13756
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] krdb5/dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] LTS: update notes on libbson-xs-perl
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Track proposed libbson-xs-perl update via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark libbson-xs-perl as no-dsa for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add fossil
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] add p0 reference
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new znuny issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: add opencryptoki
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for znuny issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Update CVE-2023-53076 as rejected
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: typo
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47268/iputils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-47268
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] dla: add yelp
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-47268 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop notes from two rejected CVEs which were not security issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-52970
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-52969/mariaDB
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Take mariaDB
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Update status for three Linux CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add fixed version for quickjs issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-47268/iputils: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-4056/glib2.0: bullseye not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla add php-horde-css-parser
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add libmojolicious-perl
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add libphp-adodb
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: postpone tomcat9
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add embed of angular.js
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Duplicate CVEs from angular.js to civicrm
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla: take libphp-adodb
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Update status of CVE-2024-3446 and CVE-2024-4467/qemu in bullseye. Ignore them
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] LTS: claim knot-resolver in dla-needed.txt and add update note
Emmanuel Arias ( at eamanu)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2025-22873/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Merge Linux CVE changes from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add embded angular.js in openshot-qt
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] openshot-qt add embed jquery-ui.js
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Update status on CVE-2012-6707/wordpress
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Triage embed angular.js issue
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Revert "Triage embed angular.js issue"
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47256/libxmp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add angular.js-material copy of sogo
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] sogo ckeditor embed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add angular.js copy of sogo
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add mark.js for sogo
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-37730/logstash
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-30165/vllm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-25014/kibana, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-22873/golang
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4373/glib2.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add ng-sortable to sogo
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-4056
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add python-xstatic-angular embed angular.js
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Update status ofr CVE-2023-52970
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add Crestron
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Remove ChromeOS
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new virglrenderer issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add Unisoc
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add python-xstatic-bootstrap-scss embed twitter-bootstrap3
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Take adminer and add notes
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Track fixed verison for CVE-2025-32743/connman via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add new chromium issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-3891/libapache2-mod-auth-openidc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference proposed patch for CVE-2025-46394
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2025-27533
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add BeyondTrust
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-32022/finit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46728/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4287/pytorch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] libxmp fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] also track two recent MySQL issues for mariadb
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] znuny fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark older nvidia-cuda-toolkit issues as fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2022-49737/xorg-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark 6.1.137-1 as uploded for Debian bookworm as released
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4154-1 for mariadb-10.5
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Fix transposition of two digits.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] dla: add libapache2-mod-auth-openidc and attribute to moschlar (upcoming DLA)
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: libapache2-mod-auth-openidc status
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-32873/python-django
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-2467
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-36791/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-23244/nvidia-graphics-drivers
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2025-47268/iputils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add angular.js
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] lts: add note for webpy
Emmanuel Arias ( at eamanu)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-2467
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-51989 (rejected, as duplicate)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process may NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47203/dropbear
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-29602/flatpress
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-47619/syslog-ng
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add fixed version for nvidia-open-gpu-kernel-modules via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-47619/syslog-ng
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend product list for Cisco
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for libphp-adodb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update version for libphp-adodb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for mariadb via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4390/slurm-wlm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add temporary entry for ZDI-CAN-26752/gimp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4155-1 for libapache2-mod-auth-openidc
Moritz Schlarb ( at moschlar)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rules for F5
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46727/ruby-rack
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-32441/ruby-rack
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46336/ruby-rack-session
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-0649/tensorflow
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4156-1 for openssh
Colin Watson ( at cjwatson)
- [Git][security-tracker-team/security-tracker][master] Drop some rejected CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Claim RT4 in LTS for the paperwork. Thanks Andrew for the update
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Track upstream commit for CVE-2025-3818
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4157-1 for request-tracker4
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] nvidia-graphics-drivers spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] nvidia-open-gpu-kernel-modules spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] krb5 spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] imagemagick spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference used commits for isolated fixes to address CVE-2025-3576
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add lit of upstream versions for easier tracking for CVE-2025-30722
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream versions for reference and easier tracking in CVE-2025-30693
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 9 commits: Add Debian bug reference for CVE-2025-46727
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: take over redis as discussed
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46712/erlang
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-44021/ironic
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4207/PostgreSQL
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track postgresql-15 via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] libapache2-mod-auth-openidc DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-3506/check-mk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-28073/phplist, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim libheif
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] Sync some Linux CVEs with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-50076/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag reference for CVE-2023-52971
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-46712/erlang
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-44021/ironic
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: add python-django
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] new php-league-commonmark issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Revert semi-automatic embedded jqueryui/angular.js CVE attribution
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] new jetty issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new rust-ring issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla: add postgresql-13
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-37835/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] llama.cpp is in the archive now
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4158-1 for fossil
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] DLA-4158-1/fossil: fix description
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] LTS: Claim postgresql-13 in dla-needed.txt
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4159-1 for postgresql-13
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2025-4390/slurm-wlm: bullseye end-of-life
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4160-1 for libbson-xs-perl
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] lts-do-call-me: reference recent maintainers uploads
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4161-1 for simplesamlphp
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Revert "sogo ckeditor embed"
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct markings for embedded copy for angular.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2024-2467 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-4432/rust-ring
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for gimp issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-46712/erlang via unstble
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove check item from rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Expand catching of Project Worlds NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-30693,CVE-2025-30722/mariadb-10.5: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add todo for CVE-2025-37889 after clarifying with Linux kernel CNA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for simplesamlphp via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] gobgp: bullseye not-affected or postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-21605/redis via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4382/grub2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add further clarification step for CVE-2025-4382
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commits for CVE-2020-27748/xdg-utils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-4373 as no-dsa for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track redis upload for bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from rejected CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note taht sogo embedded ckeditor up to 5.11.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Merge for now CVE-2025-37889 from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove note on one rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop note from rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-3818/webpy via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-53145 from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update CVEs from kernel-sec for linux issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Typos
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add ublock-origin
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-32441,CVE-2025-46727/ruby-rack: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reclaim edk2 and php-twig
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46392/commons-configuration
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add description based rule for Campcodes products
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2025-4382
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for pspp issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: reclaim mbedtls
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for pspp issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-46392
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for grub2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-47619/syslog-ng
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-32873/python-django via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new rust-sudo-rs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for simplesamlphp update bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track rpoposed elrang update via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update some information for rust-sudo-rs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version fro openjdk-8 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark simplesamlphp as no-dsa and remove from dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-44021/ironic via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4162-1 for redis
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-22247/open-vm-tools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add commit references for CVE-2024-6505/qemu
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Add new screen issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add oss-security post reference for screen issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] open-vm-tools fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend rule for Eclipse
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2024-6505 and CVE-2024-7409 as postponed in bullseye LTS
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Remove qemu from dla-needed
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add reference for patches for CVE-2025-22247
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-46802
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for screen issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new INTEL-SA related CVE assignments
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for intel-microcode issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Sync some CVEs with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add intel-microcode to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4163-1 for rubygems
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2023-32181 in libeconf for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Remove notes from CVE-2025-4132 (withdrawn by CNA)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4164-1 for libeconf
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] LTS: claim thunderbird in dla-needed.txt
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] LTS: claim ansible in dla-needed.txt
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] Slightly reorder entries for CVE-2024-28956
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track as well src:linux for the kernel side of the mitigations
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new varnish issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add varnish to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-38797/edk2 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] claim openafs
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add two new nbdkit issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2025-4771{1,2}/nbdkit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-28956/xen
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-46802
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA based rule for SEL CNA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-32366/connman
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-32366/connman via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-12840
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-47177
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add open-vm-tools to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new kanboard issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] thunderbird: mfsa2025-27 CVEs are already fixed in unstable
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] varnish DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for nbdkit issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Clarify commits for CVE-2025-46825
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVEs from INTEL-SA-01247
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two CVEs from intel-microcode CVEs for INTEL-SA-01244
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend list for Microsoft
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Take care of releasing the prepared open-vm-tools update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA based rule for Digi products
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track additional nvidia-graphics-drivers-tesla-535 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47278/flask
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new file to track some open issues around auto-nfu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Centreon
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new golang-github-openpubkey-openpubkey, rather short of details
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Forescout
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Annotate that Santiago might look at tcpdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-4658 and CVE-2025-3757
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add TOTOLINK product matching issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note on concrete example where TOTOLINK auto-nfu will not work
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-4658: Make it a note instead of a concrete package assignment
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2024-45332
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE for varnish issue allocated
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] rust-crossbeam-channel CVEfied
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: add and claim open-vm-tools
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] virtualbox fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4165-1 for open-vm-tools
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-53146/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add chromium for dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new thunderbid issues from mfsa2025-34
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add thunderbird to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for open-vm-tools update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-47278/flask
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46836/net-tools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-29480
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-46836/net-tools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for new nodejs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2025-4478/gnome-remote-desktop
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: take firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46400/xfig
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes for libxml2 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2025-27533,activemq: link to fixing commit
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add net-tools to dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add syslog-ng to dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] dla: take net-tools
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2025-0004
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-46836/net-tools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-31073/level-zero
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Convert the old ipt'ed entries for centreon-web to NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for nodejs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update fig2dev CVEs which got re-assigned by RedHat CNA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-30346 was already included as well in DSA-5918-1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Shuffle packages which did not make it for bookworm-pu for 12.11 to the end of list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking for CVE-2024-53869 for nvidia-open-gpu-kernel-modules
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for National Instruments
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for TECNO Mobile
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Claim tcpdf in bullseye LTS
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Track fixes for thunderbird (mfsa2025-34) via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new python issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new node-dompurify issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new node-undici issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update CVE-2025-23167 for embedded llhttp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new grafana issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new soup issue, but most likely a duplicate
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] fixes-via-micro-releases: add wpewebkit
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Adjust reference for upstream issue for CVE-2025-4516
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference non-merge commit for CVE-2025-48050
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-48050
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new libavif issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2025-47279
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Use bugzilla id for CVE-2025-4123
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-47279/node-undici
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47928
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47287/python-tornado
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim dropbear in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add new batch of weechat issues WSA-2025-{1..7}
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add three 2023 issues libavif issues originating from Google Chrome
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new twitter-bootstrap3 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-37890/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-40907/libfcgi-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status of CVE-2023-6351 and CVE-2023-6350
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4166-1 for xrdp
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-48175/libavif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-48174/libavif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-47287
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-4476/libsoup3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2020-5225/simplesamlphp add patch reference
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag reference for CVE-2020-5225 and replicate reference to CVE-2020-5226
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference to SUSE report upstream for gnome-remote-desktop
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-1647
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Expand todo for CVE-2024-48869 since not yet clear
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4167-1 for thunderbird
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] Separate mimetex bugs into clones
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update list of fixed CVEs in thunderbird update
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-40445
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some CVEs for nextcloud-server, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47792/nextcloud-desktop
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4802/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4211/qt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-32962/flask-appbuilder
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-1975/ollama, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim syslog-ng in dla-needed.txt
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Remove entries for viagee (removed from bookworm)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark viagee now as removed from any supported suite
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-48188/pspp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-40906/libbson-xs-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-48188/pspp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-4478/gnome-remote-desktop
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-23167/node-undici
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track several fixes for weechat issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-47278/flask
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4168-1 for openafs
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for intel-microcode updates
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for libavif issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] claim package
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] dropbear spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track proposed update raptor2 via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4169-1 for dropbear
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47273/setuptools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new firefox issues from pwn2own
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track firefox fixes for mfsa2025-37 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track firefox issue fixed via unstable for mfsa2025-36 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-37880
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim intel-microcode in dla-needed.txt
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Remove mips64el for architectures for trixie and unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-4802: Add additional reference with more information
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-47273/setuptools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] firefox-esr DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] python-zipp spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Mark two Firefox ESR specific to 115 series as not-affected
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for mariadb issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for linux issues with unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for net-tools update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] jinja2 spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] python-tornado fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] nodejs fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4170-1 for intel-microcode
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Expand todo for CVE-2024-48869 with what we know so far
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new spring issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add python-tornado to dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] LTS: claim libreoffice in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Update status
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] LTS: claim python-tornado in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Track fixes for screen via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Sync two CVEs with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update CVEs for firefox-esr and firefsox from mfsa2025-36 and mfsa2025-37
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2025-46392,commons-configuration: bullseye is ignored
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-23166,nodejs: bullseye is not affected
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-37891/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: Note that I'm back to work on libsoup2.4
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] LTS: Extend note on libsoup2.4
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] LTS: Claim libmojolicious-perl in dla-needed.txt
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2024-58134 and CVE-2024-58135 as ignored for bullseye
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] LTS: Delete libmojolicious-perl from dla-needed.txt
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] LTS: Claim busybox in dla-needed.txt
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] LTS: Add note under busybox
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-4516/python3.9: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] lts: take openjdk
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] 2 commits: LTS: update notes on mongo-c-driver
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for gimp issue via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim u-boot in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-23165/nodejs: introductory commit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-4516/python3.9: fix dist
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim python-django.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: add libavif
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Sync CVE-2025-37758 with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim kitty in dla-needed.txt
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for two nodejs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Scpecify which CVE is for which scope for libmojolicious-perl issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-2509/virglrenderer
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Annotate fixing commit for CVE-2023-6704
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46801/pgpool2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference to fixing comming for CVE-2025-46801/pgpool2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-32022/finit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-46801/pgpool2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add information for CVE-2025-23122/nodejs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2025-23122
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Temporarily drop note about introducing commit for CVE-2023-6704
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: add openssl
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add two new libsoup issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add pgpool2 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Expand regular expression based rule for Campcodes
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-6501/network-manager: bullseye not-affected + introductory patch +...
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4171-1 for wireless-regdb
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-43966/libheif: mark as not-affected in bullseye
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4172-1 for firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4173-1 for openjdk-17
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4174-1 for openjdk-11
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Broadcom/CA Technologies
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47934/node-openpgp, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-44108/flatpress, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA rule for GE Vernova
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Re-triage CVE-2024-58134 for bullseye given new information
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Pure Storage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new openvpn3-client issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Unclaim libsoup2.4 with note
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] glib2.0 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add net-tools for regression update from DSA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: add qtbase-opensource-src
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: reference net-tools regression
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] pgpool2 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-58134/mojolicious: drop reference pull#2200 which was closed/ignored,...
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2015-0272/network-manager: Fix introducing version
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-37892/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from rejected (former Linux) CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from one more rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-58134/mojolicious: clarify my edit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-42125
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add pgpool2
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] python-flask-cors fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for some Linux CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: take openssl
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4175-1 for mongo-c-driver
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Add new batch of Linux CVEs assigned
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add more Linux CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add more Linux CVEs from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Merge more Linux CVEs from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove all bookworm tagged entries for linux/6.1.139-1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2025-0782 as rejected by CNA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47277/vllm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-30193/dnsdist
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-43967/libheif: mark as not-affected in bullseye
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-4390 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix source package name for CVE-2025-47928
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47290/containerd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for libsoup3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-3908/openvpn3-client
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-30193/dnsdist
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status CVE-2023-6704/libavif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-5001/pspp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4969/libsoup
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add dnsdist
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Update vmware rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] python3.13 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: add nextcloud-desktop
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add setuptools
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] new bind9 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] golang-golang-x-net fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: dispatch FD slots for second half of 2025
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Sync status for some CVEs with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update two CVEs syncing with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix spelling of two NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note for CVE-2024-58135 on why not considered fixed with 9.39
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: remove libheif, not affected
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] Sync status for some Linux CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim libavif in data/dla-needed.txt
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-4969/libsoup3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-5001/pspp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed verison for CVE-2025-30193/dnsdist via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new jq issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] nvidia-graphics-driver fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Revert "LTS: Delete libmojolicious-perl from dla-needed.txt"
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] nvidia-open-gpu-kernel-modules fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new containerd issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new jgit issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new gnome-remote-desktop issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new modsecurity-apache issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new gst-plugins-bad1.0 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] gstreamer n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Cisco product list
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for TIBCO
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new openssl issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-40775/bind9: reference patch
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Re-associate CVE-2025-4478 with freerdp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2025-3887
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-4575/openssl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-491{8,9}/thunderbird
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Revert "CVE-2025-43903/poppler: Add note that it might cause regression"
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-4969/libsoup2.4
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2025-4948
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim yelp
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add note for knot-resolver
Emmanuel Arias ( at eamanu)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-4948/libsoup2.4
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-47466/taglib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two asterisk issues which need checking
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] modsecurity-apache fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] poedit n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA rule for WSO2
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add Forcepoint
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add Ericsson
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] pglogical n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] firefox n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA rule for HYPR
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-53427/jq: update bullseye triage
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add glibc, for sync with elts, plus for possible static rebuilds
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-47947/modsecurity-apache: reference fix
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: grub2 status update
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-4918,CVE-2025-4919/thunderbird: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-4478/freerdp*: reference introductory commit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for intel-microcode update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Annotate that Lucas Kanashiro wants to help on yelp update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-40909/perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-4945/libsoup2.4
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream tag for CVE-2025-47947 commit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add modsecurity-apache to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-4478
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-53154/cjson
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add Network Monitor to product for Tenable products
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add another product for Microsoft NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add information for CVE-2025-48708
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for linux update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-3580/grafana
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two gitlab issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove todo item for CVE-2023-53154
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-25110/node-marked
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2019-16536/clickhouse
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add modsecurity-apache
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-40909/perl: follow bookworm
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: modsecurity-apache status update
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4176-1 for openssl
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-47779,CVE-2025-47780/asterisk: reference patches
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add clickhouse
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4177-1 for libphp-adodb
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-53427/jq: reference introductory commit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: take modsecurity-apache
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for DedeCMS
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4178-1 for linux
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] dla: take webpy
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add references for asterisk issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-5024/gnome-remote-desktop
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for asterisk issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark openjdk-20 as removed from everywhere supported
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark wine-development as removed from every supported suite
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] libraw spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark clickhouse as removed from sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] h2o removed from sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new assimp issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Drop notes on some rejected CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] jq fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: claim pgbouncer in dla-needed.txt
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Note MR for pgbouncer
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-37992/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim setuptools in dla-needed.txt
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] trixie triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add more info about CVE-2025-43966 and CVE-2025-43967
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for assimp issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-4478/freerdp3 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Expand commit id references for CVE-2025-4396{6,7}
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference lower bound for CVE-2025-43966
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2019-10871/poppler: drop stretch,jessie triage to revise in elts
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add new batch of CVEs for assimp issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2017-14617/poppler: reference additional fix for older versions
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4179-1 for libavif
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] new gimp issues, these might be fixed in 3.0.0
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new icu issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4180-1 for pgbouncer
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-37051/poppler: reference introductory commit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for vBulletin
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new assimp issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new nagvis issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4181-1 for glibc
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] asterisk fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update notes for CVE-2024-58135
Sean Whitton ( at spwhitton)
- [Git][security-tracker-team/security-tracker][master] Add firefox issues from mfsa2025-42
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2025-44
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-58135/libmojolicious-perl: unbreak link in web ui
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Make long note block wrap bit later to make it shorter
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-48796/gimp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-4879{6,7}/gimp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream issue for CVE-2025-5222/icu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-47273/setuptools via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-5222/icu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-5204/assimp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for nagvis issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note about krb5/dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Retake krb5/dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Remove notes from now rejected CVE-2025-5262
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-48383/django-select2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-48057/icinga2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-52968/mariadb
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add new libvpx issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] fix CVE-2023-52968/mariadb
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add thunderbird issues from mfsa2025-46
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add assigned CVE for libvpx
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add mozilla source packages for CVE-2025-5283
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes for chromium via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-5283/libvpx via untable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: claim pgpool2 and pgagent together
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2025-5278
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-40911/libnet-cidr-set-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes for firefox via unsable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new binutils issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-23247/nvidia-cuda-toolkit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference flor libnet-cidr-set-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4947/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] nagvis fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-5025/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] add coreutils references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4182-1 for syslog-ng
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] cyrus-imapd n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libnet-cidr-set-perl fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] firefox-esr fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4183-1 for setuptools
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] openvpn3-client fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] icinga2 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: claim mydumper in dla-needed.txt
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] Add info about mydumper
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] add references for coreutils and yelp
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] setuptools spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] yelp DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new kea issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new commons-beanutils issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4184-1 for yelp
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4185-1 for yelp-xsl
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] dla: take gimp
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for libvpx update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-38576,edk2: link to fixing commit
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4187-1 for varnish
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-23247
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-5278/coreutils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2025-30224/mydumper
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust source package name for CVE-2025-3280{1,2,3}/isc-kea
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2025-48734
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-4575/openssl via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for isc-kea issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference regression fix for original bugfix for CVE-2025-46836
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA for regression update for net-tools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] claim espeak-ng
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Track fixes for linux issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4188-1 for python-tornado
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-48734/commons-beanutils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-48383
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update mariadb version pending via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update todo for CVE-2025-23090
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Claim asterisk in dla-needed.txt
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-24374,php-twig: bullseye is ignored
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Remove space/typofix for NOTE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] dla: take libvpx
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4189-1 for webpy
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-40909: Reference squashed version of fix for helping backports
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2025-40775
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-2746{2,3,4} for Windows WinPVDrivers
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add initial information for CVE-2025-5054 and CVE-2025-4598
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking for glibc update via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-4598/systemd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for libavif update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update notes for CVE-2025-4598/systemd
Luca Boccassi ( at bluca)
- [Git][security-tracker-team/security-tracker][master] Remove bookworm tagged entry for CVE-2025-4598/systemd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2025-4598
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4190-1 for mydumper
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] Add two new issues for vllm, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add one new issue in mattermost-server, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4191-1 for firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4192-1 for modsecurity-apache
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Correct CVE id for modsecurity-apache
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for systemd update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-30224 as no-dsa for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed fix for mydumper via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-22653/yasm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-22654/tcpreplay
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-27151/redis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-27151/redis,redict,valkey update
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4193-1 for linux-6.1
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-48383/django-select2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46701/tomcat*
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2020-36846/libio-compress-brotli-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for tomcat issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for redis, redict and valkey issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Argo CD
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47952/traefik
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4194-1 for thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add two additional CVEs to DLA-4194-1/thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] elts: add systemd
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4195-1 for krb5
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Take bootstrap3/dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4196-1 for kmail-account-wizard
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-3818/webpy as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for webpy via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new hdf5 issues (unclear upstream report status)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-44906/jhead
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2025-5222/icu in upstream git repository
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-48946/liboqs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some new vllm issues (itp'ed)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add status for CVE-2025-48938
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some mattermost-server issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-1763/gitlab, mark as specific to EE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim systemd in data/dla-needed.txt
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Add additional regression patch URL for CVE-2024-24680/python-django.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] LTS: claim symfony in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2024-6839
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Minor rephrasing
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Update CVE-2024-6866
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Update CVE-2024-6221
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4197-1 for python-flask-cors
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Reference advisory for CVE-2025-40909
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-5222/icu via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from one now invalid CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: add a note for espeak-ng
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add some commit prefixes for CVE-2024-24680 to clarify regression fix
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2024-6839
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Restore for now package note for CVE-2024-6844 as we need to revisit the assessment yet
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-6866: Restore for now package note as we need to assess the state
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4199-1 for tcpdf
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-43929/kitty Add link to PoC.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2024-{50340,50342,51996}/symfony for bullseye
Guilhem Moulin ( at guilhem)
Last message date:
Sat May 31 17:14:23 BST 2025
Archived on: Sat May 31 17:14:27 BST 2025
This archive was generated by
Pipermail 0.09 (Mailman edition).